az network front-door waf-policy

Note

This reference is part of the front-door extension for the Azure CLI (version 2.0.68 or higher). The extension will automatically install the first time you run an az network front-door waf-policy command. Learn more about extensions.

Manage WebApplication Firewall (WAF) policies.

Commands

Name	Description	Type	Status
az network front-door waf-policy create	Create a WAF policy.	Extension	GA
az network front-door waf-policy delete	Delete a WAF policy.	Extension	GA
az network front-door waf-policy list	List WAF policies.	Extension	GA
az network front-door waf-policy managed-rule-definition	Learn about available managed rule sets.	Extension	GA
az network front-door waf-policy managed-rule-definition list	Show a detailed list of available managed rule sets.	Extension	GA
az network front-door waf-policy managed-rules	Change and view managed rule sets associated with your WAF policy.	Extension	GA
az network front-door waf-policy managed-rules add	Add a managed rule set to a WAF policy.	Extension	GA
az network front-door waf-policy managed-rules exclusion	View and alter exclusions on a managed rule set, rule group, or rule within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules exclusion add	Add an exclusion on a managed rule set, rule group, or rule within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules exclusion list	List the exclusions on managed rule set, rule group, or rule within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules exclusion remove	Remove an exclusion on a managed rule set, rule group, or rule within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules list	Show which managed rule sets are applied to a WAF policy.	Extension	GA
az network front-door waf-policy managed-rules override	View and alter overrides on managed rules within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules override add	Add an override on a managed rule within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules override list	List the overrides on managed rules within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules override remove	Remove an override on a managed rule within a managed rule set.	Extension	GA
az network front-door waf-policy managed-rules remove	Remove a managed rule set from a WAF policy.	Extension	GA
az network front-door waf-policy rule	Manage WAF policy custom rules.	Extension	GA
az network front-door waf-policy rule create	Create a WAF policy custom rule. Use --defer and add a rule match-condition.	Extension	GA
az network front-door waf-policy rule delete	Delete a WAF policy custom rule.	Extension	GA
az network front-door waf-policy rule list	List WAF policy custom rules.	Extension	GA
az network front-door waf-policy rule match-condition	Alter match-conditions associated with a WAF policy custom rule.	Extension	GA
az network front-door waf-policy rule match-condition add	Add a match-condition to a WAF policy custom rule.	Extension	GA
az network front-door waf-policy rule match-condition list	Show all match-conditions associated with a WAF policy custom rule.	Extension	GA
az network front-door waf-policy rule match-condition remove	Remove a match-condition from a WAF policy custom rule.	Extension	GA
az network front-door waf-policy rule show	Get the details of a WAF policy custom rule.	Extension	GA
az network front-door waf-policy rule update	Alter the details of a WAF policy custom rule.	Extension	GA
az network front-door waf-policy show	Get the details of a WAF policy.	Extension	GA
az network front-door waf-policy update	Update settings of a WAF policy.	Extension	GA

az network front-door waf-policy create

Create a WAF policy.

az network front-door waf-policy create --name
                                        --resource-group
                                        [--custom-block-response-body]
                                        [--custom-block-response-status-code]
                                        [--disabled {false, true}]
                                        [--mode {Detection, Prevention}]
                                        [--redirect-url]
                                        [--request-body-check {Disabled, Enabled}]
                                        [--sku {Classic_AzureFrontDoor, Premium_AzureFrontDoor, Standard_AzureFrontDoor}]
                                        [--tags]

Required Parameters

--name -n

Name of the WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--custom-block-response-body

Body to return for blocked requests.

--custom-block-response-status-code

HTTP status to return for blocked requests.

--disabled

Create in a disabled state.

accepted values: false, true

default value: False

--mode

Firewall policy mode.

accepted values: Detection, Prevention

--redirect-url

URL used for redirect rule action.

--request-body-check

Disabled or Enabled status. Default value is Disabled.

accepted values: Disabled, Enabled

--sku

SKU of Firewall policy. This field cannot be updated after creation. Default value is Classic_AzureFrontDoor.

accepted values: Classic_AzureFrontDoor, Premium_AzureFrontDoor, Standard_AzureFrontDoor

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network front-door waf-policy delete

Delete a WAF policy.

az network front-door waf-policy delete [--ids]
                                        [--name]
                                        [--resource-group]
                                        [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network front-door waf-policy list

List WAF policies.

az network front-door waf-policy list --resource-group

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network front-door waf-policy show

Get the details of a WAF policy.

az network front-door waf-policy show [--ids]
                                      [--name]
                                      [--resource-group]
                                      [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network front-door waf-policy update

Update settings of a WAF policy.

az network front-door waf-policy update [--add]
                                        [--custom-block-response-body]
                                        [--custom-block-response-status-code]
                                        [--disabled {false, true}]
                                        [--force-string]
                                        [--ids]
                                        [--mode {Detection, Prevention}]
                                        [--name]
                                        [--redirect-url]
                                        [--remove]
                                        [--request-body-check {Disabled, Enabled}]
                                        [--resource-group]
                                        [--set]
                                        [--sku {Classic_AzureFrontDoor, Premium_AzureFrontDoor, Standard_AzureFrontDoor}]
                                        [--subscription]
                                        [--tags]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

default value: []

--custom-block-response-body

Body to return for blocked requests.

--custom-block-response-status-code

HTTP status to return for blocked requests.

--disabled

Create in a disabled state.

accepted values: false, true

default value: False

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--mode

Firewall policy mode.

accepted values: Detection, Prevention

--name -n

Name of the WAF policy.

--redirect-url

URL used for redirect rule action.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

default value: []

--request-body-check

Disabled or Enabled status. Default value is Disabled.

accepted values: Disabled, Enabled

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

default value: []

--sku

SKU of Firewall policy. This field cannot be updated after creation. Default value is Classic_AzureFrontDoor.

accepted values: Classic_AzureFrontDoor, Premium_AzureFrontDoor, Standard_AzureFrontDoor

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.