New-​Azure​Rm​Application​Gateway​Web​Application​Firewall​Configuration

Creates a WAF configuration for an application gateway.

Syntax

New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
   [-DisabledRuleGroups <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]>]
   -Enabled <Boolean>
   -FirewallMode <String>
   [-RuleSetType <String>]
   [-RuleSetVersion <String>]
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]

Description

The New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration cmdlet creates a web application firewall (WAF) configuration for an Azure application gateway.

Examples

Example 1: Create a web application firewall configuration for an application gateway

PS C:\> $disabledRuleGroup1 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-942-APPLICATION-ATTACK-SQLI" -Rules 942130,942140
PS C:\> $disabledRuleGroup2 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-921-PROTOCOL-ATTACK"
PS C:\> $firewallConfig = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention" -RuleSetType "OWASP" -RuleSetVersion "3.0" -DisabledRuleGroups $disabledRuleGroup1,$disabledRuleGroup2

The first command creates a new disabled rule group configuration for the rule group named "REQUEST-942-APPLICATION-ATTACK-SQLI" with rule 942130 and rule 942140 being disabled. The second command creates another disabled rule group configuration for a rule group named "REQUEST-921-PROTOCOL-ATTACK". No rules are specifically passed and thus all rules of the rule group will be disabled. The last command then creates a WAF configuration with firewall rules disabled as configured in $disabledRuleGroup1 and $disabledRuleGroup2. The new WAF configuration is stored in the $firewallConfig variable.

Required Parameters

-Enabled

Indicates whether the WAF is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FirewallMode

Specifies the web application firewall mode. The acceptable values for this parameter are:

  • Detection
  • Prevention
Type:String
Parameter Sets:Detection, Prevention
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DisabledRuleGroups

The disabled rule groups.

Type:System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RuleSetType

The type of the web application firewall rule set. The acceptable values for this parameter are:

  • OWASP
Type:String
Parameter Sets:OWASP
Position:Named
Default value:OWASP
Accept pipeline input:False
Accept wildcard characters:False
-RuleSetVersion

The version of the rule set type. The acceptable values for this parameter are:

  • 3.0
  • 2.2.9
Type:String
Parameter Sets:3.0, 2.2.9
Position:Named
Default value:3.0
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallConfiguration