Module waf
This page documents the language specification for the azure package. If you're looking for help working with the inputs, outputs, or functions of azure resources in a Pulumi program, please see the resource documentation for examples and API reference.
Resources
Others
Resources
Resource Policy
class Policy extends CustomResourceManages a Azure Web Application Firewall Policy instance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West US 2"});
const examplePolicy = new azure.waf.Policy("examplePolicy", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
custom_rules: [
{
name: "Rule1",
priority: 1,
ruleType: "MatchRule",
match_conditions: [{
match_variables: [{
variableName: "RemoteAddr",
}],
operator: "IPMatch",
negationCondition: false,
matchValues: [
"192.168.1.0/24",
"10.0.0.0/24",
],
}],
action: "Block",
},
{
name: "Rule2",
priority: 2,
ruleType: "MatchRule",
match_conditions: [
{
match_variables: [{
variableName: "RemoteAddr",
}],
operator: "IPMatch",
negationCondition: false,
matchValues: ["192.168.1.0/24"],
},
{
match_variables: [{
variableName: "RequestHeaders",
selector: "UserAgent",
}],
operator: "Contains",
negationCondition: false,
matchValues: ["Windows"],
},
],
action: "Block",
},
],
policy_settings: {
enabled: true,
mode: "Prevention",
},
managed_rules: {
exclusion: [
{
matchVariable: "RequestHeaderNames",
selector: "x-company-secret-header",
selectorMatchOperator: "Equals",
},
{
matchVariable: "RequestCookieNames",
selector: "too-tasty",
selectorMatchOperator: "EndsWith",
},
],
managed_rule_set: [{
type: "OWASP",
version: "3.1",
rule_group_override: [{
ruleGroupName: "REQUEST-920-PROTOCOL-ENFORCEMENT",
disabledRules: [
"920300",
"920440",
],
}],
}],
},
});constructor
new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)Create a Policy resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): PolicyGet an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is PolicyReturns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property customRules
public customRules: pulumi.Output<PolicyCustomRule[] | undefined>;One or more customRules blocks as defined below.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property location
public location: pulumi.Output<string>;Resource location. Changing this forces a new resource to be created.
property managedRules
public managedRules: pulumi.Output<PolicyManagedRules>;A managedRules blocks as defined below.
property name
public name: pulumi.Output<string>;The name of the policy. Changing this forces a new resource to be created.
property policySettings
public policySettings: pulumi.Output<PolicyPolicySettings | undefined>;A policySettings block as defined below.
property resourceGroupName
public resourceGroupName: pulumi.Output<string>;The name of the resource group. Changing this forces a new resource to be created.
property tags
public tags: pulumi.Output<{[key: string]: string} | undefined>;A mapping of tags to assign to the Web Application Firewall Policy.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Others
interface PolicyArgs
interface PolicyArgsThe set of arguments for constructing a Policy resource.
property customRules
customRules?: pulumi.Input<pulumi.Input<PolicyCustomRule>[]>;One or more customRules blocks as defined below.
property location
location?: pulumi.Input<string>;Resource location. Changing this forces a new resource to be created.
property managedRules
managedRules: pulumi.Input<PolicyManagedRules>;A managedRules blocks as defined below.
property name
name?: pulumi.Input<string>;The name of the policy. Changing this forces a new resource to be created.
property policySettings
policySettings?: pulumi.Input<PolicyPolicySettings>;A policySettings block as defined below.
property resourceGroupName
resourceGroupName: pulumi.Input<string>;The name of the resource group. Changing this forces a new resource to be created.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A mapping of tags to assign to the Web Application Firewall Policy.
interface PolicyState
interface PolicyStateInput properties used for looking up and filtering Policy resources.
property customRules
customRules?: pulumi.Input<pulumi.Input<PolicyCustomRule>[]>;One or more customRules blocks as defined below.
property location
location?: pulumi.Input<string>;Resource location. Changing this forces a new resource to be created.
property managedRules
managedRules?: pulumi.Input<PolicyManagedRules>;A managedRules blocks as defined below.
property name
name?: pulumi.Input<string>;The name of the policy. Changing this forces a new resource to be created.
property policySettings
policySettings?: pulumi.Input<PolicyPolicySettings>;A policySettings block as defined below.
property resourceGroupName
resourceGroupName?: pulumi.Input<string>;The name of the resource group. Changing this forces a new resource to be created.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A mapping of tags to assign to the Web Application Firewall Policy.