Azure CDN WebApplicationFirewallManagement
APIs to manage web application firewall rules for Azure CDN
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "APIs to manage web application firewall rules for Azure CDN",
"title": "Azure CDN WebApplicationFirewallManagement",
"version": "2019-06-15-preview",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/cdn/resource-manager/Microsoft.Cdn/preview/2019-06-15-preview/cdnwebapplicationfirewall.json",
"version": "2.0"
}
],
"x-providerName": "azure.com",
"x-serviceName": "cdn-cdnwebapplicationfirewall",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow.",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"ApiVersionParameter": {
"description": "Version of the API to be used with the client request. Current version is 2017-04-02.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
"PolicyNameParameter": {
"description": "The name of the CdnWebApplicationFirewallPolicy.",
"in": "path",
"maxLength": 128,
"name": "policyName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"ResourceGroupNameParameter": {
"description": "Name of the Resource group within the Azure subscription.",
"in": "path",
"maxLength": 80,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"SubscriptionIdParameter": {
"description": "Azure Subscription ID.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Cdn/CdnWebApplicationFirewallManagedRuleSets": {
"get": {
"description": "Lists all available managed rule sets.",
"operationId": "ManagedRuleSets_List",
"parameters": [
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Success. The operation returns a list of all available web application firewall managed rule sets.",
"schema": {
"$ref": "#/definitions/ManagedRuleSetDefinitionList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response indicates CDN service is not able to process the incoming request. The reason is provided in the error message.",
"properties": {
"code": {
"description": "Error code.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
},
"tags": [
"WebApplicationFirewallManagedRuleSets"
],
"x-ms-examples": {
"List Policies in a Resource Group": {
"parameters": {
"api-version": "2019-06-15-preview",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/subid/providers/Microsoft.Cdn/CdnWebApplicationFirewallManagedRuleSets",
"name": "DefaultRuleSet_1.0",
"properties": {
"provisioningState": "Succeeded",
"ruleGroups": [
{
"description": "Description for rule group 1.",
"ruleGroupName": "Group1",
"rules": [
{
"description": "Generic managed web application firewall rule.",
"ruleId": "GROUP1-0001"
},
{
"description": "Generic managed web application firewall rule.",
"ruleId": "GROUP1-0002"
}
]
},
{
"description": "Description for rule group 2.",
"ruleGroupName": "Group2",
"rules": [
{
"description": "Generic managed web application firewall rule.",
"ruleId": "GROUP2-0001"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
},
"sku": {
"name": "Standard_Microsoft"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallmanagedrulesets"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies": {
"get": {
"description": "Lists all of the protection policies within a resource group.",
"operationId": "Policies_List",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicyList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response indicates CDN service is not able to process the incoming request. The reason is provided in the error message.",
"properties": {
"code": {
"description": "Error code.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"List Policies in a Resource Group": {
"parameters": {
"api-version": "2019-06-15-preview",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Enabled"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/VerizonStandardCdnWafPolicy",
"location": "WestUs",
"name": "VerizonStandardCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent"
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint3"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "XSS",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "XSS-0001"
},
{
"enabledState": "Disabled",
"ruleId": "XSS-0002"
}
]
}
],
"ruleSetType": "ECRS",
"ruleSetVersion": "2018-11-2"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Enabled"
},
"sku": {
"name": "Standard_Verizon"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/{policyName}": {
"delete": {
"description": "Deletes Policy",
"operationId": "Policies_Delete",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Delete successful."
},
"204": {
"description": "No Content. The request has been accepted but the policy was not found."
