1. Packages
  2. Azure Classic
  3. API Docs
  4. cdn
  5. FrontdoorFirewallPolicy

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

azure.cdn.FrontdoorFirewallPolicy

Explore with Pulumi AI

Manages a Front Door (standard/premium) Firewall Policy instance.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-cdn-frontdoor",
    location: "West Europe",
});
const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("example", {
    name: "example-profile",
    resourceGroupName: example.name,
    skuName: "Premium_AzureFrontDoor",
});
const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("example", {
    name: "examplecdnfdwafpolicy",
    resourceGroupName: example.name,
    skuName: exampleFrontdoorProfile.skuName,
    enabled: true,
    mode: "Prevention",
    redirectUrl: "https://www.contoso.com",
    customBlockResponseStatusCode: 403,
    customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
    jsChallengeCookieExpirationInMinutes: 45,
    logScrubbing: {
        enabled: true,
        scrubbingRules: [{
            enabled: true,
            matchVariable: "RequestCookieNames",
            operator: "Equals",
            selector: "ChocolateChip",
        }],
    },
    customRules: [
        {
            name: "Rule1",
            enabled: true,
            priority: 1,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "Block",
            matchConditions: [{
                matchVariable: "RemoteAddr",
                operator: "IPMatch",
                negationCondition: false,
                matchValues: [
                    "10.0.1.0/24",
                    "10.0.0.0/24",
                ],
            }],
        },
        {
            name: "Rule2",
            enabled: true,
            priority: 50,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "Block",
            matchConditions: [
                {
                    matchVariable: "RemoteAddr",
                    operator: "IPMatch",
                    negationCondition: false,
                    matchValues: ["192.168.1.0/24"],
                },
                {
                    matchVariable: "RequestHeader",
                    selector: "UserAgent",
                    operator: "Contains",
                    negationCondition: false,
                    matchValues: ["windows"],
                    transforms: [
                        "Lowercase",
                        "Trim",
                    ],
                },
            ],
        },
        {
            name: "CustomJSChallenge",
            enabled: true,
            priority: 100,
            rateLimitDurationInMinutes: 1,
            rateLimitThreshold: 10,
            type: "MatchRule",
            action: "JSChallenge",
            matchConditions: [{
                matchVariable: "RemoteAddr",
                operator: "IPMatch",
                negationCondition: false,
                matchValues: ["192.168.1.0/24"],
            }],
        },
    ],
    managedRules: [
        {
            type: "DefaultRuleSet",
            version: "1.0",
            action: "Log",
            exclusions: [{
                matchVariable: "QueryStringArgNames",
                operator: "Equals",
                selector: "not_suspicious",
            }],
            overrides: [
                {
                    ruleGroupName: "PHP",
                    rules: [{
                        ruleId: "933100",
                        enabled: false,
                        action: "Block",
                    }],
                },
                {
                    ruleGroupName: "SQLI",
                    exclusions: [{
                        matchVariable: "QueryStringArgNames",
                        operator: "Equals",
                        selector: "really_not_suspicious",
                    }],
                    rules: [{
                        ruleId: "942200",
                        action: "Block",
                        exclusions: [{
                            matchVariable: "QueryStringArgNames",
                            operator: "Equals",
                            selector: "innocent",
                        }],
                    }],
                },
            ],
        },
        {
            type: "Microsoft_BotManagerRuleSet",
            version: "1.1",
            action: "Log",
            overrides: [{
                ruleGroupName: "BadBots",
                rules: [{
                    action: "JSChallenge",
                    enabled: true,
                    ruleId: "Bot100200",
                }],
            }],
        },
    ],
});
Copy
import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-cdn-frontdoor",
    location="West Europe")
example_frontdoor_profile = azure.cdn.FrontdoorProfile("example",
    name="example-profile",
    resource_group_name=example.name,
    sku_name="Premium_AzureFrontDoor")
example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("example",
    name="examplecdnfdwafpolicy",
    resource_group_name=example.name,
    sku_name=example_frontdoor_profile.sku_name,
    enabled=True,
    mode="Prevention",
    redirect_url="https://www.contoso.com",
    custom_block_response_status_code=403,
    custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
    js_challenge_cookie_expiration_in_minutes=45,
    log_scrubbing={
        "enabled": True,
        "scrubbing_rules": [{
            "enabled": True,
            "match_variable": "RequestCookieNames",
            "operator": "Equals",
            "selector": "ChocolateChip",
        }],
    },
    custom_rules=[
        {
            "name": "Rule1",
            "enabled": True,
            "priority": 1,
            "rate_limit_duration_in_minutes": 1,
            "rate_limit_threshold": 10,
            "type": "MatchRule",
            "action": "Block",
            "match_conditions": [{
                "match_variable": "RemoteAddr",
                "operator": "IPMatch",
                "negation_condition": False,
                "match_values": [
                    "10.0.1.0/24",
                    "10.0.0.0/24",
                ],
            }],
        },
        {
            "name": "Rule2",
            "enabled": True,
            "priority": 50,
            "rate_limit_duration_in_minutes": 1,
            "rate_limit_threshold": 10,
            "type": "MatchRule",
            "action": "Block",
            "match_conditions": [
                {
                    "match_variable": "RemoteAddr",
                    "operator": "IPMatch",
                    "negation_condition": False,
                    "match_values": ["192.168.1.0/24"],
                },
                {
                    "match_variable": "RequestHeader",
                    "selector": "UserAgent",
                    "operator": "Contains",
                    "negation_condition": False,
                    "match_values": ["windows"],
                    "transforms": [
                        "Lowercase",
                        "Trim",
                    ],
                },
            ],
        },
        {
            "name": "CustomJSChallenge",
            "enabled": True,
            "priority": 100,
            "rate_limit_duration_in_minutes": 1,
            "rate_limit_threshold": 10,
            "type": "MatchRule",
            "action": "JSChallenge",
            "match_conditions": [{
                "match_variable": "RemoteAddr",
                "operator": "IPMatch",
                "negation_condition": False,
                "match_values": ["192.168.1.0/24"],
            }],
        },
    ],
    managed_rules=[
        {
            "type": "DefaultRuleSet",
            "version": "1.0",
            "action": "Log",
            "exclusions": [{
                "match_variable": "QueryStringArgNames",
                "operator": "Equals",
                "selector": "not_suspicious",
            }],
            "overrides": [
                {
                    "rule_group_name": "PHP",
                    "rules": [{
                        "rule_id": "933100",
                        "enabled": False,
                        "action": "Block",
                    }],
                },
                {
                    "rule_group_name": "SQLI",
                    "exclusions": [{
                        "match_variable": "QueryStringArgNames",
                        "operator": "Equals",
                        "selector": "really_not_suspicious",
                    }],
                    "rules": [{
                        "rule_id": "942200",
                        "action": "Block",
                        "exclusions": [{
                            "match_variable": "QueryStringArgNames",
                            "operator": "Equals",
                            "selector": "innocent",
                        }],
                    }],
                },
            ],
        },
        {
            "type": "Microsoft_BotManagerRuleSet",
            "version": "1.1",
            "action": "Log",
            "overrides": [{
                "rule_group_name": "BadBots",
                "rules": [{
                    "action": "JSChallenge",
                    "enabled": True,
                    "rule_id": "Bot100200",
                }],
            }],
        },
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/cdn"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-cdn-frontdoor"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "example", &cdn.FrontdoorProfileArgs{
			Name:              pulumi.String("example-profile"),
			ResourceGroupName: example.Name,
			SkuName:           pulumi.String("Premium_AzureFrontDoor"),
		})
		if err != nil {
			return err
		}
		_, err = cdn.NewFrontdoorFirewallPolicy(ctx, "example", &cdn.FrontdoorFirewallPolicyArgs{
			Name:                                 pulumi.String("examplecdnfdwafpolicy"),
			ResourceGroupName:                    example.Name,
			SkuName:                              exampleFrontdoorProfile.SkuName,
			Enabled:                              pulumi.Bool(true),
			Mode:                                 pulumi.String("Prevention"),
			RedirectUrl:                          pulumi.String("https://www.contoso.com"),
			CustomBlockResponseStatusCode:        pulumi.Int(403),
			CustomBlockResponseBody:              pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
			JsChallengeCookieExpirationInMinutes: pulumi.Int(45),
			LogScrubbing: &cdn.FrontdoorFirewallPolicyLogScrubbingArgs{
				Enabled: pulumi.Bool(true),
				ScrubbingRules: cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArray{
					&cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs{
						Enabled:       pulumi.Bool(true),
						MatchVariable: pulumi.String("RequestCookieNames"),
						Operator:      pulumi.String("Equals"),
						Selector:      pulumi.String("ChocolateChip"),
					},
				},
			},
			CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("Rule1"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(1),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("Block"),
					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("10.0.1.0/24"),
								pulumi.String("10.0.0.0/24"),
							},
						},
					},
				},
				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("Rule2"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(50),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("Block"),
					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
							},
						},
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RequestHeader"),
							Selector:          pulumi.String("UserAgent"),
							Operator:          pulumi.String("Contains"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("windows"),
							},
							Transforms: pulumi.StringArray{
								pulumi.String("Lowercase"),
								pulumi.String("Trim"),
							},
						},
					},
				},
				&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
					Name:                       pulumi.String("CustomJSChallenge"),
					Enabled:                    pulumi.Bool(true),
					Priority:                   pulumi.Int(100),
					RateLimitDurationInMinutes: pulumi.Int(1),
					RateLimitThreshold:         pulumi.Int(10),
					Type:                       pulumi.String("MatchRule"),
					Action:                     pulumi.String("JSChallenge"),
					MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
						&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
							MatchVariable:     pulumi.String("RemoteAddr"),
							Operator:          pulumi.String("IPMatch"),
							NegationCondition: pulumi.Bool(false),
							MatchValues: pulumi.StringArray{
								pulumi.String("192.168.1.0/24"),
							},
						},
					},
				},
			},
			ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
				&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
					Type:    pulumi.String("DefaultRuleSet"),
					Version: pulumi.String("1.0"),
					Action:  pulumi.String("Log"),
					Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
							MatchVariable: pulumi.String("QueryStringArgNames"),
							Operator:      pulumi.String("Equals"),
							Selector:      pulumi.String("not_suspicious"),
						},
					},
					Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("PHP"),
							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
									RuleId:  pulumi.String("933100"),
									Enabled: pulumi.Bool(false),
									Action:  pulumi.String("Block"),
								},
							},
						},
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("SQLI"),
							Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
									MatchVariable: pulumi.String("QueryStringArgNames"),
									Operator:      pulumi.String("Equals"),
									Selector:      pulumi.String("really_not_suspicious"),
								},
							},
							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
									RuleId: pulumi.String("942200"),
									Action: pulumi.String("Block"),
									Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
										&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
											MatchVariable: pulumi.String("QueryStringArgNames"),
											Operator:      pulumi.String("Equals"),
											Selector:      pulumi.String("innocent"),
										},
									},
								},
							},
						},
					},
				},
				&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
					Type:    pulumi.String("Microsoft_BotManagerRuleSet"),
					Version: pulumi.String("1.1"),
					Action:  pulumi.String("Log"),
					Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
							RuleGroupName: pulumi.String("BadBots"),
							Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
									Action:  pulumi.String("JSChallenge"),
									Enabled: pulumi.Bool(true),
									RuleId:  pulumi.String("Bot100200"),
								},
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-cdn-frontdoor",
        Location = "West Europe",
    });

