Microsoft.Network ApplicationGatewayWebApplicationFirewallPolicies 2019-04-01
- Latest
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
Bicep resource definition
The ApplicationGatewayWebApplicationFirewallPolicies resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2019-04-01' = {
etag: 'string'
location: 'string'
name: 'string'
properties: {
customRules: [
{
action: 'string'
matchConditions: [
{
matchValues: [
'string'
]
matchVariables: [
{
selector: 'string'
variableName: 'string'
}
]
negationConditon: bool
operator: 'string'
transforms: [
'string'
]
}
]
name: 'string'
priority: int
ruleType: 'string'
}
]
policySettings: {
enabledState: 'string'
mode: 'string'
}
}
tags: {
{customized property}: 'string'
}
}
Property values
MatchCondition
| Name | Description | Value |
|---|---|---|
| matchValues | Match value. | string[] (required) |
| matchVariables | List of match variables. | MatchVariable[] (required) |
| negationConditon | Describes if this is negate condition or not. | bool |
| operator | Describes operator to be matched. | 'BeginsWith' 'Contains' 'EndsWith' 'Equal' 'GreaterThan' 'GreaterThanOrEqual' 'IPMatch' 'LessThan' 'LessThanOrEqual' 'Regex' (required) |
| transforms | List of transforms. | String array containing any of: 'HtmlEntityDecode' 'Lowercase' 'RemoveNulls' 'Trim' 'UrlDecode' 'UrlEncode' |
MatchVariable
| Name | Description | Value |
|---|---|---|
| selector | Describes field of the matchVariable collection. | string |
| variableName | Match Variable. | 'PostArgs' 'QueryString' 'RemoteAddr' 'RequestBody' 'RequestCookies' 'RequestHeaders' 'RequestMethod' 'RequestUri' (required) |
Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string |
| location | Resource location. | string |
| name | The resource name | string Constraints: Max length = (required) |
| properties | Properties of the web application firewall policy. | WebApplicationFirewallPolicyPropertiesFormat |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
PolicySettings
| Name | Description | Value |
|---|---|---|
| enabledState | Describes if the policy is in enabled state or disabled state. | 'Disabled' 'Enabled' |
| mode | Describes if it is in detection mode or prevention mode at policy level. | 'Detection' 'Prevention' |
ResourceTags
| Name | Description | Value |
|---|
WebApplicationFirewallCustomRule
| Name | Description | Value |
|---|---|---|
| action | Type of Actions. | 'Allow' 'Block' 'Log' (required) |
| matchConditions | List of match conditions. | MatchCondition[] (required) |
| name | Gets name of the resource that is unique within a policy. This name can be used to access the resource. | string Constraints: Max length = |
| priority | Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. | int (required) |
| ruleType | Describes type of rule. | 'Invalid' 'MatchRule' (required) |
WebApplicationFirewallPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| customRules | Describes custom rules inside the policy. | WebApplicationFirewallCustomRule[] |
| policySettings | Describes policySettings for policy. | PolicySettings |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| Application Gateway with WAF and firewall policy | This template creates an Application Gateway with WAF configured along with a firewall policy |
| Create an Azure WAF v2 on Azure Application Gateway | This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
| Front Door Standard/Premium with Application Gateway origin | This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
| Front Door with Container Instances and Application Gateway | This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
ARM template resource definition
The ApplicationGatewayWebApplicationFirewallPolicies resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies resource, add the following JSON to your template.