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Delete protection policy": {
"parameters": {
"api-version": "2019-06-15-preview",
"policyName": "Policy1",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {},
"204": {}
}
}
},
"x-ms-long-running-operation": false
},
"get": {
"description": "Retrieve protection policy with specified name within a resource group.",
"operationId": "Policies_Get",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response indicates CDN service is not able to process the incoming request. The reason is provided in the error message.",
"properties": {
"code": {
"description": "Error code.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Get Policy": {
"parameters": {
"api-version": "2019-06-15-preview",
"policyName": "MicrosoftCdnWafPolicy",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Enabled"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
}
}
}
}
},
"patch": {
"description": "Update an existing CdnWebApplicationFirewallPolicy with the specified policy name under the specified subscription and resource group",
"operationId": "Policies_Update",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"description": "CdnWebApplicationFirewallPolicy parameters to be patched.",
"in": "body",
"name": "cdnWebApplicationFirewallPolicyPatchParameters",
"required": true,
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicyPatchParameters"
}
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
},
"202": {
"description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response indicates CDN service is not able to process the incoming request. The reason is provided in the error message.",
"properties": {
"code": {
"description": "Error code.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Creates specific policy": {
"parameters": {
"api-version": "2019-06-15-preview",
"cdnWebApplicationFirewallPolicyPatchParameters": {
"tags": {
"foo": "bar"
}
},
"policyName": "MicrosoftCdnWafPolicy",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Enabled"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"foo": "bar"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
},
"202": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Creating"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
}
}
}
},
"x-ms-long-running-operation": true
},
"put": {
"description": "Create or update policy with specified rule set name within a resource group.",
"operationId": "Policies_CreateOrUpdate",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
},
{
"description": "Policy to be created.",
"in": "body",
"name": "cdnWebApplicationFirewallPolicy",
"required": true,
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
},
"201": {
"description": "Created. The request has been fulfilled and a new protection policy has been created.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
},
"202": {
"description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously.",
"schema": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response indicates CDN service is not able to process the incoming request. The reason is provided in the error message.",
"properties": {
"code": {
"description": "Error code.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Creates specific policy": {
"parameters": {
"api-version": "2019-06-15-preview",
"cdnWebApplicationFirewallPolicy": {
"location": "WestUs",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com"
},
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
}
},
"sku": {
"name": "Standard_Microsoft"
}
},
"policyName": "MicrosoftCdnWafPolicy",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Enabled"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
},
"201": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 2
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Enabled"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
},
"202": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicy",
"location": "WestUs",
"name": "MicrosoftCdnWafPolicy",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null,
"transforms": []
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": []
},
{
"matchValue": [
"<?php",
"?>"
],
"matchVariable": "QueryString",
"negateCondition": false,
"operator": "Contains",
"selector": "search",
"transforms": [
"UrlDecode",
"Lowercase"
]
}
],
"name": "CustomRule1",
"priority": 3
}
]
},
"endpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint1"
},
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/profiles/profile1/endpoints/testEndpoint2"
}
],
"managedRules": {
"managedRuleSets": [
{
"ruleGroupOverrides": [
{
