New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration

Creates a WAF configuration for an application gateway.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
   -Enabled <Boolean>
   -FirewallMode <String>
   [-RuleSetType <String>]
   [-RuleSetVersion <String>]
   [-DisabledRuleGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]>]
   [-RequestBodyCheck <Boolean>]
   [-MaxRequestBodySizeInKb <Int32>]
   [-FileUploadLimitInMb <Int32>]
   [-Exclusion <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallExclusion]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration cmdlet creates a web application firewall (WAF) configuration for an Azure application gateway.

Examples

Example 1: Create a web application firewall configuration for an application gateway

PS C:\> $disabledRuleGroup1 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-942-APPLICATION-ATTACK-SQLI" -Rules 942130,942140
PS C:\> $disabledRuleGroup2 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-921-PROTOCOL-ATTACK"
PS C:\> $firewallConfig = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention" -RuleSetType "OWASP" -RuleSetVersion "3.0" -DisabledRuleGroups $disabledRuleGroup1,$disabledRuleGroup2

The first command creates a new disabled rule group configuration for the rule group named "REQUEST-942-APPLICATION-ATTACK-SQLI" with rule 942130 and rule 942140 being disabled. The second command creates another disabled rule group configuration for a rule group named "REQUEST-921-PROTOCOL-ATTACK". No rules are specifically passed and thus all rules of the rule group will be disabled. The last command then creates a WAF configuration with firewall rules disabled as configured in $disabledRuleGroup1 and $disabledRuleGroup2. The new WAF configuration is stored in the $firewallConfig variable.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisabledRuleGroup

The disabled rule groups.

Type:List<T>[PSApplicationGatewayFirewallDisabledRuleGroup]
Aliases:DisabledRuleGroups
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Enabled

Indicates whether the WAF is enabled.

Type:Boolean
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Exclusion

The exclusion lists.

Type:List<T>[PSApplicationGatewayFirewallExclusion]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FileUploadLimitInMb

Max file upload limit in MB.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FirewallMode

Specifies the web application firewall mode. The acceptable values for this parameter are:

  • Detection
  • Prevention
Type:String
Accepted values:Detection, Prevention
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-MaxRequestBodySizeInKb

Max request body size in KB.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequestBodyCheck

Whether request body is checked or not.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RuleSetType

The type of the web application firewall rule set. The acceptable values for this parameter are:

  • OWASP
Type:String
Accepted values:OWASP
Position:Named
Default value:OWASP
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RuleSetVersion

The version of the rule set type. The acceptable values for this parameter are:

  • 3.0
  • 2.2.9
Type:String
Accepted values:3.0, 2.2.9
Position:Named
Default value:3.0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

PSApplicationGatewayWebApplicationFirewallConfiguration