FirewallPolicy

Manages an Azure Front Door Web Application Firewall Policy instance.

Create a FirewallPolicy Resource

new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);

def FirewallPolicy(resource_name, opts=None, custom_block_response_body=None, custom_block_response_status_code=None, custom_rules=None, enabled=None, managed_rules=None, mode=None, name=None, redirect_url=None, resource_group_name=None, tags=None, __props__=None);

func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)

public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

FirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The FirewallPolicy resource accepts the following input properties:

ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
CustomBlockResponseBody string: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules List<FirewallPolicyCustomRuleArgs>: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
ManagedRules List<FirewallPolicyManagedRuleArgs>: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
Tags Dictionary<string, string>: A mapping of tags to assign to the Web Application Firewall Policy.

ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
CustomBlockResponseBody string: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules []FirewallPolicyCustomRule: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
ManagedRules []FirewallPolicyManagedRule: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
Tags map[string]string: A mapping of tags to assign to the Web Application Firewall Policy.

resourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
customBlockResponseBody string: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode number: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules FirewallPolicyCustomRule[]: One or more custom_rule blocks as defined below.
enabled boolean: Is the policy a enabled state or disabled state. Defaults to true.
managedRules FirewallPolicyManagedRule[]: One or more managed_rule blocks as defined below.
mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name string: The name of the policy. Changing this forces a new resource to be created.
redirectUrl string: If action type is redirect, this field represents redirect URL for the client.
tags {[key: string]: string}: A mapping of tags to assign to the Web Application Firewall Policy.

resource_group_name str: The name of the resource group. Changing this forces a new resource to be created.
custom_block_response_body str: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
custom_block_response_status_code float: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
custom_rules List[FirewallPolicyCustomRule]: One or more custom_rule blocks as defined below.
enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
managed_rules List[FirewallPolicyManagedRule]: One or more managed_rule blocks as defined below.
mode str: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name str: The name of the policy. Changing this forces a new resource to be created.
redirect_url str: If action type is redirect, this field represents redirect URL for the client.
tags Dict[str, str]: A mapping of tags to assign to the Web Application Firewall Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

FrontendEndpointIds List<string>: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Id string: The provider-assigned unique ID for this managed resource.
Location string: Resource location.

FrontendEndpointIds []string: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Id string: The provider-assigned unique ID for this managed resource.
Location string: Resource location.

frontendEndpointIds string[]: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
id string: The provider-assigned unique ID for this managed resource.
location string: Resource location.

frontend_endpoint_ids List[str]: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
id str: The provider-assigned unique ID for this managed resource.
location str: Resource location.

Look up an Existing FirewallPolicy Resource

Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy

static get(resource_name, id, opts=None, custom_block_response_body=None, custom_block_response_status_code=None, custom_rules=None, enabled=None, frontend_endpoint_ids=None, location=None, managed_rules=None, mode=None, name=None, redirect_url=None, resource_group_name=None, tags=None, __props__=None);

func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)

public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CustomBlockResponseBody string: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules List<FirewallPolicyCustomRuleArgs>: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
FrontendEndpointIds List<string>: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Location string: Resource location.
ManagedRules List<FirewallPolicyManagedRuleArgs>: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the Web Application Firewall Policy.

CustomBlockResponseBody string: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
CustomBlockResponseStatusCode int: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
CustomRules []FirewallPolicyCustomRule: One or more custom_rule blocks as defined below.
Enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
FrontendEndpointIds []string: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
Location string: Resource location.
ManagedRules []FirewallPolicyManagedRule: One or more managed_rule blocks as defined below.
Mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
Name string: The name of the policy. Changing this forces a new resource to be created.
RedirectUrl string: If action type is redirect, this field represents redirect URL for the client.
ResourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the Web Application Firewall Policy.

customBlockResponseBody string: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode number: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
customRules FirewallPolicyCustomRule[]: One or more custom_rule blocks as defined below.
enabled boolean: Is the policy a enabled state or disabled state. Defaults to true.
frontendEndpointIds string[]: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
location string: Resource location.
managedRules FirewallPolicyManagedRule[]: One or more managed_rule blocks as defined below.
mode string: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name string: The name of the policy. Changing this forces a new resource to be created.
redirectUrl string: If action type is redirect, this field represents redirect URL for the client.
resourceGroupName string: The name of the resource group. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the Web Application Firewall Policy.

