Share via

az network application-gateway waf-policy managed-rule exclusion

Manage OWASP CRS exclusions that are applied on a WAF policy managed rules.

Commands

Name Description Type Status
az network application-gateway waf-policy managed-rule exclusion add

Add an OWASP CRS exclusion rule to the WAF policy managed rules.

 Core GA
az network application-gateway waf-policy managed-rule exclusion list

List all OWASP CRS exclusion rules that are applied on a WAF policy managed rules.

 Core GA
az network application-gateway waf-policy managed-rule exclusion remove

Remove all OWASP CRS exclusion rules that are applied on a WAF policy managed rules.

 Core GA
az network application-gateway waf-policy managed-rule exclusion rule-set

Define a managed rule set for exclusions.

 Core GA
az network application-gateway waf-policy managed-rule exclusion rule-set add

Add a managed rule set to an exclusion.

 Core GA
az network application-gateway waf-policy managed-rule exclusion rule-set list

List all managed rule sets of an exclusion.

 Core GA
az network application-gateway waf-policy managed-rule exclusion rule-set remove

Remove managed rule set within an exclusion.

 Core GA

az network application-gateway waf-policy managed-rule exclusion add

Edit

Add an OWASP CRS exclusion rule to the WAF policy managed rules.

az network application-gateway waf-policy managed-rule exclusion add --match-operator --selector-match-operator {Contains, EndsWith, Equals, EqualsAny, StartsWith}
                                                                     --match-variable {RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues}
                                                                     --policy-name
                                                                     --resource-group
                                                                     --selector
                                                                     [--index]
                                                                     [--rule-sets]

Examples

Add an OWASP CRS exclusion rule to the WAF policy managed rules.

az network application-gateway waf-policy managed-rule exclusion add -g MyResourceGroup --policy-name MyWAF --match-variable "RequestHeaderNames" --selector-match-operator "StartsWith" --selector "Bing"

Required Parameters

--match-operator --selector-match-operator

When match-variable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

Property Value
Accepted values: Contains, EndsWith, Equals, EqualsAny, StartsWith
--match-variable

Variable to be excluded.

Property Value
Accepted values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues
--policy-name

Name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--selector

When match-variable is a collection, operator used to specify which elements in the collection this exclusion applies to.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--index

Index of exclusion. If no index is provided, the default behavior is append.

--rule-sets

The managed rule sets that are associated with the exclusion. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property Value
Parameter group: Properties Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network application-gateway waf-policy managed-rule exclusion list

Edit

List all OWASP CRS exclusion rules that are applied on a WAF policy managed rules.

az network application-gateway waf-policy managed-rule exclusion list --policy-name
                                                                      --resource-group

Required Parameters

--policy-name

The name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network application-gateway waf-policy managed-rule exclusion remove

Edit

Remove all OWASP CRS exclusion rules that are applied on a WAF policy managed rules.

az network application-gateway waf-policy managed-rule exclusion remove --policy-name
                                                                        --resource-group

Required Parameters

--policy-name

The name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False