New-AzApplicationGatewayWebApplicationFirewallConfiguration

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Module:

Az.Network

Creates a WAF configuration for an application gateway.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

New-AzApplicationGatewayWebApplicationFirewallConfiguration
   -Enabled <Boolean>
   -FirewallMode <String>
   [-RuleSetType <String>]
   [-RuleSetVersion <String>]
   [-DisabledRuleGroup <PSApplicationGatewayFirewallDisabledRuleGroup[]>]
   [-RequestBodyCheck <Boolean>]
   [-MaxRequestBodySizeInKb <Int32>]
   [-FileUploadLimitInMb <Int32>]
   [-Exclusion <PSApplicationGatewayFirewallExclusion[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzApplicationGatewayWebApplicationFirewallConfiguration cmdlet creates a web application firewall (WAF) configuration for an Azure application gateway.

Examples

Example 1: Create a web application firewall configuration for an application gateway

PS C:\> $disabledRuleGroup1 = New-AzApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-942-APPLICATION-ATTACK-SQLI" -Rules 942130,942140
PS C:\> $disabledRuleGroup2 = New-AzApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-921-PROTOCOL-ATTACK"
PS C:\> $firewallConfig = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention" -RuleSetType "OWASP" -RuleSetVersion "3.0" -DisabledRuleGroups $disabledRuleGroup1,$disabledRuleGroup2

The first command creates a new disabled rule group configuration for the rule group named "REQUEST-942-APPLICATION-ATTACK-SQLI" with rule 942130 and rule 942140 being disabled. The second command creates another disabled rule group configuration for a rule group named "REQUEST-921-PROTOCOL-ATTACK". No rules are specifically passed and thus all rules of the rule group will be disabled. The last command then creates a WAF configuration with firewall rules disabled as configured in $disabledRuleGroup1 and $disabledRuleGroup2. The new WAF configuration is stored in the $firewallConfig variable.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DisabledRuleGroup

The disabled rule groups.

Type:	PSApplicationGatewayFirewallDisabledRuleGroup[]
Aliases:	DisabledRuleGroups
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Enabled

Indicates whether the WAF is enabled.

Type:	Boolean
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Exclusion

The exclusion lists.

Type:	PSApplicationGatewayFirewallExclusion[]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-FileUploadLimitInMb

Max file upload limit in MB.

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-FirewallMode

Specifies the web application firewall mode. The acceptable values for this parameter are:

• Detection
• Prevention

Type:	String
Accepted values:	Detection, Prevention
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-MaxRequestBodySizeInKb

Max request body size in KB.

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-RequestBodyCheck

Whether request body is checked or not.

Type:	Boolean
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-RuleSetType

The type of the web application firewall rule set. The acceptable values for this parameter are:

• OWASP

Type:	String
Accepted values:	OWASP
Position:	Named
Default value:	OWASP
Accept pipeline input:	False
Accept wildcard characters:	False

-RuleSetVersion

The version of the rule set type.

Type:	String
Position:	Named
Default value:	3.0
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

None

Outputs

PSApplicationGatewayWebApplicationFirewallConfiguration

Related Links

• Get-AzApplicationGatewayWebApplicationFirewallConfiguration
• Set-AzApplicationGatewayWebApplicationFirewallConfiguration