    var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("example", new()
    {
        Name = "example-profile",
        ResourceGroupName = example.Name,
        SkuName = "Premium_AzureFrontDoor",
    });

    var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("example", new()
    {
        Name = "examplecdnfdwafpolicy",
        ResourceGroupName = example.Name,
        SkuName = exampleFrontdoorProfile.SkuName,
        Enabled = true,
        Mode = "Prevention",
        RedirectUrl = "https://www.contoso.com",
        CustomBlockResponseStatusCode = 403,
        CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        JsChallengeCookieExpirationInMinutes = 45,
        LogScrubbing = new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingArgs
        {
            Enabled = true,
            ScrubbingRules = new[]
            {
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs
                {
                    Enabled = true,
                    MatchVariable = "RequestCookieNames",
                    Operator = "Equals",
                    Selector = "ChocolateChip",
                },
            },
        },
        CustomRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
            {
                Name = "Rule1",
                Enabled = true,
                Priority = 1,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "Block",
                MatchConditions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "10.0.1.0/24",
                            "10.0.0.0/24",
                        },
                    },
                },
            },
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
            {
                Name = "Rule2",
                Enabled = true,
                Priority = 50,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "Block",
                MatchConditions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                        },
                    },
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RequestHeader",
                        Selector = "UserAgent",
                        Operator = "Contains",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "windows",
                        },
                        Transforms = new[]
                        {
                            "Lowercase",
                            "Trim",
                        },
                    },
                },
            },
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
            {
                Name = "CustomJSChallenge",
                Enabled = true,
                Priority = 100,
                RateLimitDurationInMinutes = 1,
                RateLimitThreshold = 10,
                Type = "MatchRule",
                Action = "JSChallenge",
                MatchConditions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                    {
                        MatchVariable = "RemoteAddr",
                        Operator = "IPMatch",
                        NegationCondition = false,
                        MatchValues = new[]
                        {
                            "192.168.1.0/24",
                        },
                    },
                },
            },
        },
        ManagedRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
            {
                Type = "DefaultRuleSet",
                Version = "1.0",
                Action = "Log",
                Exclusions = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
                    {
                        MatchVariable = "QueryStringArgNames",
                        Operator = "Equals",
                        Selector = "not_suspicious",
                    },
                },
                Overrides = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "PHP",
                        Rules = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                RuleId = "933100",
                                Enabled = false,
                                Action = "Block",
                            },
                        },
                    },
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "SQLI",
                        Exclusions = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
                            {
                                MatchVariable = "QueryStringArgNames",
                                Operator = "Equals",
                                Selector = "really_not_suspicious",
                            },
                        },
                        Rules = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                RuleId = "942200",
                                Action = "Block",
                                Exclusions = new[]
                                {
                                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                    {
                                        MatchVariable = "QueryStringArgNames",
                                        Operator = "Equals",
                                        Selector = "innocent",
                                    },
                                },
                            },
                        },
                    },
                },
            },
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
            {
                Type = "Microsoft_BotManagerRuleSet",
                Version = "1.1",
                Action = "Log",
                Overrides = new[]
                {
                    new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                    {
                        RuleGroupName = "BadBots",
                        Rules = new[]
                        {
                            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                            {
                                Action = "JSChallenge",
                                Enabled = true,
                                RuleId = "Bot100200",
                            },
                        },
                    },
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.cdn.FrontdoorProfile;
import com.pulumi.azure.cdn.FrontdoorProfileArgs;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyLogScrubbingArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-cdn-frontdoor")
            .location("West Europe")
            .build());

        var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
            .name("example-profile")
            .resourceGroupName(example.name())
            .skuName("Premium_AzureFrontDoor")
            .build());

        var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
            .name("examplecdnfdwafpolicy")
            .resourceGroupName(example.name())
            .skuName(exampleFrontdoorProfile.skuName())
            .enabled(true)
            .mode("Prevention")
            .redirectUrl("https://www.contoso.com")
            .customBlockResponseStatusCode(403)
            .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
            .jsChallengeCookieExpirationInMinutes(45)
            .logScrubbing(FrontdoorFirewallPolicyLogScrubbingArgs.builder()
                .enabled(true)
                .scrubbingRules(FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs.builder()
                    .enabled(true)
                    .matchVariable("RequestCookieNames")
                    .operator("Equals")
                    .selector("ChocolateChip")
                    .build())
                .build())
            .customRules(            
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("Rule1")
                    .enabled(true)
                    .priority(1)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                        .matchVariable("RemoteAddr")
                        .operator("IPMatch")
                        .negationCondition(false)
                        .matchValues(                        
                            "10.0.1.0/24",
                            "10.0.0.0/24")
                        .build())
                    .build(),
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("Rule2")
                    .enabled(true)
                    .priority(50)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(                    
                        FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RemoteAddr")
                            .operator("IPMatch")
                            .negationCondition(false)
                            .matchValues("192.168.1.0/24")
                            .build(),
                        FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RequestHeader")
                            .selector("UserAgent")
                            .operator("Contains")
                            .negationCondition(false)
                            .matchValues("windows")
                            .transforms(                            
                                "Lowercase",
                                "Trim")
                            .build())
                    .build(),
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("CustomJSChallenge")
                    .enabled(true)
                    .priority(100)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("JSChallenge")
                    .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                        .matchVariable("RemoteAddr")
                        .operator("IPMatch")
                        .negationCondition(false)
                        .matchValues("192.168.1.0/24")
                        .build())
                    .build())
            .managedRules(            
                FrontdoorFirewallPolicyManagedRuleArgs.builder()
                    .type("DefaultRuleSet")
                    .version("1.0")
                    .action("Log")
                    .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
                        .matchVariable("QueryStringArgNames")
                        .operator("Equals")
                        .selector("not_suspicious")
                        .build())
                    .overrides(                    
                        FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("PHP")
                            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("933100")
                                .enabled(false)
                                .action("Block")
                                .build())
                            .build(),
                        FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("SQLI")
                            .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                                .matchVariable("QueryStringArgNames")
                                .operator("Equals")
                                .selector("really_not_suspicious")
                                .build())
                            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("942200")
                                .action("Block")
                                .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                                    .matchVariable("QueryStringArgNames")
                                    .operator("Equals")
                                    .selector("innocent")
                                    .build())
                                .build())
                            .build())
                    .build(),
                FrontdoorFirewallPolicyManagedRuleArgs.builder()
                    .type("Microsoft_BotManagerRuleSet")
                    .version("1.1")
                    .action("Log")
                    .overrides(FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                        .ruleGroupName("BadBots")
                        .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                            .action("JSChallenge")
                            .enabled(true)
                            .ruleId("Bot100200")
                            .build())
                        .build())
                    .build())
            .build());

