Share via


az network application-gateway waf-policy custom-rule

Manage application gateway web application firewall (WAF) policy custom rules.

Commands

Name Description Type Status
az network application-gateway waf-policy custom-rule create

Create an application gateway WAF policy custom rule.

Core GA
az network application-gateway waf-policy custom-rule delete

Delete an application gateway WAF policy custom rule.

Core GA
az network application-gateway waf-policy custom-rule list

List application gateway WAF policy custom rules.

Core GA
az network application-gateway waf-policy custom-rule match-condition

Manage match conditions in an application gateway web application firewall (WAF) policy custom rule.

Core GA
az network application-gateway waf-policy custom-rule match-condition add

Add a match condition to an application gateway WAF policy custom rule.

Core GA
az network application-gateway waf-policy custom-rule match-condition list

List application gateway WAF policy custom rule match conditions.

Core GA
az network application-gateway waf-policy custom-rule match-condition remove

Remove a match condition from an application gateway WAF policy custom rule.

Core GA
az network application-gateway waf-policy custom-rule show

Get the details of an application gateway WAF policy custom rule.

Core GA
az network application-gateway waf-policy custom-rule update

Update an application gateway WAF policy custom rule.

Core GA

az network application-gateway waf-policy custom-rule create

Create an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule create --action {Allow, Block, JSChallenge, Log}
                                                             --name
                                                             --policy-name
                                                             --priority
                                                             --resource-group
                                                             --rule-type {Invalid, MatchRule, RateLimitRule}
                                                             [--group-by-user-session]
                                                             [--match-conditions]
                                                             [--rate-limit-duration {FiveMins, OneMin}]
                                                             [--rate-limit-threshold]
                                                             [--state {Disabled, Enabled}]

Examples

Create an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule create --action Allow --name MyWafPolicyRule --policy-name MyPolicy --priority 500 --resource-group MyResourceGroup --rule-type MatchRule

Create an application gateway WAF policy custom rule with user session identifier.

az network application-gateway waf-policy custom-rule create -g MyResourceGroup --policy-name MyPolicy -n MyRule --priority 3 --action Block --rule-type RateLimitRule --rate-limit-duration FiveMins --rate-limit-threshold 15 --group-by-user-session "[{group-by-variables:[{variable-name:GeoLocation}]}]"

Required Parameters

--action

Action to take.

Accepted values: Allow, Block, JSChallenge, Log
--name -n

Name of the WAF policy rule.

--policy-name

Name of the application gateway WAF policy.

--priority

Rule priority. Lower values are evaluated prior to higher values.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-type

Type of rule.

Accepted values: Invalid, MatchRule, RateLimitRule

Optional Parameters

--group-by-user-session

List of user session identifier group by clauses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--match-conditions

List of match conditions. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Default value: []
--rate-limit-duration

Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

Accepted values: FiveMins, OneMin
--rate-limit-threshold

Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1.

--state

Describe if the custom rule is in enabled or disabled state.

Accepted values: Disabled, Enabled
Default value: Enabled
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy custom-rule delete

Delete an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule delete --name
                                                             --policy-name
                                                             --resource-group

Examples

Delete an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule delete --name MyWafPolicyRule --policy-name MyPolicy --resource-group MyResourceGroup --subscription MySubscription

Required Parameters

--name -n

Name of the WAF policy rule.

--policy-name

Name of the application gateway WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy custom-rule list

List application gateway WAF policy custom rules.

az network application-gateway waf-policy custom-rule list --policy-name
                                                           --resource-group

Examples

List application gateway WAF policy custom rules.

az network application-gateway waf-policy custom-rule list --policy-name MyPolicy --resource-group MyResourceGroup

Required Parameters

--policy-name

Name of the application gateway WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy custom-rule show

Get the details of an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule show --name
                                                           --policy-name
                                                           --resource-group

Examples

Get the details of an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule show --name MyWAFPolicyRule --policy-name MyPolicy --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the WAF policy rule.

--policy-name

Name of the application gateway WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy custom-rule update

Update an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule update --name
                                                             --policy-name
                                                             --resource-group
                                                             [--action {Allow, Block, JSChallenge, Log}]
                                                             [--add]
                                                             [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                             [--group-by-user-session]
                                                             [--match-conditions]
                                                             [--priority]
                                                             [--rate-limit-duration {FiveMins, OneMin}]
                                                             [--rate-limit-threshold]
                                                             [--remove]
                                                             [--rule-type {Invalid, MatchRule, RateLimitRule}]
                                                             [--set]
                                                             [--state {Disabled, Enabled}]

Examples

Update an application gateway WAF policy custom rule.

az network application-gateway waf-policy custom-rule update --action Allow --name MyWAFPolicyRule --policy-name MyPolicy --priority 500 --resource-group MyResourceGroup --rule-type MatchRule

Update an application gateway WAF policy custom rule with user session identifier.

az network application-gateway waf-policy custom-rule create -g MyResourceGroup --policy-name MyPolicy -n MyRule --rate-limit-duration OneMin --rate-limit-threshold 10 --group-by-user-session "[{group-by-variables:[{variable-name:ClientAddr}]}]"

Required Parameters

--name -n

Name of the WAF policy rule.

--policy-name

Name of the application gateway WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--action

Action to take.

Accepted values: Allow, Block, JSChallenge, Log
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--group-by-user-session

List of user session identifier group by clauses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--match-conditions

List of match conditions. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--priority

Rule priority. Lower values are evaluated prior to higher values.

--rate-limit-duration

Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

Accepted values: FiveMins, OneMin
--rate-limit-threshold

Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--rule-type

Type of rule.

Accepted values: Invalid, MatchRule, RateLimitRule
--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--state

Describe if the custom rule is in enabled or disabled state.

Accepted values: Disabled, Enabled
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.