WebApplicationFirewallManagement
APIs to manage web application firewall rules
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "APIs to manage web application firewall rules.",
"title": "WebApplicationFirewallManagement",
"version": "2019-10-01",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/frontdoor/resource-manager/Microsoft.Network/stable/2019-10-01/webapplicationfirewall.json",
"version": "2.0"
}
],
"x-preferred": true,
"x-providerName": "azure.com",
"x-serviceName": "frontdoor-webapplicationfirewall",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"PolicyNameParameter": {
"description": "The name of the Web Application Firewall Policy.",
"in": "path",
"maxLength": 128,
"name": "policyName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"ResourceGroupNameParameter": {
"description": "Name of the Resource group within the Azure subscription.",
"in": "path",
"maxLength": 80,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets": {
"get": {
"description": "Lists all available managed rule sets.",
"operationId": "ManagedRuleSets_List",
"parameters": [
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Success. The operation returns a list of all available web application firewall managed rule sets.",
"schema": {
"$ref": "#/definitions/ManagedRuleSetDefinitionList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
}
},
"tags": [
"WebApplicationFirewallManagedRuleSets"
],
"x-ms-examples": {
"List Policies in a Resource Group": {
"parameters": {
"api-version": "2019-10-01",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/subid/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets",
"name": "DefaultRuleSet_1.0",
"properties": {
"provisioningState": "Succeeded",
"ruleGroups": [
{
"description": "SQL injection",
"ruleGroupName": "SQLI",
"rules": [
{
"defaultAction": "Block",
"defaultState": "Enabled",
"description": "SQL Injection Attack Detected via libinjection",
"ruleId": "942100"
},
{
"defaultAction": "Block",
"defaultState": "Enabled",
"description": "SQL Injection Attack: Common Injection Testing Detected",
"ruleId": "942110"
}
]
},
{
"description": "Cross-site scripting",
"ruleGroupName": "XSS",
"rules": [
{
"defaultAction": "Block",
"defaultState": "Enabled",
"description": "XSS Attack Detected via libinjection",
"ruleId": "941100"
},
{
"defaultAction": "Block",
"defaultState": "Enabled",
"description": "XSS Attack Detected via libinjection",
"ruleId": "941101"
},
{
"defaultAction": "Block",
"defaultState": "Enabled",
"description": "XSS Filter - Category 1: Script Tag Vector",
"ruleId": "941110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
},
"type": "Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies": {
"get": {
"description": "Lists all of the protection policies within a resource group.",
"operationId": "Policies_List",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/WebApplicationFirewallPolicyList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"List Policies in a Resource Group": {
"parameters": {
"api-version": "2019-10-01",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
"location": "WestUs",
"name": "Policy1",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "Rule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000,
"ruleType": "RateLimitRule"
},
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": [
"Lowercase"
]
}
],
"name": "Rule2",
"priority": 2,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 0,
"ruleType": "MatchRule"
}
]
},
"frontendEndpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net"
}
],
"managedRules": {
"managedRuleSets": [
{
"exclusions": [
{
"matchVariable": "RequestHeaderNames",
"selector": "User-Agent",
"selectorMatchOperator": "Equals"
}
],
"ruleGroupOverrides": [
{
"ruleGroupName": "SQLI",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "942100"
},
{
"enabledState": "Disabled",
"ruleId": "942110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
}
]
},
"policySettings": {
"customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"customBlockResponseStatusCode": 499,
"enabledState": "Enabled",
"mode": "Prevention",
"redirectUrl": "http://www.bing.com"
},
"provisioningState": "Succeeded",
"resourceState": "Enabled"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}": {
"delete": {
"description": "Deletes Policy",
"operationId": "Policies_Delete",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Delete successful."
},
"202": {
"description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously."
},
"204": {
"description": "No Content. The request has been accepted but the policy was not found."