    }
}
Copy
resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-cdn-frontdoor
      location: West Europe
  exampleFrontdoorProfile:
    type: azure:cdn:FrontdoorProfile
    name: example
    properties:
      name: example-profile
      resourceGroupName: ${example.name}
      skuName: Premium_AzureFrontDoor
  exampleFrontdoorFirewallPolicy:
    type: azure:cdn:FrontdoorFirewallPolicy
    name: example
    properties:
      name: examplecdnfdwafpolicy
      resourceGroupName: ${example.name}
      skuName: ${exampleFrontdoorProfile.skuName}
      enabled: true
      mode: Prevention
      redirectUrl: https://www.contoso.com
      customBlockResponseStatusCode: 403
      customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
      jsChallengeCookieExpirationInMinutes: 45
      logScrubbing:
        enabled: true
        scrubbingRules:
          - enabled: true
            matchVariable: RequestCookieNames
            operator: Equals
            selector: ChocolateChip
      customRules:
        - name: Rule1
          enabled: true
          priority: 1
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: Block
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 10.0.1.0/24
                - 10.0.0.0/24
        - name: Rule2
          enabled: true
          priority: 50
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: Block
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
            - matchVariable: RequestHeader
              selector: UserAgent
              operator: Contains
              negationCondition: false
              matchValues:
                - windows
              transforms:
                - Lowercase
                - Trim
        - name: CustomJSChallenge
          enabled: true
          priority: 100
          rateLimitDurationInMinutes: 1
          rateLimitThreshold: 10
          type: MatchRule
          action: JSChallenge
          matchConditions:
            - matchVariable: RemoteAddr
              operator: IPMatch
              negationCondition: false
              matchValues:
                - 192.168.1.0/24
      managedRules:
        - type: DefaultRuleSet
          version: '1.0'
          action: Log
          exclusions:
            - matchVariable: QueryStringArgNames
              operator: Equals
              selector: not_suspicious
          overrides:
            - ruleGroupName: PHP
              rules:
                - ruleId: '933100'
                  enabled: false
                  action: Block
            - ruleGroupName: SQLI
              exclusions:
                - matchVariable: QueryStringArgNames
                  operator: Equals
                  selector: really_not_suspicious
              rules:
                - ruleId: '942200'
                  action: Block
                  exclusions:
                    - matchVariable: QueryStringArgNames
                      operator: Equals
                      selector: innocent
        - type: Microsoft_BotManagerRuleSet
          version: '1.1'
          action: Log
          overrides:
            - ruleGroupName: BadBots
              rules:
                - action: JSChallenge
                  enabled: true
                  ruleId: Bot100200
Copy

scrubbing_rule Examples:

The following table shows examples of scrubbing_rule’s that can be used to protect sensitive data:

Match VariableOperatorSelectorWhat Gets Scrubbed
RequestHeaderNamesEqualskeyToBlock{“matchVariableName”:“HeaderValue:keyToBlock”,“matchVariableValue”:"****"}
RequestCookieNamesEqualscookieToBlock{“matchVariableName”:“CookieValue:cookieToBlock”,“matchVariableValue”:"****"}
RequestBodyPostArgNamesEqualsvar{“matchVariableName”:“PostParamValue:var”,“matchVariableValue”:"****"}
RequestBodyJsonArgNamesEqualsJsonValue{“matchVariableName”:“JsonValue:key”,“matchVariableValue”:"****"}
QueryStringArgNamesEqualsfoo{“matchVariableName”:“QueryParamValue:foo”,“matchVariableValue”:"****"}
RequestIPAddressEquals AnyNot Supported{“matchVariableName”:“ClientIP”,“matchVariableValue”:"****"}
RequestUriEquals AnyNot Supported{“matchVariableName”:“URI”,“matchVariableValue”:"****"}

Create FrontdoorFirewallPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FrontdoorFirewallPolicy(name: string, args: FrontdoorFirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FrontdoorFirewallPolicy(resource_name: str,
                            args: FrontdoorFirewallPolicyArgs,
                            opts: Optional[ResourceOptions] = None)