{
"type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies",
"apiVersion": "2019-04-01",
"name": "string",
"etag": "string",
"location": "string",
"properties": {
"customRules": [
{
"action": "string",
"matchConditions": [
{
"matchValues": [ "string" ],
"matchVariables": [
{
"selector": "string",
"variableName": "string"
}
],
"negationConditon": "bool",
"operator": "string",
"transforms": [ "string" ]
}
],
"name": "string",
"priority": "int",
"ruleType": "string"
}
],
"policySettings": {
"enabledState": "string",
"mode": "string"
}
},
"tags": {
"{customized property}": "string"
}
}
Property values
MatchCondition
| Name | Description | Value |
|---|---|---|
| matchValues | Match value. | string[] (required) |
| matchVariables | List of match variables. | MatchVariable[] (required) |
| negationConditon | Describes if this is negate condition or not. | bool |
| operator | Describes operator to be matched. | 'BeginsWith' 'Contains' 'EndsWith' 'Equal' 'GreaterThan' 'GreaterThanOrEqual' 'IPMatch' 'LessThan' 'LessThanOrEqual' 'Regex' (required) |
| transforms | List of transforms. | String array containing any of: 'HtmlEntityDecode' 'Lowercase' 'RemoveNulls' 'Trim' 'UrlDecode' 'UrlEncode' |
MatchVariable
| Name | Description | Value |
|---|---|---|
| selector | Describes field of the matchVariable collection. | string |
| variableName | Match Variable. | 'PostArgs' 'QueryString' 'RemoteAddr' 'RequestBody' 'RequestCookies' 'RequestHeaders' 'RequestMethod' 'RequestUri' (required) |
Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2019-04-01' |
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string |
| location | Resource location. | string |
| name | The resource name | string Constraints: Max length = (required) |
| properties | Properties of the web application firewall policy. | WebApplicationFirewallPolicyPropertiesFormat |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies' |
PolicySettings
| Name | Description | Value |
|---|---|---|
| enabledState | Describes if the policy is in enabled state or disabled state. | 'Disabled' 'Enabled' |
| mode | Describes if it is in detection mode or prevention mode at policy level. | 'Detection' 'Prevention' |
ResourceTags
| Name | Description | Value |
|---|
WebApplicationFirewallCustomRule
| Name | Description | Value |
|---|---|---|
| action | Type of Actions. | 'Allow' 'Block' 'Log' (required) |
| matchConditions | List of match conditions. | MatchCondition[] (required) |
| name | Gets name of the resource that is unique within a policy. This name can be used to access the resource. | string Constraints: Max length = |
| priority | Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. | int (required) |
| ruleType | Describes type of rule. | 'Invalid' 'MatchRule' (required) |
WebApplicationFirewallPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| customRules | Describes custom rules inside the policy. | WebApplicationFirewallCustomRule[] |
| policySettings | Describes policySettings for policy. | PolicySettings |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Create an Azure WAF v2 on Azure Application Gateway |
This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool |
| Front Door Standard/Premium with Application Gateway origin |
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin. |
| Front Door with Container Instances and Application Gateway |
This template creates a Front Door Standard/Premium with a container group and Application Gateway. |
Terraform (AzAPI provider) resource definition
The ApplicationGatewayWebApplicationFirewallPolicies resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2019-04-01"
name = "string"
etag = "string"
location = "string"
body = jsonencode({
properties = {
customRules = [
{
action = "string"
matchConditions = [
{
matchValues = [
"string"
]
matchVariables = [
{
selector = "string"
variableName = "string"
}
]
negationConditon = bool
operator = "string"
transforms = [
"string"
]
}
]
name = "string"
priority = int
ruleType = "string"
}
]
policySettings = {
enabledState = "string"
mode = "string"
}
}
})
tags = {
{customized property} = "string"
}
}
Property values
MatchCondition
| Name | Description | Value |
|---|---|---|
| matchValues | Match value. | string[] (required) |
| matchVariables | List of match variables. | MatchVariable[] (required) |
| negationConditon | Describes if this is negate condition or not. | bool |
| operator | Describes operator to be matched. | 'BeginsWith' 'Contains' 'EndsWith' 'Equal' 'GreaterThan' 'GreaterThanOrEqual' 'IPMatch' 'LessThan' 'LessThanOrEqual' 'Regex' (required) |
| transforms | List of transforms. | String array containing any of: 'HtmlEntityDecode' 'Lowercase' 'RemoveNulls' 'Trim' 'UrlDecode' 'UrlEncode' |
MatchVariable
| Name | Description | Value |
|---|---|---|
| selector | Describes field of the matchVariable collection. | string |
| variableName | Match Variable. | 'PostArgs' 'QueryString' 'RemoteAddr' 'RequestBody' 'RequestCookies' 'RequestHeaders' 'RequestMethod' 'RequestUri' (required) |
Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string |
| location | Resource location. | string |
| name | The resource name | string Constraints: Max length = (required) |
| properties | Properties of the web application firewall policy. | WebApplicationFirewallPolicyPropertiesFormat |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2019-04-01" |
PolicySettings
| Name | Description | Value |
|---|---|---|
| enabledState | Describes if the policy is in enabled state or disabled state. | 'Disabled' 'Enabled' |
| mode | Describes if it is in detection mode or prevention mode at policy level. | 'Detection' 'Prevention' |
ResourceTags
| Name | Description | Value |
|---|
WebApplicationFirewallCustomRule
| Name | Description | Value |
|---|---|---|
| action | Type of Actions. | 'Allow' 'Block' 'Log' (required) |
| matchConditions | List of match conditions. | MatchCondition[] (required) |
| name | Gets name of the resource that is unique within a policy. This name can be used to access the resource. | string Constraints: Max length = |
| priority | Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. | int (required) |
| ruleType | Describes type of rule. | 'Invalid' 'MatchRule' (required) |
WebApplicationFirewallPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| customRules | Describes custom rules inside the policy. | WebApplicationFirewallCustomRule[] |
| policySettings | Describes policySettings for policy. | PolicySettings |