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Delete protection policy": {
"parameters": {
"api-version": "2019-10-01",
"policyName": "Policy1",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {},
"202": {},
"204": {}
}
}
},
"x-ms-long-running-operation": true
},
"get": {
"description": "Retrieve protection policy with specified name within a resource group.",
"operationId": "Policies_Get",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/WebApplicationFirewallPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Get Policy": {
"parameters": {
"api-version": "2019-10-01",
"policyName": "Policy1",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
"location": "WestUs",
"name": "Policy1",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "Rule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000,
"ruleType": "RateLimitRule"
},
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": [
"Lowercase"
]
}
],
"name": "Rule2",
"priority": 2,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 0,
"ruleType": "MatchRule"
}
]
},
"frontendEndpointLinks": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net"
}
],
"managedRules": {
"managedRuleSets": [
{
"exclusions": [
{
"matchVariable": "RequestHeaderNames",
"selector": "User-Agent",
"selectorMatchOperator": "Equals"
}
],
"ruleGroupOverrides": [
{
"ruleGroupName": "SQLI",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"ruleId": "942100"
},
{
"enabledState": "Disabled",
"ruleId": "942110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
}
]
},
"policySettings": {
"customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"customBlockResponseStatusCode": 499,
"enabledState": "Enabled",
"mode": "Prevention",
"redirectUrl": "http://www.bing.com"
},
"provisioningState": "Succeeded",
"resourceState": "Enabled"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
}
}
}
}
}
},
"put": {
"description": "Create or update policy with specified rule set name within a resource group.",
"operationId": "Policies_CreateOrUpdate",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupNameParameter"
},
{
"$ref": "#/parameters/PolicyNameParameter"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Policy to be created.",
"in": "body",
"name": "parameters",
"required": true,
"schema": {
"$ref": "#/definitions/WebApplicationFirewallPolicy"
}
}
],
"responses": {
"200": {
"description": "OK. The request has succeeded.",
"schema": {
"$ref": "#/definitions/WebApplicationFirewallPolicy"
}
},
"201": {
"description": "Created. The request has been fulfilled and a new protection policy has been created.",
"schema": {
"$ref": "#/definitions/WebApplicationFirewallPolicy"
}
},
"202": {
"description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously.",
"schema": {
"$ref": "#/definitions/WebApplicationFirewallPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
}
},
"tags": [
"WebApplicationFirewallPolicies"
],
"x-ms-examples": {
"Creates specific policy": {
"parameters": {
"api-version": "2019-10-01",
"parameters": {
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"operator": "IPMatch"
}
],
"name": "Rule1",
"priority": 1,
"rateLimitThreshold": 1000,
"ruleType": "RateLimitRule"
},
{
"action": "Block",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"operator": "GeoMatch"
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"operator": "Contains",
"selector": "UserAgent",
"transforms": [
"Lowercase"
]
}
],
"name": "Rule2",
"priority": 2,
"ruleType": "MatchRule"
}
]
},
"managedRules": {
"managedRuleSets": [
{
"exclusions": [
{
"matchVariable": "RequestHeaderNames",
"selector": "User-Agent",
"selectorMatchOperator": "Equals"
}
],
"ruleGroupOverrides": [
{
"exclusions": [
{
"matchVariable": "RequestCookieNames",
"selector": "token",
"selectorMatchOperator": "StartsWith"
}
],
"ruleGroupName": "SQLI",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"exclusions": [
{
"matchVariable": "QueryStringArgNames",
"selector": "query",
"selectorMatchOperator": "Equals"
}
],
"ruleId": "942100"
},
{
"enabledState": "Disabled",
"ruleId": "942110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
}
]
},
"policySettings": {
"customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"customBlockResponseStatusCode": 499,
"redirectUrl": "http://www.bing.com"
}
}
},
"policyName": "Policy1",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
"location": "WestUs",
"name": "Policy1",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "Rule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000,
"ruleType": "RateLimitRule"
},
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": [
"Lowercase"
]
}
],
"name": "Rule2",
"priority": 2,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 0,
"ruleType": "MatchRule"
}
]
},