@overload
def FrontdoorFirewallPolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            mode: Optional[str] = None,
                            sku_name: Optional[str] = None,
                            resource_group_name: Optional[str] = None,
                            managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
                            js_challenge_cookie_expiration_in_minutes: Optional[int] = None,
                            log_scrubbing: Optional[FrontdoorFirewallPolicyLogScrubbingArgs] = None,
                            custom_block_response_body: Optional[str] = None,
                            enabled: Optional[bool] = None,
                            name: Optional[str] = None,
                            redirect_url: Optional[str] = None,
                            request_body_check_enabled: Optional[bool] = None,
                            custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
                            custom_block_response_status_code: Optional[int] = None,
                            tags: Optional[Mapping[str, str]] = None)
func NewFrontdoorFirewallPolicy(ctx *Context, name string, args FrontdoorFirewallPolicyArgs, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
public FrontdoorFirewallPolicy(string name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args)
public FrontdoorFirewallPolicy(String name, FrontdoorFirewallPolicyArgs args, CustomResourceOptions options)
type: azure:cdn:FrontdoorFirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FrontdoorFirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FrontdoorFirewallPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var frontdoorFirewallPolicyResource = new Azure.Cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", new()
{
    Mode = "string",
    SkuName = "string",
    ResourceGroupName = "string",
    ManagedRules = new[]
    {
        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
        {
            Action = "string",
            Type = "string",
            Version = "string",
            Exclusions = new[]
            {
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
                {
                    MatchVariable = "string",
                    Operator = "string",
                    Selector = "string",
                },
            },
            Overrides = new[]
            {
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
                {
                    RuleGroupName = "string",
                    Exclusions = new[]
                    {
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
                        {
                            MatchVariable = "string",
                            Operator = "string",
                            Selector = "string",
                        },
                    },
                    Rules = new[]
                    {
                        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
                        {
                            Action = "string",
                            RuleId = "string",
                            Enabled = false,
                            Exclusions = new[]
                            {
                                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                {
                                    MatchVariable = "string",
                                    Operator = "string",
                                    Selector = "string",
                                },
                            },
                        },
                    },
                },
            },
        },
    },
    JsChallengeCookieExpirationInMinutes = 0,
    LogScrubbing = new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingArgs
    {
        ScrubbingRules = new[]
        {
            new Azure.Cdn.Inputs.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs
            {
                MatchVariable = "string",
                Enabled = false,
                Operator = "string",
                Selector = "string",
            },
        },
        Enabled = false,
    },
    CustomBlockResponseBody = "string",
    Enabled = false,
    Name = "string",
    RedirectUrl = "string",
    RequestBodyCheckEnabled = false,
    CustomRules = new[]
    {
        new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
        {
            Action = "string",
            Name = "string",
            Type = "string",
            Enabled = false,
            MatchConditions = new[]
            {
                new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
                {
                    MatchValues = new[]
                    {
                        "string",
                    },
                    MatchVariable = "string",
                    Operator = "string",
                    NegationCondition = false,
                    Selector = "string",
                    Transforms = new[]
                    {
                        "string",
                    },
                },
            },
            Priority = 0,
            RateLimitDurationInMinutes = 0,
            RateLimitThreshold = 0,
        },
    },
    CustomBlockResponseStatusCode = 0,
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := cdn.NewFrontdoorFirewallPolicy(ctx, "frontdoorFirewallPolicyResource", &cdn.FrontdoorFirewallPolicyArgs{
	Mode:              pulumi.String("string"),
	SkuName:           pulumi.String("string"),
	ResourceGroupName: pulumi.String("string"),
	ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
		&cdn.FrontdoorFirewallPolicyManagedRuleArgs{
			Action:  pulumi.String("string"),
			Type:    pulumi.String("string"),
			Version: pulumi.String("string"),
			Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
				&cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
					MatchVariable: pulumi.String("string"),
					Operator:      pulumi.String("string"),
					Selector:      pulumi.String("string"),
				},
			},
			Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
				&cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
					RuleGroupName: pulumi.String("string"),
					Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
							MatchVariable: pulumi.String("string"),
							Operator:      pulumi.String("string"),
							Selector:      pulumi.String("string"),
						},
					},
					Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
						&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
							Action:  pulumi.String("string"),
							RuleId:  pulumi.String("string"),
							Enabled: pulumi.Bool(false),
							Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
								&cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
									MatchVariable: pulumi.String("string"),
									Operator:      pulumi.String("string"),
									Selector:      pulumi.String("string"),
								},
							},
						},
					},
				},
			},
		},
	},
	JsChallengeCookieExpirationInMinutes: pulumi.Int(0),
	LogScrubbing: &cdn.FrontdoorFirewallPolicyLogScrubbingArgs{
		ScrubbingRules: cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArray{
			&cdn.FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs{
				MatchVariable: pulumi.String("string"),
				Enabled:       pulumi.Bool(false),
				Operator:      pulumi.String("string"),
				Selector:      pulumi.String("string"),
			},
		},
		Enabled: pulumi.Bool(false),
	},
	CustomBlockResponseBody: pulumi.String("string"),
	Enabled:                 pulumi.Bool(false),
	Name:                    pulumi.String("string"),
	RedirectUrl:             pulumi.String("string"),
	RequestBodyCheckEnabled: pulumi.Bool(false),
	CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
		&cdn.FrontdoorFirewallPolicyCustomRuleArgs{
			Action:  pulumi.String("string"),
			Name:    pulumi.String("string"),
			Type:    pulumi.String("string"),
			Enabled: pulumi.Bool(false),
			MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
				&cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
					MatchValues: pulumi.StringArray{
						pulumi.String("string"),
					},
					MatchVariable:     pulumi.String("string"),
					Operator:          pulumi.String("string"),
					NegationCondition: pulumi.Bool(false),
					Selector:          pulumi.String("string"),
					Transforms: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Priority:                   pulumi.Int(0),
			RateLimitDurationInMinutes: pulumi.Int(0),
			RateLimitThreshold:         pulumi.Int(0),
		},
	},
	CustomBlockResponseStatusCode: pulumi.Int(0),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var frontdoorFirewallPolicyResource = new FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", FrontdoorFirewallPolicyArgs.builder()
    .mode("string")
    .skuName("string")
    .resourceGroupName("string")
    .managedRules(FrontdoorFirewallPolicyManagedRuleArgs.builder()
        .action("string")
        .type("string")
        .version("string")
        .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
            .matchVariable("string")
            .operator("string")
            .selector("string")
            .build())
        .overrides(FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
            .ruleGroupName("string")
            .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                .matchVariable("string")
                .operator("string")
                .selector("string")
                .build())
            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                .action("string")
                .ruleId("string")
                .enabled(false)
                .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                    .matchVariable("string")
                    .operator("string")
                    .selector("string")
                    .build())
                .build())
            .build())
        .build())
    .jsChallengeCookieExpirationInMinutes(0)
    .logScrubbing(FrontdoorFirewallPolicyLogScrubbingArgs.builder()
        .scrubbingRules(FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs.builder()
            .matchVariable("string")
            .enabled(false)
            .operator("string")
            .selector("string")
            .build())
        .enabled(false)
        .build())
    .customBlockResponseBody("string")
    .enabled(false)
    .name("string")
    .redirectUrl("string")
    .requestBodyCheckEnabled(false)
    .customRules(FrontdoorFirewallPolicyCustomRuleArgs.builder()
        .action("string")
        .name("string")
        .type("string")
        .enabled(false)
        .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
            .matchValues("string")
            .matchVariable("string")
            .operator("string")
            .negationCondition(false)
            .selector("string")
            .transforms("string")
            .build())
        .priority(0)
        .rateLimitDurationInMinutes(0)
        .rateLimitThreshold(0)
        .build())
    .customBlockResponseStatusCode(0)
    .tags(Map.of("string", "string"))
    .build());
Copy
frontdoor_firewall_policy_resource = azure.cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource",
    mode="string",
    sku_name="string",
    resource_group_name="string",
    managed_rules=[{
        "action": "string",
        "type": "string",
        "version": "string",
        "exclusions": [{
            "match_variable": "string",
            "operator": "string",
            "selector": "string",
        }],
        "overrides": [{
            "rule_group_name": "string",
            "exclusions": [{
                "match_variable": "string",
                "operator": "string",
                "selector": "string",
            }],
            "rules": [{
                "action": "string",
                "rule_id": "string",
                "enabled": False,
                "exclusions": [{
                    "match_variable": "string",
                    "operator": "string",
                    "selector": "string",
                }],
            }],
        }],
    }],
    js_challenge_cookie_expiration_in_minutes=0,
    log_scrubbing={
        "scrubbing_rules": [{
            "match_variable": "string",
            "enabled": False,
            "operator": "string",
            "selector": "string",
        }],
        "enabled": False,
    },
    custom_block_response_body="string",
    enabled=False,
    name="string",
    redirect_url="string",
    request_body_check_enabled=False,
    custom_rules=[{
        "action": "string",
        "name": "string",
        "type": "string",
        "enabled": False,
        "match_conditions": [{
            "match_values": ["string"],
            "match_variable": "string",
            "operator": "string",
            "negation_condition": False,
            "selector": "string",
            "transforms": ["string"],
        }],
        "priority": 0,
        "rate_limit_duration_in_minutes": 0,
        "rate_limit_threshold": 0,
    }],
    custom_block_response_status_code=0,
    tags={
        "string": "string",
    })
Copy
const frontdoorFirewallPolicyResource = new azure.cdn.FrontdoorFirewallPolicy("frontdoorFirewallPolicyResource", {
    mode: "string",
    skuName: "string",
    resourceGroupName: "string",
    managedRules: [{
        action: "string",
        type: "string",
        version: "string",
        exclusions: [{
            matchVariable: "string",
            operator: "string",
            selector: "string",
        }],
        overrides: [{
            ruleGroupName: "string",
            exclusions: [{
                matchVariable: "string",
                operator: "string",
                selector: "string",
            }],
            rules: [{
                action: "string",
                ruleId: "string",
                enabled: false,
                exclusions: [{
                    matchVariable: "string",
                    operator: "string",
                    selector: "string",
                }],
            }],
        }],
    }],
    jsChallengeCookieExpirationInMinutes: 0,
    logScrubbing: {
        scrubbingRules: [{
            matchVariable: "string",
            enabled: false,
            operator: "string",
            selector: "string",
        }],
        enabled: false,
    },
    customBlockResponseBody: "string",
    enabled: false,
    name: "string",
    redirectUrl: "string",
    requestBodyCheckEnabled: false,
    customRules: [{
        action: "string",
        name: "string",
        type: "string",
        enabled: false,
        matchConditions: [{
            matchValues: ["string"],
            matchVariable: "string",
            operator: "string",
            negationCondition: false,
            selector: "string",
            transforms: ["string"],
        }],
        priority: 0,
        rateLimitDurationInMinutes: 0,
        rateLimitThreshold: 0,
    }],
    customBlockResponseStatusCode: 0,
    tags: {
        string: "string",
    },
});
Copy
type: azure:cdn:FrontdoorFirewallPolicy
properties:
    customBlockResponseBody: string
    customBlockResponseStatusCode: 0
    customRules:
        - action: string
          enabled: false
          matchConditions:
            - matchValues:
                - string
              matchVariable: string
              negationCondition: false
              operator: string
              selector: string
              transforms:
                - string
          name: string
          priority: 0
          rateLimitDurationInMinutes: 0
          rateLimitThreshold: 0
          type: string
    enabled: false
    jsChallengeCookieExpirationInMinutes: 0
    logScrubbing:
        enabled: false
        scrubbingRules:
            - enabled: false
              matchVariable: string
              operator: string
              selector: string
    managedRules:
        - action: string
          exclusions:
            - matchVariable: string
              operator: string
              selector: string
          overrides:
            - exclusions:
                - matchVariable: string
                  operator: string
                  selector: string
              ruleGroupName: string
              rules:
                - action: string
                  enabled: false
                  exclusions:
                    - matchVariable: string
                      operator: string
                      selector: string
                  ruleId: string
          type: string
          version: string
    mode: string
    name: string
    redirectUrl: string
    requestBodyCheckEnabled: false
    resourceGroupName: string
    skuName: string
    tags:
        string: string
Copy

FrontdoorFirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FrontdoorFirewallPolicy resource accepts the following input properties:

Mode This property is required. string
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group. Changing this forces a new resource to be created.
SkuName
This property is required.
Changes to this property will trigger replacement.
string

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

CustomBlockResponseBody string
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules List<FrontdoorFirewallPolicyCustomRule>
One or more custom_rule blocks as defined below.
Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to true.
JsChallengeCookieExpirationInMinutes int

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

LogScrubbing FrontdoorFirewallPolicyLogScrubbing

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ManagedRules List<FrontdoorFirewallPolicyManagedRule>
One or more managed_rule blocks as defined below.
Name Changes to this property will trigger replacement. string
The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string
If action type is redirect, this field represents redirect URL for the client.
RequestBodyCheckEnabled bool

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

Tags Dictionary<string, string>
A mapping of tags to assign to the Front Door Firewall Policy.
Mode This property is required. string
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group. Changing this forces a new resource to be created.
SkuName
This property is required.
Changes to this property will trigger replacement.
string

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

CustomBlockResponseBody string
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules []FrontdoorFirewallPolicyCustomRuleArgs
One or more custom_rule blocks as defined below.
Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to true.
JsChallengeCookieExpirationInMinutes int

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

LogScrubbing FrontdoorFirewallPolicyLogScrubbingArgs

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ManagedRules []FrontdoorFirewallPolicyManagedRuleArgs
One or more managed_rule blocks as defined below.
Name Changes to this property will trigger replacement. string
The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string
If action type is redirect, this field represents redirect URL for the client.
RequestBodyCheckEnabled bool

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

Tags map[string]string
A mapping of tags to assign to the Front Door Firewall Policy.
mode This property is required. String
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group. Changing this forces a new resource to be created.
skuName
This property is required.
Changes to this property will trigger replacement.
String

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

customBlockResponseBody String
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Integer
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<FrontdoorFirewallPolicyCustomRule>
One or more custom_rule blocks as defined below.
enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to true.
jsChallengeCookieExpirationInMinutes Integer

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

logScrubbing FrontdoorFirewallPolicyLogScrubbing

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managedRules List<FrontdoorFirewallPolicyManagedRule>
One or more managed_rule blocks as defined below.
name Changes to this property will trigger replacement. String
The name of the policy. Changing this forces a new resource to be created.
redirectUrl String
If action type is redirect, this field represents redirect URL for the client.
requestBodyCheckEnabled Boolean

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

tags Map<String,String>
A mapping of tags to assign to the Front Door Firewall Policy.
mode This property is required. string
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group. Changing this forces a new resource to be created.
skuName
This property is required.
Changes to this property will trigger replacement.
string

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

customBlockResponseBody string
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode number
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules FrontdoorFirewallPolicyCustomRule[]
One or more custom_rule blocks as defined below.
enabled boolean
Is the Front Door Firewall Policy enabled? Defaults to true.
jsChallengeCookieExpirationInMinutes number

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

logScrubbing FrontdoorFirewallPolicyLogScrubbing

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managedRules FrontdoorFirewallPolicyManagedRule[]
One or more managed_rule blocks as defined below.
name Changes to this property will trigger replacement. string
The name of the policy. Changing this forces a new resource to be created.
redirectUrl string
If action type is redirect, this field represents redirect URL for the client.
requestBodyCheckEnabled boolean

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

tags {[key: string]: string}
A mapping of tags to assign to the Front Door Firewall Policy.
mode This property is required. str
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
resource_group_name
This property is required.
Changes to this property will trigger replacement.
str
The name of the resource group. Changing this forces a new resource to be created.
sku_name
This property is required.
Changes to this property will trigger replacement.
str

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

custom_block_response_body str
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
custom_block_response_status_code int
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
custom_rules Sequence[FrontdoorFirewallPolicyCustomRuleArgs]
One or more custom_rule blocks as defined below.
enabled bool
Is the Front Door Firewall Policy enabled? Defaults to true.
js_challenge_cookie_expiration_in_minutes int

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

log_scrubbing FrontdoorFirewallPolicyLogScrubbingArgs

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managed_rules Sequence[FrontdoorFirewallPolicyManagedRuleArgs]
One or more managed_rule blocks as defined below.
name Changes to this property will trigger replacement. str
The name of the policy. Changing this forces a new resource to be created.
redirect_url str
If action type is redirect, this field represents redirect URL for the client.
request_body_check_enabled bool

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

tags Mapping[str, str]
A mapping of tags to assign to the Front Door Firewall Policy.
mode This property is required. String
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group. Changing this forces a new resource to be created.
skuName
This property is required.
Changes to this property will trigger replacement.
String

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

customBlockResponseBody String
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Number
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<Property Map>
One or more custom_rule blocks as defined below.
enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to true.
jsChallengeCookieExpirationInMinutes Number

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

logScrubbing Property Map

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managedRules List<Property Map>
One or more managed_rule blocks as defined below.
name Changes to this property will trigger replacement. String
The name of the policy. Changing this forces a new resource to be created.
redirectUrl String
If action type is redirect, this field represents redirect URL for the client.
requestBodyCheckEnabled Boolean

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

tags Map<String>
A mapping of tags to assign to the Front Door Firewall Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the FrontdoorFirewallPolicy resource produces the following output properties:

FrontendEndpointIds List<string>
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
Id string
The provider-assigned unique ID for this managed resource.
FrontendEndpointIds []string
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
Id string
The provider-assigned unique ID for this managed resource.
frontendEndpointIds List<String>
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
id String
The provider-assigned unique ID for this managed resource.
frontendEndpointIds string[]
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
id string
The provider-assigned unique ID for this managed resource.
frontend_endpoint_ids Sequence[str]
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
id str
The provider-assigned unique ID for this managed resource.
frontendEndpointIds List<String>
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing FrontdoorFirewallPolicy Resource

Get an existing FrontdoorFirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FrontdoorFirewallPolicyState, opts?: CustomResourceOptions): FrontdoorFirewallPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        custom_block_response_body: Optional[str] = None,
        custom_block_response_status_code: Optional[int] = None,
        custom_rules: Optional[Sequence[FrontdoorFirewallPolicyCustomRuleArgs]] = None,
        enabled: Optional[bool] = None,
        frontend_endpoint_ids: Optional[Sequence[str]] = None,
        js_challenge_cookie_expiration_in_minutes: Optional[int] = None,
        log_scrubbing: Optional[FrontdoorFirewallPolicyLogScrubbingArgs] = None,
        managed_rules: Optional[Sequence[FrontdoorFirewallPolicyManagedRuleArgs]] = None,
        mode: Optional[str] = None,
        name: Optional[str] = None,
        redirect_url: Optional[str] = None,
        request_body_check_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        sku_name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None) -> FrontdoorFirewallPolicy
func GetFrontdoorFirewallPolicy(ctx *Context, name string, id IDInput, state *FrontdoorFirewallPolicyState, opts ...ResourceOption) (*FrontdoorFirewallPolicy, error)
public static FrontdoorFirewallPolicy Get(string name, Input<string> id, FrontdoorFirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FrontdoorFirewallPolicy get(String name, Output<String> id, FrontdoorFirewallPolicyState state, CustomResourceOptions options)
resources:  _:    type: azure:cdn:FrontdoorFirewallPolicy    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CustomBlockResponseBody string
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules List<FrontdoorFirewallPolicyCustomRule>
One or more custom_rule blocks as defined below.
Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to true.
FrontendEndpointIds List<string>
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
JsChallengeCookieExpirationInMinutes int

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

LogScrubbing FrontdoorFirewallPolicyLogScrubbing

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ManagedRules List<FrontdoorFirewallPolicyManagedRule>
One or more managed_rule blocks as defined below.
Mode string
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
Name Changes to this property will trigger replacement. string
The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string
If action type is redirect, this field represents redirect URL for the client.
RequestBodyCheckEnabled bool

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

ResourceGroupName Changes to this property will trigger replacement. string
The name of the resource group. Changing this forces a new resource to be created.
SkuName Changes to this property will trigger replacement. string

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

Tags Dictionary<string, string>
A mapping of tags to assign to the Front Door Firewall Policy.
CustomBlockResponseBody string
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules []FrontdoorFirewallPolicyCustomRuleArgs
One or more custom_rule blocks as defined below.
Enabled bool
Is the Front Door Firewall Policy enabled? Defaults to true.
FrontendEndpointIds []string
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
JsChallengeCookieExpirationInMinutes int

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

LogScrubbing FrontdoorFirewallPolicyLogScrubbingArgs

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ManagedRules []FrontdoorFirewallPolicyManagedRuleArgs
One or more managed_rule blocks as defined below.
Mode string
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
Name Changes to this property will trigger replacement. string
The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string
If action type is redirect, this field represents redirect URL for the client.
RequestBodyCheckEnabled bool