"ruleGroupName": "Group1",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "GROUP1-0001"
},
{
"enabledState": "Disabled",
"ruleId": "GROUP1-0002"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "preview-1.0"
}
]
},
"policySettings": {
"defaultCustomBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"defaultCustomBlockResponseStatusCode": 499,
"defaultRedirectUrl": "http://www.bing.com",
"enabledState": "Enabled",
"mode": "Prevention"
},
"provisioningState": "Succeeded",
"rateLimitRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "RateLimitRule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000
}
]
},
"resourceState": "Creating"
},
"sku": {
"name": "Standard_Microsoft"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Cdn/cdnwebapplicationfirewallpolicies"
}
}
}
}
},
"x-ms-long-running-operation": true
}
}
},
"definitions": {
"ActionType": {
"description": "Defines the action to take on rule match.",
"enum": [
"Allow",
"Block",
"Log",
"Redirect"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ActionType"
}
},
"CdnEndpoint": {
"description": "Defines the ARM Resource ID for the linked endpoints",
"properties": {
"id": {
"description": "ARM Resource ID string.",
"type": "string"
}
},
"readOnly": true,
"type": "object"
},
"CdnWebApplicationFirewallPolicy": {
"allOf": [
{
"allOf": [
{
"description": "The core properties of ARM resources",
"properties": {
"id": {
"description": "Resource ID.",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name.",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type.",
"readOnly": true,
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "The resource model definition for a ARM tracked top level resource.",
"properties": {
"location": {
"description": "Resource location.",
"type": "string"
},
"tags": {
"additionalProperties": {
"type": "string"
},
"description": "Resource tags.",
"type": "object",
"x-ms-mutability": [
"read",
"create",
"update"
]
}
},
"required": [
"location"
]
}
],
"description": "Defines web application firewall policy for Azure CDN.",
"properties": {
"etag": {
"description": "Gets a unique read-only string that changes whenever the resource is updated.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicyProperties",
"description": "Properties of the web application firewall policy.",
"x-ms-client-flatten": true
},
"sku": {
"description": "The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile.",
"properties": {
"name": {
"description": "Name of the pricing tier.",
"enum": [
"Standard_Verizon",
"Premium_Verizon",
"Custom_Verizon",
"Standard_Akamai",
"Standard_ChinaCdn",
"Standard_Microsoft",
"Premium_ChinaCdn"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "SkuName"
}
}
},
"type": "object"
}
},
"required": [
"sku"
]
},
"CdnWebApplicationFirewallPolicyList": {
"description": "Defines a list of WebApplicationFirewallPolicies for Azure CDN. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.",
"properties": {
"nextLink": {
"description": "URL to get the next set of WebApplicationFirewallPolicy objects if there are any.",
"type": "string"
},
"value": {
"description": "List of Azure CDN WebApplicationFirewallPolicies within a resource group.",
"items": {
"$ref": "#/definitions/CdnWebApplicationFirewallPolicy"
},
"readOnly": true,
"type": "array"
}
}
},
"CdnWebApplicationFirewallPolicyPatchParameters": {
"description": "Properties required to update a CdnWebApplicationFirewallPolicy.",
"properties": {
"tags": {
"additionalProperties": {
"type": "string"
},
"description": "CdnWebApplicationFirewallPolicy tags",
"type": "object"
}
},
"type": "object",
"x-ms-azure-resource": true
},
"CdnWebApplicationFirewallPolicyProperties": {
"description": "Defines CDN web application firewall policy properties.",
"properties": {
"customRules": {
"$ref": "#/definitions/CustomRuleList",
"description": "Describes custom rules inside the policy."
},
"endpointLinks": {
"description": "Describes Azure CDN endpoints associated with this Web Application Firewall policy.",
"items": {
"$ref": "#/definitions/CdnEndpoint"
},
"readOnly": true,
"type": "array"
},
"managedRules": {
"$ref": "#/definitions/ManagedRuleSetList",
"description": "Describes managed rules inside the policy."
},
"policySettings": {
"$ref": "#/definitions/policySettings",
"description": "Describes policySettings for policy"
},
"provisioningState": {
"description": "Provisioning state of the WebApplicationFirewallPolicy.",
"enum": [
"Creating",
"Succeeded",
"Failed"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ProvisioningState"
}
},
"rateLimitRules": {
"$ref": "#/definitions/RateLimitRuleList",
"description": "Describes rate limit rules inside the policy."