"frontendEndpointLinks": [],
"managedRules": {
"managedRuleSets": [
{
"exclusions": [
{
"matchVariable": "RequestHeaderNames",
"selector": "User-Agent",
"selectorMatchOperator": "Equals"
}
],
"ruleGroupOverrides": [
{
"exclusions": [
{
"matchVariable": "RequestCookieNames",
"selector": "token",
"selectorMatchOperator": "StartsWith"
}
],
"ruleGroupName": "SQLI",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"exclusions": [
{
"matchVariable": "QueryStringArgNames",
"selector": "query",
"selectorMatchOperator": "Equals"
}
],
"ruleId": "942100"
},
{
"enabledState": "Disabled",
"ruleId": "942110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
}
]
},
"policySettings": {
"customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"customBlockResponseStatusCode": 499,
"enabledState": "Enabled",
"mode": "Prevention",
"redirectUrl": "http://www.bing.com"
},
"provisioningState": "Succeeded",
"resourceState": "Enabled"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
}
},
"201": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
"location": "WestUs",
"name": "Policy1",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "Rule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000,
"ruleType": "RateLimitRule"
},
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": [
"Lowercase"
]
}
],
"name": "Rule2",
"priority": 2,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 0,
"ruleType": "MatchRule"
}
]
},
"frontendEndpointLinks": [],
"managedRules": {
"managedRuleSets": [
{
"exclusions": [
{
"matchVariable": "RequestHeaderNames",
"selector": "User-Agent",
"selectorMatchOperator": "Equals"
}
],
"ruleGroupOverrides": [
{
"exclusions": [
{
"matchVariable": "RequestCookieNames",
"selector": "token",
"selectorMatchOperator": "StartsWith"
}
],
"ruleGroupName": "SQLI",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"exclusions": [
{
"matchVariable": "QueryStringArgNames",
"selector": "query",
"selectorMatchOperator": "Equals"
}
],
"ruleId": "942100"
},
{
"enabledState": "Disabled",
"ruleId": "942110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
}
]
},
"policySettings": {
"customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"customBlockResponseStatusCode": 499,
"enabledState": "Enabled",
"mode": "Prevention",
"redirectUrl": "http://www.bing.com"
},
"provisioningState": "Succeeded",
"resourceState": "Enabled"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
}
},
"202": {
"body": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
"location": "WestUs",
"name": "Policy1",
"properties": {
"customRules": {
"rules": [
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "IPMatch",
"selector": null,
"transforms": []
}
],
"name": "Rule1",
"priority": 1,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 1000,
"ruleType": "RateLimitRule"
},
{
"action": "Block",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"CH"
],
"matchVariable": "RemoteAddr",
"negateCondition": false,
"operator": "GeoMatch",
"selector": null
},
{
"matchValue": [
"windows"
],
"matchVariable": "RequestHeader",
"negateCondition": false,
"operator": "Contains",
"selector": "UserAgent",
"transforms": [
"Lowercase"
]
}
],
"name": "Rule2",
"priority": 2,
"rateLimitDurationInMinutes": 0,
"rateLimitThreshold": 0,
"ruleType": "MatchRule"
}
]
},
"frontendEndpointLinks": [],
"managedRules": {
"managedRuleSets": [
{
"exclusions": [
{
"matchVariable": "RequestHeaderNames",
"selector": "User-Agent",
"selectorMatchOperator": "Equals"
}
],
"ruleGroupOverrides": [
{
"exclusions": [
{
"matchVariable": "RequestCookieNames",
"selector": "token",
"selectorMatchOperator": "StartsWith"
}
],
"ruleGroupName": "SQLI",
"rules": [
{
"action": "Redirect",
"enabledState": "Enabled",
"exclusions": [
{
"matchVariable": "QueryStringArgNames",
"selector": "query",
"selectorMatchOperator": "Equals"
}
],
"ruleId": "942100"
},
{
"enabledState": "Disabled",
"ruleId": "942110"
}
]
}
],
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0"
}
]
},
"policySettings": {
"customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
"customBlockResponseStatusCode": 499,
"enabledState": "Enabled",
"mode": "Prevention",
"redirectUrl": "http://www.bing.com"
},
"provisioningState": "Succeeded",
"resourceState": "Enabled"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
}
}
}
}
},
"x-ms-long-running-operation": true
}
}
},
"definitions": {
"ActionType": {
"description": "Defines the action to take on rule match.",
"enum": [
"Allow",
"Block",
"Log",
"Redirect"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ActionType"
}
},
"CustomRule": {
"description": "Defines contents of a web application rule",
"properties": {
"action": {
"$ref": "#/definitions/ActionType",
"description": "Describes what action to be applied when rule matches."