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

ResourceGroupName Changes to this property will trigger replacement. string
The name of the resource group. Changing this forces a new resource to be created.
SkuName Changes to this property will trigger replacement. string

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

Tags map[string]string
A mapping of tags to assign to the Front Door Firewall Policy.
customBlockResponseBody String
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Integer
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<FrontdoorFirewallPolicyCustomRule>
One or more custom_rule blocks as defined below.
enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to true.
frontendEndpointIds List<String>
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
jsChallengeCookieExpirationInMinutes Integer

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

logScrubbing FrontdoorFirewallPolicyLogScrubbing

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managedRules List<FrontdoorFirewallPolicyManagedRule>
One or more managed_rule blocks as defined below.
mode String
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
name Changes to this property will trigger replacement. String
The name of the policy. Changing this forces a new resource to be created.
redirectUrl String
If action type is redirect, this field represents redirect URL for the client.
requestBodyCheckEnabled Boolean

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

resourceGroupName Changes to this property will trigger replacement. String
The name of the resource group. Changing this forces a new resource to be created.
skuName Changes to this property will trigger replacement. String

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

tags Map<String,String>
A mapping of tags to assign to the Front Door Firewall Policy.
customBlockResponseBody string
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode number
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules FrontdoorFirewallPolicyCustomRule[]
One or more custom_rule blocks as defined below.
enabled boolean
Is the Front Door Firewall Policy enabled? Defaults to true.
frontendEndpointIds string[]
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
jsChallengeCookieExpirationInMinutes number

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

logScrubbing FrontdoorFirewallPolicyLogScrubbing

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managedRules FrontdoorFirewallPolicyManagedRule[]
One or more managed_rule blocks as defined below.
mode string
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
name Changes to this property will trigger replacement. string
The name of the policy. Changing this forces a new resource to be created.
redirectUrl string
If action type is redirect, this field represents redirect URL for the client.
requestBodyCheckEnabled boolean

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

resourceGroupName Changes to this property will trigger replacement. string
The name of the resource group. Changing this forces a new resource to be created.
skuName Changes to this property will trigger replacement. string

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

tags {[key: string]: string}
A mapping of tags to assign to the Front Door Firewall Policy.
custom_block_response_body str
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
custom_block_response_status_code int
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
custom_rules Sequence[FrontdoorFirewallPolicyCustomRuleArgs]
One or more custom_rule blocks as defined below.
enabled bool
Is the Front Door Firewall Policy enabled? Defaults to true.
frontend_endpoint_ids Sequence[str]
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
js_challenge_cookie_expiration_in_minutes int

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

log_scrubbing FrontdoorFirewallPolicyLogScrubbingArgs

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managed_rules Sequence[FrontdoorFirewallPolicyManagedRuleArgs]
One or more managed_rule blocks as defined below.
mode str
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
name Changes to this property will trigger replacement. str
The name of the policy. Changing this forces a new resource to be created.
redirect_url str
If action type is redirect, this field represents redirect URL for the client.
request_body_check_enabled bool

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

resource_group_name Changes to this property will trigger replacement. str
The name of the resource group. Changing this forces a new resource to be created.
sku_name Changes to this property will trigger replacement. str

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

tags Mapping[str, str]
A mapping of tags to assign to the Front Door Firewall Policy.
customBlockResponseBody String
If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode Number
If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules List<Property Map>
One or more custom_rule blocks as defined below.
enabled Boolean
Is the Front Door Firewall Policy enabled? Defaults to true.
frontendEndpointIds List<String>
The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.
jsChallengeCookieExpirationInMinutes Number

Specifies the JavaScript challenge cookie lifetime in minutes, after which the user will be revalidated. Possible values are between 5 to 1440 minutes. Defaults to 30 minutes.

Note: The js_challenge_cookie_expiration_in_minutes field can only be set on Premium_AzureFrontDoor sku's. Please see the Product Documentation for more information.

!> Note: Setting thejs_challenge_cookie_expiration_in_minutes policy is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

logScrubbing Property Map

A log_scrubbing block as defined below.

!> Note: Setting thelog_scrubbing block is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

managedRules List<Property Map>
One or more managed_rule blocks as defined below.
mode String
The Front Door Firewall Policy mode. Possible values are Detection, Prevention.
name Changes to this property will trigger replacement. String
The name of the policy. Changing this forces a new resource to be created.
redirectUrl String
If action type is redirect, this field represents redirect URL for the client.
requestBodyCheckEnabled Boolean

Should policy managed rules inspect the request body content? Defaults to true.

Note: When run in Detection mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.

resourceGroupName Changes to this property will trigger replacement. String
The name of the resource group. Changing this forces a new resource to be created.
skuName Changes to this property will trigger replacement. String

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.

Note: The Standard_AzureFrontDoor Front Door Firewall Policy sku may contain custom rules only. The Premium_AzureFrontDoor Front Door Firewall Policy sku's may contain both custom and managed rules.

tags Map<String>
A mapping of tags to assign to the Front Door Firewall Policy.

Supporting Types

FrontdoorFirewallPolicyCustomRule
, FrontdoorFirewallPolicyCustomRuleArgs

Action This property is required. string

The action to perform when the rule is matched. Possible values are Allow, Block, Log, Redirect, or JSChallenge.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Name This property is required. string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
Type This property is required. string
The type of rule. Possible values are MatchRule or RateLimitRule.
Enabled bool
Is the rule is enabled or disabled? Defaults to true.
MatchConditions List<FrontdoorFirewallPolicyCustomRuleMatchCondition>
One or more match_condition block defined below. Can support up to 10 match_condition blocks.
Priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
RateLimitDurationInMinutes int
The rate limit duration in minutes. Defaults to 1.
RateLimitThreshold int
The rate limit threshold. Defaults to 10.
Action This property is required. string

The action to perform when the rule is matched. Possible values are Allow, Block, Log, Redirect, or JSChallenge.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Name This property is required. string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
Type This property is required. string
The type of rule. Possible values are MatchRule or RateLimitRule.
Enabled bool
Is the rule is enabled or disabled? Defaults to true.
MatchConditions []FrontdoorFirewallPolicyCustomRuleMatchCondition
One or more match_condition block defined below. Can support up to 10 match_condition blocks.
Priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
RateLimitDurationInMinutes int
The rate limit duration in minutes. Defaults to 1.
RateLimitThreshold int
The rate limit threshold. Defaults to 10.
action This property is required. String

The action to perform when the rule is matched. Possible values are Allow, Block, Log, Redirect, or JSChallenge.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

name This property is required. String
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type This property is required. String
The type of rule. Possible values are MatchRule or RateLimitRule.
enabled Boolean
Is the rule is enabled or disabled? Defaults to true.
matchConditions List<FrontdoorFirewallPolicyCustomRuleMatchCondition>
One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority Integer
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes Integer
The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold Integer
The rate limit threshold. Defaults to 10.
action This property is required. string

The action to perform when the rule is matched. Possible values are Allow, Block, Log, Redirect, or JSChallenge.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

name This property is required. string
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type This property is required. string
The type of rule. Possible values are MatchRule or RateLimitRule.
enabled boolean
Is the rule is enabled or disabled? Defaults to true.
matchConditions FrontdoorFirewallPolicyCustomRuleMatchCondition[]
One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority number
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes number
The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold number
The rate limit threshold. Defaults to 10.
action This property is required. str

The action to perform when the rule is matched. Possible values are Allow, Block, Log, Redirect, or JSChallenge.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

name This property is required. str
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type This property is required. str
The type of rule. Possible values are MatchRule or RateLimitRule.
enabled bool
Is the rule is enabled or disabled? Defaults to true.
match_conditions Sequence[FrontdoorFirewallPolicyCustomRuleMatchCondition]
One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority int
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rate_limit_duration_in_minutes int
The rate limit duration in minutes. Defaults to 1.
rate_limit_threshold int
The rate limit threshold. Defaults to 10.
action This property is required. String

The action to perform when the rule is matched. Possible values are Allow, Block, Log, Redirect, or JSChallenge.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

name This property is required. String
Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type This property is required. String
The type of rule. Possible values are MatchRule or RateLimitRule.
enabled Boolean
Is the rule is enabled or disabled? Defaults to true.
matchConditions List<Property Map>
One or more match_condition block defined below. Can support up to 10 match_condition blocks.
priority Number
The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes Number
The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold Number
The rate limit threshold. Defaults to 10.