},
"resourceState": {
"enum": [
"Creating",
"Enabling",
"Enabled",
"Disabling",
"Disabled",
"Deleting"
],
"readOnly": true,
"title": "Resource status of the policy.",
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "PolicyResourceState"
}
}
}
},
"CustomRule": {
"description": "Defines the common attributes for a custom rule that can be included in a waf policy",
"properties": {
"action": {
"$ref": "#/definitions/ActionType",
"description": "Describes what action to be applied when rule matches"
},
"enabledState": {
"description": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "CustomRuleEnabledState"
}
},
"matchConditions": {
"description": "List of match conditions.",
"items": {
"$ref": "#/definitions/MatchCondition"
},
"type": "array"
},
"name": {
"description": "Defines the name of the custom rule",
"type": "string"
},
"priority": {
"description": "Defines in what order this rule be evaluated in the overall list of custom rules",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"maximum": 1000,
"minimum": 0,
"type": "integer"
}
},
"required": [
"name",
"priority",
"matchConditions",
"action"
],
"type": "object"
},
"CustomRuleList": {
"description": "Defines contents of custom rules",
"properties": {
"rules": {
"description": "List of rules",
"items": {
"$ref": "#/definitions/CustomRule"
},
"type": "array"
}
}
},
"ManagedRuleDefinition": {
"description": "Describes a managed rule definition.",
"properties": {
"description": {
"description": "Describes the functionality of the managed rule.",
"readOnly": true,
"type": "string"
},
"ruleId": {
"description": "Identifier for the managed rule.",
"readOnly": true,
"type": "string"
}
}
},
"ManagedRuleGroupDefinition": {
"description": "Describes a managed rule group.",
"properties": {
"description": {
"description": "Description of the managed rule group.",
"readOnly": true,
"type": "string"
},
"ruleGroupName": {
"description": "Name of the managed rule group.",
"readOnly": true,
"type": "string"
},
"rules": {
"description": "List of rules within the managed rule group.",
"items": {
"$ref": "#/definitions/ManagedRuleDefinition"
},
"readOnly": true,
"type": "array"
}
}
},
"ManagedRuleGroupOverride": {
"description": "Defines a managed rule group override setting.",
"properties": {
"ruleGroupName": {
"description": "Describes the managed rule group within the rule set to override",
"type": "string"
},
"rules": {
"description": "List of rules that will be disabled. If none specified, all rules in the group will be disabled.",
"items": {
"$ref": "#/definitions/ManagedRuleOverride"
},
"type": "array"
}
},
"required": [
"ruleGroupName"
]
},
"ManagedRuleOverride": {
"description": "Defines a managed rule group override setting.",
"properties": {
"action": {
"$ref": "#/definitions/ActionType",
"description": "Describes the override action to be applied when rule matches."
},
"enabledState": {
"description": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ManagedRuleEnabledState"
}
},
"ruleId": {
"description": "Identifier for the managed rule.",
"type": "string"
}
},
"required": [
"ruleId"
]
},
"ManagedRuleSet": {
"description": "Defines a managed rule set.",
"properties": {
"anomalyScore": {
"description": "Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"maximum": 20,
"minimum": 0,
"type": "integer"
},
"ruleGroupOverrides": {
"description": "Defines the rule overrides to apply to the rule set.",
"items": {
"$ref": "#/definitions/ManagedRuleGroupOverride"
},
"type": "array"
},
"ruleSetType": {
"description": "Defines the rule set type to use.",
"type": "string"
},
"ruleSetVersion": {
"description": "Defines the version of the rule set to use.",
"type": "string"
}
},
"required": [
"ruleSetType",
"ruleSetVersion"
],
"type": "object"
},
"ManagedRuleSetDefinition": {
"allOf": [
{
"description": "The core properties of ARM resources",
"properties": {
"id": {
"description": "Resource ID.",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name.",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type.",
"readOnly": true,
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "Describes a managed rule set definition.",
"properties": {
"properties": {
"$ref": "#/definitions/ManagedRuleSetDefinitionProperties",
"description": "Describes managed rule set definition properties.",
"x-ms-client-flatten": true
},
"sku": {
"description": "The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile.",
"properties": {
"name": {
"description": "Name of the pricing tier.",
"enum": [
"Standard_Verizon",
"Premium_Verizon",
"Custom_Verizon",
"Standard_Akamai",
"Standard_ChinaCdn",
"Standard_Microsoft",
"Premium_ChinaCdn"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "SkuName"
}
}
},
"type": "object"