custom_block_response_body str: If a custom_rule block’s action type is block, this is the response body. The body must be specified in base64 encoding.
custom_block_response_status_code float: If a custom_rule block’s action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
custom_rules List[FirewallPolicyCustomRule]: One or more custom_rule blocks as defined below.
enabled bool: Is the policy a enabled state or disabled state. Defaults to true.
frontend_endpoint_ids List[str]: the Frontend Endpoints associated with this Front Door Web Application Firewall policy.
location str: Resource location.
managed_rules List[FirewallPolicyManagedRule]: One or more managed_rule blocks as defined below.
mode str: The firewall policy mode. Possible values are Detection, Prevention and defaults to Prevention.
name str: The name of the policy. Changing this forces a new resource to be created.
redirect_url str: If action type is redirect, this field represents redirect URL for the client.
resource_group_name str: The name of the resource group. Changing this forces a new resource to be created.
tags Dict[str, str]: A mapping of tags to assign to the Web Application Firewall Policy.

Supporting Types

FirewallPolicyCustomRule

See the input and output API doc for this type.

Action string: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
Name string: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
Type string: The type of rule. Possible values are MatchRule or RateLimitRule.
Enabled bool: Is the rule is enabled or disabled? Defaults to true.
MatchConditions List<FirewallPolicyCustomRuleMatchConditionArgs>: One or more match_condition block defined below.
Priority int: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
RateLimitDurationInMinutes int: The rate limit duration in minutes. Defaults to 1.
RateLimitThreshold int: The rate limit threshold. Defaults to 10.

Action string: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
Name string: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
Type string: The type of rule. Possible values are MatchRule or RateLimitRule.
Enabled bool: Is the rule is enabled or disabled? Defaults to true.
MatchConditions []FirewallPolicyCustomRuleMatchCondition: One or more match_condition block defined below.
Priority int: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
RateLimitDurationInMinutes int: The rate limit duration in minutes. Defaults to 1.
RateLimitThreshold int: The rate limit threshold. Defaults to 10.

action string: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
name string: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type string: The type of rule. Possible values are MatchRule or RateLimitRule.
enabled boolean: Is the rule is enabled or disabled? Defaults to true.
matchConditions FirewallPolicyCustomRuleMatchCondition[]: One or more match_condition block defined below.
priority number: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes number: The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold number: The rate limit threshold. Defaults to 10.

action str: The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
name str: Gets name of the resource that is unique within a policy. This name can be used to access the resource.
type str: The type of rule. Possible values are MatchRule or RateLimitRule.
enabled bool: Is the rule is enabled or disabled? Defaults to true.
matchConditions List[FirewallPolicyCustomRuleMatchCondition]: One or more match_condition block defined below.
priority float: The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
rateLimitDurationInMinutes float: The rate limit duration in minutes. Defaults to 1.
rateLimitThreshold float: The rate limit threshold. Defaults to 10.

FirewallPolicyCustomRuleMatchCondition

See the input and output API doc for this type.

MatchValues List<string>: Up to 100 possible values to match.
MatchVariable string: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, or RequestUri.
Operator string: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
NegationCondition bool: Should the result of the condition be negated.
Selector string: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
Transforms List<string>: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

MatchValues []string: Up to 100 possible values to match.
MatchVariable string: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, or RequestUri.
Operator string: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
NegationCondition bool: Should the result of the condition be negated.
Selector string: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
Transforms []string: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

matchValues string[]: Up to 100 possible values to match.
matchVariable string: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, or RequestUri.
operator string: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
negationCondition boolean: Should the result of the condition be negated.
selector string: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
transforms string[]: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

matchValues List[str]: Up to 100 possible values to match.
matchVariable str: The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, or RequestUri.
operator str: Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
negationCondition bool: Should the result of the condition be negated.
selector str: Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
transforms List[str]: Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

FirewallPolicyManagedRule

See the input and output API doc for this type.

Type string: The name of the managed rule to use with this resource.
Version string: The version on the managed rule to use with this resource.
Exclusions List<FirewallPolicyManagedRuleExclusionArgs>: One or more exclusion blocks as defined below.
Overrides List<FirewallPolicyManagedRuleOverrideArgs>: One or more override blocks as defined below.