},
"enabledState": {
"description": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "CustomRuleEnabledState"
}
},
"matchConditions": {
"description": "List of match conditions.",
"items": {
"$ref": "#/definitions/MatchCondition"
},
"type": "array"
},
"name": {
"description": "Describes the name of the rule.",
"maxLength": 128,
"type": "string"
},
"priority": {
"description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.",
"type": "integer"
},
"rateLimitDurationInMinutes": {
"description": "Time window for resetting the rate limit count. Default is 1 minute.",
"maximum": 5,
"minimum": 0,
"type": "integer"
},
"rateLimitThreshold": {
"description": "Number of allowed requests per client within the time window.",
"minimum": 0,
"type": "integer"
},
"ruleType": {
"description": "Describes type of rule.",
"enum": [
"MatchRule",
"RateLimitRule"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "RuleType"
}
}
},
"required": [
"priority",
"ruleType",
"matchConditions",
"action"
]
},
"CustomRuleList": {
"description": "Defines contents of custom rules",
"properties": {
"rules": {
"description": "List of rules",
"items": {
"$ref": "#/definitions/CustomRule"
},
"type": "array"
}
}
},
"ErrorResponse": {
"description": "Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.",
"properties": {
"code": {
"description": "Error code.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"readOnly": true,
"type": "string"
}
},
"type": "object"
},
"FrontendEndpointLink": {
"description": "Defines the Resource ID for a Frontend Endpoint.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"readOnly": true,
"type": "object"
},
"ManagedRuleDefinition": {
"description": "Describes a managed rule definition.",
"properties": {
"defaultAction": {
"$ref": "#/definitions/ActionType",
"description": "Describes the default action to be applied when the managed rule matches.",
"readOnly": true
},
"defaultState": {
"$ref": "#/definitions/ManagedRuleEnabledState",
"description": "Describes the default state for the managed rule.",
"readOnly": true
},
"description": {
"description": "Describes the functionality of the managed rule.",
"readOnly": true,
"type": "string"
},
"ruleId": {
"description": "Identifier for the managed rule.",
"readOnly": true,
"type": "string"
}
}
},
"ManagedRuleEnabledState": {
"description": "Describes if the managed rule is in enabled or disabled state.",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ManagedRuleEnabledState"
}
},
"ManagedRuleExclusion": {
"description": "Exclude variables from managed rule evaluation.",
"properties": {
"matchVariable": {
"description": "The variable type to be excluded.",
"enum": [
"RequestHeaderNames",
"RequestCookieNames",
"QueryStringArgNames",
"RequestBodyPostArgNames"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ManagedRuleExclusionMatchVariable"
}
},
"selector": {
"description": "Selector value for which elements in the collection this exclusion applies to.",
"type": "string"
},
"selectorMatchOperator": {
"description": "Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.",
"enum": [
"Equals",
"Contains",
"StartsWith",
"EndsWith",
"EqualsAny"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ManagedRuleExclusionSelectorMatchOperator"
}
}
},
"required": [
"matchVariable",
"selectorMatchOperator",
"selector"
]
},
"ManagedRuleGroupDefinition": {
"description": "Describes a managed rule group.",
"properties": {
"description": {
"description": "Description of the managed rule group.",
"readOnly": true,
"type": "string"
},
"ruleGroupName": {
"description": "Name of the managed rule group.",
"readOnly": true,
"type": "string"
},
"rules": {
"description": "List of rules within the managed rule group.",
"items": {
"$ref": "#/definitions/ManagedRuleDefinition"
},
"readOnly": true,
"type": "array"
}
}
},
"ManagedRuleGroupOverride": {
"description": "Defines a managed rule group override setting.",
"properties": {
"exclusions": {
"description": "Describes the exclusions that are applied to all rules in the group.",
"items": {
"$ref": "#/definitions/ManagedRuleExclusion"
},
"type": "array"
},
"ruleGroupName": {
"description": "Describes the managed rule group to override.",
"type": "string"
},
"rules": {
"description": "List of rules that will be disabled. If none specified, all rules in the group will be disabled.",
"items": {
"$ref": "#/definitions/ManagedRuleOverride"
},
"type": "array"
}
},
"required": [
"ruleGroupName"
]
},
"ManagedRuleOverride": {
"description": "Defines a managed rule group override setting.",
"properties": {
"action": {
"$ref": "#/definitions/ActionType",
"description": "Describes the override action to be applied when rule matches."