FrontdoorFirewallPolicyCustomRuleMatchCondition
, FrontdoorFirewallPolicyCustomRuleMatchConditionArgs

MatchValues This property is required. List<string>
Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
MatchVariable This property is required. string
The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
Operator This property is required. string
Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual, or RegEx.
NegationCondition bool
Should the result of the condition be negated.
Selector string
Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader, or Cookies.
Transforms List<string>
Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode, or URLEncode.
MatchValues This property is required. []string
Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
MatchVariable This property is required. string
The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
Operator This property is required. string
Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual, or RegEx.
NegationCondition bool
Should the result of the condition be negated.
Selector string
Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader, or Cookies.
Transforms []string
Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode, or URLEncode.
matchValues This property is required. List<String>
Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
matchVariable This property is required. String
The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator This property is required. String
Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual, or RegEx.
negationCondition Boolean
Should the result of the condition be negated.
selector String
Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader, or Cookies.
transforms List<String>
Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode, or URLEncode.
matchValues This property is required. string[]
Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
matchVariable This property is required. string
The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator This property is required. string
Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual, or RegEx.
negationCondition boolean
Should the result of the condition be negated.
selector string
Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader, or Cookies.
transforms string[]
Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode, or URLEncode.
match_values This property is required. Sequence[str]
Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
match_variable This property is required. str
The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator This property is required. str
Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual, or RegEx.
negation_condition bool
Should the result of the condition be negated.
selector str
Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader, or Cookies.
transforms Sequence[str]
Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode, or URLEncode.
matchValues This property is required. List<String>
Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters in length.
matchVariable This property is required. String
The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
operator This property is required. String
Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual, or RegEx.
negationCondition Boolean
Should the result of the condition be negated.
selector String
Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader, or Cookies.
transforms List<String>
Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode, or URLEncode.

FrontdoorFirewallPolicyLogScrubbing
, FrontdoorFirewallPolicyLogScrubbingArgs

ScrubbingRules This property is required. List<FrontdoorFirewallPolicyLogScrubbingScrubbingRule>

One or more scrubbing_rule blocks as defined below.

Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.

Enabled bool
Is log scrubbing enabled? Possible values are true or false. Defaults to true.
ScrubbingRules This property is required. []FrontdoorFirewallPolicyLogScrubbingScrubbingRule

One or more scrubbing_rule blocks as defined below.

Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.

Enabled bool
Is log scrubbing enabled? Possible values are true or false. Defaults to true.
scrubbingRules This property is required. List<FrontdoorFirewallPolicyLogScrubbingScrubbingRule>

One or more scrubbing_rule blocks as defined below.

Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.

enabled Boolean
Is log scrubbing enabled? Possible values are true or false. Defaults to true.
scrubbingRules This property is required. FrontdoorFirewallPolicyLogScrubbingScrubbingRule[]

One or more scrubbing_rule blocks as defined below.

Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.

enabled boolean
Is log scrubbing enabled? Possible values are true or false. Defaults to true.
scrubbing_rules This property is required. Sequence[FrontdoorFirewallPolicyLogScrubbingScrubbingRule]

One or more scrubbing_rule blocks as defined below.

Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.

enabled bool
Is log scrubbing enabled? Possible values are true or false. Defaults to true.
scrubbingRules This property is required. List<Property Map>

One or more scrubbing_rule blocks as defined below.

Note: For more information on masking sensitive data in Azure Front Door please see the product documentation.

enabled Boolean
Is log scrubbing enabled? Possible values are true or false. Defaults to true.

FrontdoorFirewallPolicyLogScrubbingScrubbingRule
, FrontdoorFirewallPolicyLogScrubbingScrubbingRuleArgs

MatchVariable This property is required. string

The variable to be scrubbed from the logs. Possible values include QueryStringArgNames, RequestBodyJsonArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestIPAddress, or RequestUri.

Note: RequestIPAddress and RequestUri must use the EqualsAny operator.

Enabled bool
Is this scrubbing_rule enabled? Defaults to true.
Operator string
When the match_variable is a collection, operate on the selector to specify which elements in the collection this scrubbing_rule applies to. Possible values are Equals or EqualsAny. Defaults to Equals.
Selector string

When the match_variable is a collection, the operator is used to specify which elements in the collection this scrubbing_rule applies to.

Note: The selector field cannot be set if the operator is set to EqualsAny.

MatchVariable This property is required. string

The variable to be scrubbed from the logs. Possible values include QueryStringArgNames, RequestBodyJsonArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestIPAddress, or RequestUri.

Note: RequestIPAddress and RequestUri must use the EqualsAny operator.

Enabled bool
Is this scrubbing_rule enabled? Defaults to true.
Operator string
When the match_variable is a collection, operate on the selector to specify which elements in the collection this scrubbing_rule applies to. Possible values are Equals or EqualsAny. Defaults to Equals.
Selector string

When the match_variable is a collection, the operator is used to specify which elements in the collection this scrubbing_rule applies to.

Note: The selector field cannot be set if the operator is set to EqualsAny.

matchVariable This property is required. String

The variable to be scrubbed from the logs. Possible values include QueryStringArgNames, RequestBodyJsonArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestIPAddress, or RequestUri.

Note: RequestIPAddress and RequestUri must use the EqualsAny operator.

enabled Boolean
Is this scrubbing_rule enabled? Defaults to true.
operator String
When the match_variable is a collection, operate on the selector to specify which elements in the collection this scrubbing_rule applies to. Possible values are Equals or EqualsAny. Defaults to Equals.
selector String

When the match_variable is a collection, the operator is used to specify which elements in the collection this scrubbing_rule applies to.

Note: The selector field cannot be set if the operator is set to EqualsAny.

matchVariable This property is required. string

The variable to be scrubbed from the logs. Possible values include QueryStringArgNames, RequestBodyJsonArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestIPAddress, or RequestUri.

Note: RequestIPAddress and RequestUri must use the EqualsAny operator.

enabled boolean
Is this scrubbing_rule enabled? Defaults to true.
operator string
When the match_variable is a collection, operate on the selector to specify which elements in the collection this scrubbing_rule applies to. Possible values are Equals or EqualsAny. Defaults to Equals.
selector string

When the match_variable is a collection, the operator is used to specify which elements in the collection this scrubbing_rule applies to.

Note: The selector field cannot be set if the operator is set to EqualsAny.

match_variable This property is required. str

The variable to be scrubbed from the logs. Possible values include QueryStringArgNames, RequestBodyJsonArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestIPAddress, or RequestUri.

Note: RequestIPAddress and RequestUri must use the EqualsAny operator.

enabled bool
Is this scrubbing_rule enabled? Defaults to true.
operator str
When the match_variable is a collection, operate on the selector to specify which elements in the collection this scrubbing_rule applies to. Possible values are Equals or EqualsAny. Defaults to Equals.
selector str

When the match_variable is a collection, the operator is used to specify which elements in the collection this scrubbing_rule applies to.

Note: The selector field cannot be set if the operator is set to EqualsAny.

matchVariable This property is required. String

The variable to be scrubbed from the logs. Possible values include QueryStringArgNames, RequestBodyJsonArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestIPAddress, or RequestUri.

Note: RequestIPAddress and RequestUri must use the EqualsAny operator.

enabled Boolean
Is this scrubbing_rule enabled? Defaults to true.
operator String
When the match_variable is a collection, operate on the selector to specify which elements in the collection this scrubbing_rule applies to. Possible values are Equals or EqualsAny. Defaults to Equals.
selector String

When the match_variable is a collection, the operator is used to specify which elements in the collection this scrubbing_rule applies to.

Note: The selector field cannot be set if the operator is set to EqualsAny.