Type string: The name of the managed rule to use with this resource.
Version string: The version on the managed rule to use with this resource.
Exclusions []FirewallPolicyManagedRuleExclusion: One or more exclusion blocks as defined below.
Overrides []FirewallPolicyManagedRuleOverride: One or more override blocks as defined below.

type string: The name of the managed rule to use with this resource.
version string: The version on the managed rule to use with this resource.
exclusions FirewallPolicyManagedRuleExclusion[]: One or more exclusion blocks as defined below.
overrides FirewallPolicyManagedRuleOverride[]: One or more override blocks as defined below.

type str: The name of the managed rule to use with this resource.
version str: The version on the managed rule to use with this resource.
exclusions List[FirewallPolicyManagedRuleExclusion]: One or more exclusion blocks as defined below.
overrides List[FirewallPolicyManagedRuleOverride]: One or more override blocks as defined below.

FirewallPolicyManagedRuleExclusion

See the input and output API doc for this type.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable str: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator str: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector str: Selector for the value in the match_variable attribute this exclusion applies to.

FirewallPolicyManagedRuleOverride

See the input and output API doc for this type.

RuleGroupName string: The managed rule group to override.
Exclusions List<FirewallPolicyManagedRuleOverrideExclusionArgs>: One or more exclusion blocks as defined below.
Rules List<FirewallPolicyManagedRuleOverrideRuleArgs>: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

RuleGroupName string: The managed rule group to override.
Exclusions []FirewallPolicyManagedRuleOverrideExclusion: One or more exclusion blocks as defined below.
Rules []FirewallPolicyManagedRuleOverrideRule: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName string: The managed rule group to override.
exclusions FirewallPolicyManagedRuleOverrideExclusion[]: One or more exclusion blocks as defined below.
rules FirewallPolicyManagedRuleOverrideRule[]: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

ruleGroupName str: The managed rule group to override.
exclusions List[FirewallPolicyManagedRuleOverrideExclusion]: One or more exclusion blocks as defined below.
rules List[FirewallPolicyManagedRuleOverrideRule]: One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

FirewallPolicyManagedRuleOverrideExclusion

See the input and output API doc for this type.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable str: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator str: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector str: Selector for the value in the match_variable attribute this exclusion applies to.

FirewallPolicyManagedRuleOverrideRule

See the input and output API doc for this type.

Action string: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
RuleId string: Identifier for the managed rule.
Enabled bool: Is the managed rule override enabled or disabled. Defaults to false
Exclusions List<FirewallPolicyManagedRuleOverrideRuleExclusionArgs>: One or more exclusion blocks as defined below.

Action string: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
RuleId string: Identifier for the managed rule.
Enabled bool: Is the managed rule override enabled or disabled. Defaults to false
Exclusions []FirewallPolicyManagedRuleOverrideRuleExclusion: One or more exclusion blocks as defined below.

action string: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
ruleId string: Identifier for the managed rule.
enabled boolean: Is the managed rule override enabled or disabled. Defaults to false
exclusions FirewallPolicyManagedRuleOverrideRuleExclusion[]: One or more exclusion blocks as defined below.

action str: The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
rule_id str: Identifier for the managed rule.
enabled bool: Is the managed rule override enabled or disabled. Defaults to false
exclusions List[FirewallPolicyManagedRuleOverrideRuleExclusion]: One or more exclusion blocks as defined below.

FirewallPolicyManagedRuleOverrideRuleExclusion

See the input and output API doc for this type.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

MatchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
Operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
Selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable string: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator string: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector string: Selector for the value in the match_variable attribute this exclusion applies to.

matchVariable str: The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
operator str: Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
selector str: Selector for the value in the match_variable attribute this exclusion applies to.

Package Details

Repository: https://github.com/pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

FirewallPolicy

Create a FirewallPolicy Resource

FirewallPolicy Resource Properties

Inputs

Outputs

Look up an Existing FirewallPolicy Resource

Supporting Types

FirewallPolicyCustomRule

FirewallPolicyCustomRuleMatchCondition

FirewallPolicyManagedRule

FirewallPolicyManagedRuleExclusion

FirewallPolicyManagedRuleOverride

FirewallPolicyManagedRuleOverrideExclusion

FirewallPolicyManagedRuleOverrideRule

FirewallPolicyManagedRuleOverrideRuleExclusion

Package Details

On This Page