Microsoft.Network ApplicationGatewayWebApplicationFirewallPolicies 2020-07-01
12/28/2020
4 minutes to read
In this article
To create a Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies",
"apiVersion": "2020-07-01",
"location": "string",
"tags": {},
"properties": {
"policySettings": {
"state": "string",
"mode": "string",
"requestBodyCheck": "boolean",
"maxRequestBodySizeInKb": "integer",
"fileUploadLimitInMb": "integer"
},
"customRules": [
{
"name": "string",
"priority": "integer",
"ruleType": "string",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "string",
"selector": "string"
}
],
"operator": "string",
"negationConditon": "boolean",
"matchValues": [
"string"
],
"transforms": [
"string"
]
}
],
"action": "string"
}
],
"managedRules": {
"exclusions": [
{
"matchVariable": "string",
"selectorMatchOperator": "string",
"selector": "string"
}
],
"managedRuleSets": [
{
"ruleSetType": "string",
"ruleSetVersion": "string",
"ruleGroupOverrides": [
{
"ruleGroupName": "string",
"rules": [
{
"ruleId": "string",
"state": "Disabled"
}
]
}
]
}
]
}
}
}
Bicep is currently in preview. For more information, see Project Bicep .
resource symbolicname 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2020-07-01' = {
name: 'string'
location: 'string'
tags: {}
properties: {
policySettings: {
state: 'string'
mode: 'string'
requestBodyCheck: bool
maxRequestBodySizeInKb: int
fileUploadLimitInMb: int
}
customRules: [
{
name: 'string'
priority: int
ruleType: 'string'
matchConditions: [
{
matchVariables: [
{
variableName: 'string'
selector: 'string'
}
]
operator: 'string'
negationConditon: bool
matchValues: [
'string'
]
transforms: [
'string'
]
}
]
action: 'string'
}
]
managedRules: {
exclusions: [
{
matchVariable: 'string'
selectorMatchOperator: 'string'
selector: 'string'
}
]
managedRuleSets: [
{
ruleSetType: 'string'
ruleSetVersion: 'string'
ruleGroupOverrides: [
{
ruleGroupName: 'string'
rules: [
{
ruleId: 'string'
state: 'Disabled'
}
]
}
]
}
]
}
}
}
Property values
The following tables describe the values you need to set in the schema.
Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies object
Note
In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.
Name
Type
Required
Value
name
string
Yes
The name of the policy.
type
enum
Yes
For JSON - Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies
apiVersion
enum
Yes
For JSON - 2020-07-01
location
string
Yes
Resource location.
tags
object
No
Resource tags.
properties
object
Yes
Properties of the web application firewall policy. - WebApplicationFirewallPolicyPropertiesFormat object
PolicySettings object
Name
Type
Required
Value
state
enum
No
The state of the policy. - Disabled or Enabled
mode
enum
No
The mode of the policy. - Prevention or Detection
requestBodyCheck
boolean
No
Whether to allow WAF to check request Body.
maxRequestBodySizeInKb
integer
No
Maximum request body size in Kb for WAF.
fileUploadLimitInMb
integer
No
Maximum file upload size in Mb for WAF.
WebApplicationFirewallCustomRule object
Name
Type
Required
Value
name
string
No
The name of the resource that is unique within a policy. This name can be used to access the resource.
priority
integer
Yes
Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
ruleType
enum
Yes
The rule type. - MatchRule or Invalid
matchConditions
array
Yes
List of match conditions. - MatchCondition object
action
enum
Yes
Type of Actions. - Allow, Block, Log
ManagedRulesDefinition object
MatchCondition object
Name
Type
Required
Value
matchVariables
array
Yes
List of match variables. - MatchVariable object
operator
enum
Yes
The operator to be matched. - IPMatch, Equal, Contains, LessThan, GreaterThan, LessThanOrEqual, GreaterThanOrEqual, BeginsWith, EndsWith, Regex, GeoMatch
negationConditon
boolean
No
Whether this is negate condition or not.
matchValues
array
Yes
Match value. - string
transforms
array
No
List of transforms. - Lowercase, Trim, UrlDecode, UrlEncode, RemoveNulls, HtmlEntityDecode
OwaspCrsExclusionEntry object
Name
Type
Required
Value
matchVariable
enum
Yes
The variable to be excluded. - RequestHeaderNames, RequestCookieNames, RequestArgNames
selectorMatchOperator
enum
Yes
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. - Equals, Contains, StartsWith, EndsWith, EqualsAny
selector
string
Yes
When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.
ManagedRuleSet object
Name
Type
Required
Value
ruleSetType
string
Yes
Defines the rule set type to use.
ruleSetVersion
string
Yes
Defines the version of the rule set to use.
ruleGroupOverrides
array
No
Defines the rule group overrides to apply to the rule set. - ManagedRuleGroupOverride object
MatchVariable object
Name
Type
Required
Value
variableName
enum
Yes
Match Variable. - RemoteAddr, RequestMethod, QueryString, PostArgs, RequestUri, RequestHeaders, RequestBody, RequestCookies
selector
string
No
The selector of match variable.
ManagedRuleGroupOverride object
Name
Type
Required
Value
ruleGroupName
string
Yes
The managed rule group to override.
rules
array
No
List of rules that will be disabled. If none specified, all rules in the group will be disabled. - ManagedRuleOverride object
ManagedRuleOverride object
Name
Type
Required
Value
ruleId
string
Yes
Identifier for the managed rule.
state
enum
No
The state of the managed rule. Defaults to Disabled if not specified. - Disabled
Quickstart templates
The following quickstart templates deploy this resource type.