},
"enabledState": {
"$ref": "#/definitions/ManagedRuleEnabledState",
"description": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified."
},
"exclusions": {
"description": "Describes the exclusions that are applied to this specific rule.",
"items": {
"$ref": "#/definitions/ManagedRuleExclusion"
},
"type": "array"
},
"ruleId": {
"description": "Identifier for the managed rule.",
"type": "string"
}
},
"required": [
"ruleId"
]
},
"ManagedRuleSet": {
"description": "Defines a managed rule set.",
"properties": {
"exclusions": {
"description": "Describes the exclusions that are applied to all rules in the set.",
"items": {
"$ref": "#/definitions/ManagedRuleExclusion"
},
"type": "array"
},
"ruleGroupOverrides": {
"description": "Defines the rule group overrides to apply to the rule set.",
"items": {
"$ref": "#/definitions/ManagedRuleGroupOverride"
},
"type": "array"
},
"ruleSetType": {
"description": "Defines the rule set type to use.",
"type": "string"
},
"ruleSetVersion": {
"description": "Defines the version of the rule set to use.",
"type": "string"
}
},
"required": [
"ruleSetType",
"ruleSetVersion"
],
"type": "object"
},
"ManagedRuleSetDefinition": {
"allOf": [
{
"description": "Common resource representation.",
"properties": {
"id": {
"description": "Resource ID.",
"readOnly": true,
"type": "string"
},
"location": {
"description": "Resource location.",
"type": "string"
},
"name": {
"description": "Resource name.",
"readOnly": true,
"type": "string"
},
"tags": {
"additionalProperties": {
"type": "string"
},
"description": "Resource tags.",
"type": "object"
},
"type": {
"description": "Resource type.",
"readOnly": true,
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "Describes the a managed rule set definition.",
"properties": {
"properties": {
"$ref": "#/definitions/ManagedRuleSetDefinitionProperties",
"description": "Properties for a managed rule set definition.",
"x-ms-client-flatten": true
}
}
},
"ManagedRuleSetDefinitionList": {
"description": "List of managed rule set definitions available for use in a policy.",
"properties": {
"nextLink": {
"description": "URL to retrieve next set of managed rule set definitions.",
"type": "string"
},
"value": {
"description": "List of managed rule set definitions.",
"items": {
"$ref": "#/definitions/ManagedRuleSetDefinition"
},
"readOnly": true,
"type": "array"
}
}
},
"ManagedRuleSetDefinitionProperties": {
"description": "Properties for a managed rule set definition.",
"properties": {
"provisioningState": {
"description": "Provisioning state of the managed rule set.",
"readOnly": true,
"type": "string"
},
"ruleGroups": {
"description": "Rule groups of the managed rule set.",
"items": {
"$ref": "#/definitions/ManagedRuleGroupDefinition"
},
"readOnly": true,
"type": "array"
},
"ruleSetType": {
"description": "Type of the managed rule set.",
"readOnly": true,
"type": "string"
},
"ruleSetVersion": {
"description": "Version of the managed rule set type.",
"readOnly": true,
"type": "string"
}
}
},
"ManagedRuleSetList": {
"description": "Defines the list of managed rule sets for the policy.",
"properties": {
"managedRuleSets": {
"description": "List of rule sets.",
"items": {
"$ref": "#/definitions/ManagedRuleSet"
},
"type": "array"
}
}
},
"MatchCondition": {
"description": "Define a match condition.",
"properties": {
"matchValue": {
"description": "List of possible match values.",
"items": {
"type": "string"
},
"type": "array"
},
"matchVariable": {
"description": "Request variable to compare with.",
"enum": [
"RemoteAddr",
"RequestMethod",
"QueryString",
"PostArgs",
"RequestUri",
"RequestHeader",
"RequestBody",
"Cookies",
"SocketAddr"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "MatchVariable"
}
},
"negateCondition": {
"description": "Describes if the result of this condition should be negated.",
"type": "boolean"
},
"operator": {
"description": "Comparison type to use for matching with the variable value.",
"enum": [
"Any",
"IPMatch",
"GeoMatch",
"Equal",
"Contains",
"LessThan",
"GreaterThan",
"LessThanOrEqual",