FrontdoorFirewallPolicyManagedRule
, FrontdoorFirewallPolicyManagedRuleArgs

Action This property is required. string
The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include Allow, Log, Block, or Redirect.
Type This property is required. string
The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection, or Microsoft_BotManagerRuleSet.
Version This property is required. string
The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0, or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the possible values include 1.0 and 1.1.
Exclusions List<FrontdoorFirewallPolicyManagedRuleExclusion>
One or more exclusion blocks as defined below.
Overrides List<FrontdoorFirewallPolicyManagedRuleOverride>
One or more override blocks as defined below.
Action This property is required. string
The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include Allow, Log, Block, or Redirect.
Type This property is required. string
The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection, or Microsoft_BotManagerRuleSet.
Version This property is required. string
The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0, or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the possible values include 1.0 and 1.1.
Exclusions []FrontdoorFirewallPolicyManagedRuleExclusion
One or more exclusion blocks as defined below.
Overrides []FrontdoorFirewallPolicyManagedRuleOverride
One or more override blocks as defined below.
action This property is required. String
The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include Allow, Log, Block, or Redirect.
type This property is required. String
The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection, or Microsoft_BotManagerRuleSet.
version This property is required. String
The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0, or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the possible values include 1.0 and 1.1.
exclusions List<FrontdoorFirewallPolicyManagedRuleExclusion>
One or more exclusion blocks as defined below.
overrides List<FrontdoorFirewallPolicyManagedRuleOverride>
One or more override blocks as defined below.
action This property is required. string
The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include Allow, Log, Block, or Redirect.
type This property is required. string
The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection, or Microsoft_BotManagerRuleSet.
version This property is required. string
The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0, or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the possible values include 1.0 and 1.1.
exclusions FrontdoorFirewallPolicyManagedRuleExclusion[]
One or more exclusion blocks as defined below.
overrides FrontdoorFirewallPolicyManagedRuleOverride[]
One or more override blocks as defined below.
action This property is required. str
The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include Allow, Log, Block, or Redirect.
type This property is required. str
The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection, or Microsoft_BotManagerRuleSet.
version This property is required. str
The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0, or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the possible values include 1.0 and 1.1.
exclusions Sequence[FrontdoorFirewallPolicyManagedRuleExclusion]
One or more exclusion blocks as defined below.
overrides Sequence[FrontdoorFirewallPolicyManagedRuleOverride]
One or more override blocks as defined below.
action This property is required. String
The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include Allow, Log, Block, or Redirect.
type This property is required. String
The name of the managed rule to use with this resource. Possible values include DefaultRuleSet, Microsoft_DefaultRuleSet, BotProtection, or Microsoft_BotManagerRuleSet.
version This property is required. String
The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the DefaultRuleSet type the possible values include 1.0 or preview-0.1. For Microsoft_DefaultRuleSet the possible values include 1.1, 2.0, or 2.1. For BotProtection the value must be preview-0.1 and for Microsoft_BotManagerRuleSet the possible values include 1.0 and 1.1.
exclusions List<Property Map>
One or more exclusion blocks as defined below.
overrides List<Property Map>
One or more override blocks as defined below.

FrontdoorFirewallPolicyManagedRuleExclusion
, FrontdoorFirewallPolicyManagedRuleExclusionArgs

MatchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

Operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
Selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

MatchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

Operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
Selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. String

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

match_variable This property is required. str

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. str

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. String

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

FrontdoorFirewallPolicyManagedRuleOverride
, FrontdoorFirewallPolicyManagedRuleOverrideArgs

RuleGroupName This property is required. string
The managed rule group to override.
Exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideExclusion>
One or more exclusion blocks as defined below.
Rules List<FrontdoorFirewallPolicyManagedRuleOverrideRule>
One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
RuleGroupName This property is required. string
The managed rule group to override.
Exclusions []FrontdoorFirewallPolicyManagedRuleOverrideExclusion
One or more exclusion blocks as defined below.
Rules []FrontdoorFirewallPolicyManagedRuleOverrideRule
One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
ruleGroupName This property is required. String
The managed rule group to override.
exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideExclusion>
One or more exclusion blocks as defined below.
rules List<FrontdoorFirewallPolicyManagedRuleOverrideRule>
One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
ruleGroupName This property is required. string
The managed rule group to override.
exclusions FrontdoorFirewallPolicyManagedRuleOverrideExclusion[]
One or more exclusion blocks as defined below.
rules FrontdoorFirewallPolicyManagedRuleOverrideRule[]
One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
rule_group_name This property is required. str
The managed rule group to override.
exclusions Sequence[FrontdoorFirewallPolicyManagedRuleOverrideExclusion]
One or more exclusion blocks as defined below.
rules Sequence[FrontdoorFirewallPolicyManagedRuleOverrideRule]
One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
ruleGroupName This property is required. String
The managed rule group to override.
exclusions List<Property Map>
One or more exclusion blocks as defined below.
rules List<Property Map>
One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

FrontdoorFirewallPolicyManagedRuleOverrideExclusion
, FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs

MatchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

Operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
Selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

MatchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

Operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
Selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. String

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

match_variable This property is required. str

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. str

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. String

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

FrontdoorFirewallPolicyManagedRuleOverrideRule
, FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs

Action This property is required. string

The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DefaultRuleSet 1.1 and below are Allow, Log, Block, or Redirect. Possible values for DefaultRuleSet 2.0 and above are Log or AnomalyScoring. Possible values for Microsoft_BotManagerRuleSet are Allow, Log, Block, Redirect, or JSChallenge.

Note: Please see the DefaultRuleSet product documentation or the Microsoft_BotManagerRuleSet product documentation for more information.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

RuleId This property is required. string
Identifier for the managed rule.
Enabled bool
Is the managed rule override enabled or disabled. Defaults to false
Exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion>
One or more exclusion blocks as defined below.
Action This property is required. string

The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DefaultRuleSet 1.1 and below are Allow, Log, Block, or Redirect. Possible values for DefaultRuleSet 2.0 and above are Log or AnomalyScoring. Possible values for Microsoft_BotManagerRuleSet are Allow, Log, Block, Redirect, or JSChallenge.

Note: Please see the DefaultRuleSet product documentation or the Microsoft_BotManagerRuleSet product documentation for more information.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

RuleId This property is required. string
Identifier for the managed rule.
Enabled bool
Is the managed rule override enabled or disabled. Defaults to false
Exclusions []FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion
One or more exclusion blocks as defined below.
action This property is required. String

The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DefaultRuleSet 1.1 and below are Allow, Log, Block, or Redirect. Possible values for DefaultRuleSet 2.0 and above are Log or AnomalyScoring. Possible values for Microsoft_BotManagerRuleSet are Allow, Log, Block, Redirect, or JSChallenge.

Note: Please see the DefaultRuleSet product documentation or the Microsoft_BotManagerRuleSet product documentation for more information.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ruleId This property is required. String
Identifier for the managed rule.
enabled Boolean
Is the managed rule override enabled or disabled. Defaults to false
exclusions List<FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion>
One or more exclusion blocks as defined below.
action This property is required. string

The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DefaultRuleSet 1.1 and below are Allow, Log, Block, or Redirect. Possible values for DefaultRuleSet 2.0 and above are Log or AnomalyScoring. Possible values for Microsoft_BotManagerRuleSet are Allow, Log, Block, Redirect, or JSChallenge.

Note: Please see the DefaultRuleSet product documentation or the Microsoft_BotManagerRuleSet product documentation for more information.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ruleId This property is required. string
Identifier for the managed rule.
enabled boolean
Is the managed rule override enabled or disabled. Defaults to false
exclusions FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion[]
One or more exclusion blocks as defined below.
action This property is required. str

The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DefaultRuleSet 1.1 and below are Allow, Log, Block, or Redirect. Possible values for DefaultRuleSet 2.0 and above are Log or AnomalyScoring. Possible values for Microsoft_BotManagerRuleSet are Allow, Log, Block, Redirect, or JSChallenge.

Note: Please see the DefaultRuleSet product documentation or the Microsoft_BotManagerRuleSet product documentation for more information.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

rule_id This property is required. str
Identifier for the managed rule.
enabled bool
Is the managed rule override enabled or disabled. Defaults to false
exclusions Sequence[FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion]
One or more exclusion blocks as defined below.
action This property is required. String

The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values for DefaultRuleSet 1.1 and below are Allow, Log, Block, or Redirect. Possible values for DefaultRuleSet 2.0 and above are Log or AnomalyScoring. Possible values for Microsoft_BotManagerRuleSet are Allow, Log, Block, Redirect, or JSChallenge.

Note: Please see the DefaultRuleSet product documentation or the Microsoft_BotManagerRuleSet product documentation for more information.

!> Note: Setting the action field to JSChallenge is currently in PREVIEW. Please see the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

ruleId This property is required. String
Identifier for the managed rule.
enabled Boolean
Is the managed rule override enabled or disabled. Defaults to false
exclusions List<Property Map>
One or more exclusion blocks as defined below.

FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion
, FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs

MatchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

Operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
Selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

MatchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

Operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
Selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. String

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. string

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. string
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. string

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

match_variable This property is required. str

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. str
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. str

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

matchVariable This property is required. String

The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames, RequestBodyJsonArgNames

Note: RequestBodyJsonArgNames is only available on Default Rule Set (DRS) 2.0 or later

operator This property is required. String
Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, or EqualsAny.
selector This property is required. String

Selector for the value in the match_variable attribute this exclusion applies to.

Note: selector must be set to * if operator is set to EqualsAny.

Import

Front Door Firewall Policies can be imported using the resource id, e.g.

$ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.