}
}
},
"ManagedRuleSetDefinitionList": {
"description": "List of managed rule set definitions available for use in a policy.",
"properties": {
"nextLink": {
"description": "URL to retrieve next set of managed rule set definitions.",
"type": "string"
},
"value": {
"description": "List of managed rule set definitions.",
"items": {
"$ref": "#/definitions/ManagedRuleSetDefinition"
},
"readOnly": true,
"type": "array"
}
}
},
"ManagedRuleSetDefinitionProperties": {
"description": "Properties for a managed rule set definition.",
"properties": {
"provisioningState": {
"description": "Provisioning state of the managed rule set.",
"readOnly": true,
"type": "string"
},
"ruleGroups": {
"description": "Rule groups of the managed rule set.",
"items": {
"$ref": "#/definitions/ManagedRuleGroupDefinition"
},
"readOnly": true,
"type": "array"
},
"ruleSetType": {
"description": "Type of the managed rule set.",
"readOnly": true,
"type": "string"
},
"ruleSetVersion": {
"description": "Version of the managed rule set type.",
"readOnly": true,
"type": "string"
}
}
},
"ManagedRuleSetList": {
"description": "Defines the list of managed rule sets for the policy.",
"properties": {
"managedRuleSets": {
"description": "List of rule sets.",
"items": {
"$ref": "#/definitions/ManagedRuleSet"
},
"type": "array"
}
}
},
"MatchCondition": {
"description": "Define match conditions",
"properties": {
"matchValue": {
"description": "List of possible match values.",
"items": {
"type": "string"
},
"type": "array"
},
"matchVariable": {
"description": "Match variable to compare against.",
"enum": [
"RemoteAddr",
"Country",
"RequestMethod",
"RequestHeader",
"RequestUri",
"QueryString",
"RequestBody",
"Cookies",
"PostArgs"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "MatchVariable"
}
},
"negateCondition": {
"description": "Describes if the result of this condition should be negated.",
"type": "boolean"
},
"operator": {
"description": "Describes operator to be matched",
"enum": [
"Any",
"IPMatch",
"GeoMatch",
"Equal",
"Contains",
"LessThan",
"GreaterThan",
"LessThanOrEqual",
"GreaterThanOrEqual",
"BeginsWith",
"EndsWith",
"RegEx"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "operator"
}
},
"selector": {
"description": "Selector can used to match a specific key for QueryString, RequestUri, RequestHeaders or RequestBody.",
"type": "string"
},
"transforms": {
"description": "List of transforms.",
"items": {
"$ref": "#/definitions/TransformType"
},
"type": "array"
}
},
"required": [
"matchVariable",
"operator",
"matchValue"
]
},
"RateLimitRule": {
"allOf": [
{
"$ref": "#/definitions/CustomRule"
}
],
"description": "Defines a rate limiting rule that can be included in a waf policy",
"properties": {
"rateLimitDurationInMinutes": {
"description": "Defines rate limit duration. Default is 1 minute.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"maximum": 60,
"minimum": 0,
"type": "integer"
},
"rateLimitThreshold": {
"description": "Defines rate limit threshold.",
"exclusiveMinimum": false,
"minimum": 0,
"type": "integer"
}
},
"required": [
"rateLimitThreshold",
"rateLimitDurationInMinutes"
],
"type": "object"
},
"RateLimitRuleList": {
"description": "Defines contents of rate limit rules",
"properties": {
"rules": {
"description": "List of rules",
"items": {
"$ref": "#/definitions/RateLimitRule"
},
"type": "array"
}
}
},
"TransformType": {
"description": "Describes what transforms were applied before matching.",
"enum": [
"Lowercase",
"Uppercase",
"Trim",
"UrlDecode",
"UrlEncode",
"RemoveNulls"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "TransformType"
}
},
"policySettings": {
"description": "Defines contents of a web application firewall global configuration",
"properties": {
"defaultCustomBlockResponseBody": {
"description": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding.",
"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$",
"type": "string"
},
"defaultCustomBlockResponseStatusCode": {
"description": "If the action type is block, this field defines the default customer overridable http response status code.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"maximum": 599,
"minimum": 200,
"type": "integer"
},
"defaultRedirectUrl": {
"description": "If action type is redirect, this field represents the default redirect URL for the client.",
"type": "string"
},
"enabledState": {
"description": "describes if the policy is in enabled state or disabled state",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "PolicyEnabledState"
}
},
"mode": {
"description": "Describes if it is in detection mode or prevention mode at policy level.",
"enum": [
"Prevention",
"Detection"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "PolicyMode"
}
}
}
}
}
}