"GreaterThanOrEqual",
"BeginsWith",
"EndsWith",
"RegEx"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "Operator"
}
},
"selector": {
"description": "Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.",
"type": "string"
},
"transforms": {
"description": "List of transforms.",
"items": {
"$ref": "#/definitions/TransformType"
},
"type": "array"
}
},
"required": [
"matchVariable",
"operator",
"matchValue"
]
},
"PolicySettings": {
"description": "Defines top-level WebApplicationFirewallPolicy configuration settings.",
"properties": {
"customBlockResponseBody": {
"description": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding.",
"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$",
"type": "string"
},
"customBlockResponseStatusCode": {
"description": "If the action type is block, customer can override the response status code.",
"type": "integer"
},
"enabledState": {
"description": "Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "PolicyEnabledState"
}
},
"mode": {
"description": "Describes if it is in detection mode or prevention mode at policy level.",
"enum": [
"Prevention",
"Detection"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "PolicyMode"
}
},
"redirectUrl": {
"description": "If action type is redirect, this field represents redirect URL for the client.",
"type": "string"
}
}
},
"TransformType": {
"description": "Describes what transforms applied before matching.",
"enum": [
"Lowercase",
"Uppercase",
"Trim",
"UrlDecode",
"UrlEncode",
"RemoveNulls"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "TransformType"
}
},
"WebApplicationFirewallPolicy": {
"allOf": [
{
"description": "Common resource representation.",
"properties": {
"id": {
"description": "Resource ID.",
"readOnly": true,
"type": "string"
},
"location": {
"description": "Resource location.",
"type": "string"
},
"name": {
"description": "Resource name.",
"readOnly": true,
"type": "string"
},
"tags": {
"additionalProperties": {
"type": "string"
},
"description": "Resource tags.",
"type": "object"
},
"type": {
"description": "Resource type.",
"readOnly": true,
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "Defines web application firewall policy.",
"properties": {
"etag": {
"description": "Gets a unique read-only string that changes whenever the resource is updated.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/WebApplicationFirewallPolicyProperties",
"description": "Properties of the web application firewall policy.",
"x-ms-client-flatten": true
}
}
},
"WebApplicationFirewallPolicyList": {
"description": "Defines a list of WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.",
"properties": {
"nextLink": {
"description": "URL to get the next set of WebApplicationFirewallPolicy objects if there are any.",
"type": "string"
},
"value": {
"description": "List of WebApplicationFirewallPolicies within a resource group.",
"items": {
"$ref": "#/definitions/WebApplicationFirewallPolicy"
},
"readOnly": true,
"type": "array"
}
}
},
"WebApplicationFirewallPolicyProperties": {
"description": "Defines web application firewall policy properties.",
"properties": {
"customRules": {
"$ref": "#/definitions/CustomRuleList",
"description": "Describes custom rules inside the policy."
},
"frontendEndpointLinks": {
"description": "Describes Frontend Endpoints associated with this Web Application Firewall policy.",
"items": {
"$ref": "#/definitions/FrontendEndpointLink"
},
"readOnly": true,
"type": "array"
},
"managedRules": {
"$ref": "#/definitions/ManagedRuleSetList",
"description": "Describes managed rules inside the policy."
},
"policySettings": {
"$ref": "#/definitions/PolicySettings",
"description": "Describes settings for the policy."
},
"provisioningState": {
"description": "Provisioning state of the policy.",
"readOnly": true,
"type": "string"
},
"resourceState": {
"enum": [
"Creating",
"Enabling",
"Enabled",
"Disabling",
"Disabled",
"Deleting"
],
"readOnly": true,
"title": "Resource status of the policy.",
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "PolicyResourceState"
}
}
}
}
}
}