New-AzApplicationGatewayFirewallCustomRule

Creates a new custom rule for the application gateway firewall policy.

Syntax

New-AzApplicationGatewayFirewallCustomRule
   -Name <String>
   -Priority <Int32>
   [-RateLimitDuration <String>]
   [-RateLimitThreshold <Int32>]
   -RuleType <String>
   -MatchCondition <PSApplicationGatewayFirewallCondition[]>
   [-GroupByUserSession <PSApplicationGatewayFirewallCustomRuleGroupByUserSession[]>]
   -Action <String>
   [-State <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzApplicationGatewayFirewallCustomRule creates a custom rule for firewall policy.

Examples

Example 1

New-AzApplicationGatewayFirewallCustomRule -Name example-rule -Priority 1 -RuleType MatchRule -MatchCondition $condtion -Action Allow

Name                : example-rule
Priority            : 1
RuleType            : MatchRule
MatchConditions     : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCondition}
Action              : Allow
State               : Enabled
MatchConditionsText : [
                        {
                          "MatchVariables": [
                            {
                              "VariableName": "RequestHeaders",
                              "Selector": "Malicious-Header"
                            }
                          ],
                          "OperatorProperty": "Any",
                          "NegationConditon": false
                        }
                      ]

The command creates a new custom rule with name of example-rule, priority 1 and the rule type will be MatchRule with condition defined in the condition variable, the action will the allow.

Example 2

New-AzApplicationGatewayFirewallCustomRule -Name example-rule -Priority 2 -RuleType MatchRule -MatchCondition $condition -Action Allow -State Disabled

Name                : example-rule
Priority            : 2
RuleType            : MatchRule
MatchConditions     : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCondition}
Action              : Allow
State               : Disabled
MatchConditionsText : [
                        {
                          "MatchVariables": [
                            {
                              "VariableName": "RequestHeaders",
                              "Selector": "Malicious-Header"
                            }
                          ],
                          "OperatorProperty": "Any",
                          "NegationConditon": false
                        }
                      ]

The command creates a new custom rule with name of example-rule, state as Disabled, priority 2 and the rule type will be MatchRule with condition defined in the condition variable, the action will the allow.

Example 3

New-AzApplicationGatewayFirewallCustomRule -Name RateLimitRule3 -Priority 3 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Allow -State Disabled

Name                : RateLimitRule3
Priority            : 3
RateLimitDuration   : OneMin
RateLimitThreshold  : 10
RuleType            : RateLimitRule
MatchConditions     : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCondition}
GroupByUserSession  : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCustomRuleGroupByUserSession}
Action              : Allow
State               : Disabled
MatchConditionsText : [
                        {
                          "MatchVariables": [
                            {
                              "VariableName": "RequestHeaders",
                              "Selector": "Malicious-Header"
                            }
                          ],
                          "OperatorProperty": "Any",
                          "NegationConditon": false
                        }
                      ]
GroupByUserSessionText : [
                        {
                          "groupByVariables": [
                            {
                              "variableName": "ClientAddr"
                            }
                          ]
                        }
                      ]

The command creates a new custom rule with name of RateLimitRule3, state as Disabled, priority 3, RateLimitDuration OneMin, RateLimitThreshold 10 and the rule type will be RateLimitRule with condition defined in the condition variable, the action will the allow, the GroupByUserSession defined in the GroupByUserSession condition variable.

Parameters

-Action

Type of Actions.

Type:String
Accepted values:Allow, Block, Log
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GroupByUserSession

List of match conditions.

Type:PSApplicationGatewayFirewallCustomRuleGroupByUserSession[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MatchCondition

List of match conditions.

Type:PSApplicationGatewayFirewallCondition[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Name

The Name of the Rule.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Priority

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

Type:Int32
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-RateLimitDuration

Describes duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

Type:String
Accepted values:OneMin, FiveMins
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RateLimitThreshold

Describes rate limit threshold. Applies only when ruleType is RateLimitRule.Accepted range for this value is 1 - 5000.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RuleType

Describes type of rule.

Type:String
Accepted values:MatchRule, RateLimitRule
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-State

State variable of the custom rule.

Type:String
Accepted values:Disabled, Enabled
Position:Named
Default value:Enabled
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

PSApplicationGatewayFirewallCustomRule