Web application firewall settings - az network application-gateway waf-config

Configure the settings of a web application firewall.

This command is only applicable to application gateways with SKU type of WAF.

Commands

az network application-gateway waf-config list-rule-sets (PREVIEW) Lookup information on available WAF rule sets, rule groups, and rule IDs.
az network application-gateway waf-config set Update the firewall configuration of a web application.
az network application-gateway waf-config show Show the firewall configuration of a web application.

az network application-gateway waf-config list-rule-sets

(PREVIEW) Lookup information on available WAF rule sets, rule groups, and rule IDs.

az network application-gateway waf-config list-rule-sets [--group]
[--type]
[--version]

Examples

List available rule groups in OWASP type rule sets.

az network application-gateway waf-config list-rule-sets --type OWASP

List available rules in the OWASP 3.0 rule set.

az network application-gateway waf-config list-rule-sets --group * --type OWASP --version 3.0

List available rules in the 'crs_35_bad_robots' rule group.

az network application-gateway waf-config list-rule-sets --group crs_35_bad_robots

Optional Parameters

--group

List rules for the specified rule group. Use '*' to list rules for all groups. Omit to suppress listing individual rules.

--type

Rule set type to list. Omit to list all types.

--version

Rule set version to list. Omit to list all versions.

az network application-gateway waf-config set

Update the firewall configuration of a web application.

az network application-gateway waf-config set --enabled {false, true}
--gateway-name
--resource-group
[--disabled-rule-groups]
[--disabled-rules]
[--firewall-mode {Detection, Prevention}]
[--no-wait]
[--rule-set-type]
[--rule-set-version]

Required Parameters

--enabled

Specify whether the application firewall is enabled.

accepted values: false, true
--gateway-name

The name of the application gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--disabled-rule-groups

Space separated list of rule groups to disable. This disables the entire group. To disable specifc rules, use '--disabled-rule-ids'.

value from: az application-gateway waf-config list-rule-sets
--disabled-rules

Space separated list of rule IDs to disable.

value from: az application-gateway waf-config list-rule-sets
--firewall-mode

Web application firewall mode.

accepted values: Detection, Prevention
default value: Detection
--no-wait

Do not wait for the long running operation to finish.

--rule-set-type

Rule set type.

default value: OWASP
value from: az application-gateway waf-config list-rule-sets
--rule-set-version

Rule set version.

value from: az application-gateway waf-config list-rule-sets

az network application-gateway waf-config show

Show the firewall configuration of a web application.

az network application-gateway waf-config show --gateway-name
--resource-group

Required Parameters

--gateway-name

The name of the application gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.