az network application-gateway waf-policy policy-setting
Define contents of a web application firewall global configuration.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network application-gateway waf-policy policy-setting list |
List properties of a web application firewall global configuration. |
Core | GA |
| az network application-gateway waf-policy policy-setting update |
Update properties of a web application firewall global configuration. |
Core | GA |
az network application-gateway waf-policy policy-setting list
List properties of a web application firewall global configuration.
az network application-gateway waf-policy policy-setting list --policy-name
--resource-groupExamples
List properties of a web application firewall global configuration.
az network application-gateway waf-policy policy-setting list --policy-name MyPolicy --resource-group MyResourceGroupRequired Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy policy-setting update
Update properties of a web application firewall global configuration.
az network application-gateway waf-policy policy-setting update --policy-name
--resource-group
[--add]
[--custom-body]
[--custom-status-code]
[--file-upload-enforce --file-upload-enforcement {0, 1, f, false, n, no, t, true, y, yes}]
[--file-upload-limit-in-mb]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--js-cookie-exp-time]
[--log-scrubbing-state {Disabled, Enabled}]
[--max-request-body-size-in-kb]
[--mode {Detection, Prevention}]
[--remove]
[--request-body-check {0, 1, f, false, n, no, t, true, y, yes}]
[--request-body-enforce --request-body-enforcement {0, 1, f, false, n, no, t, true, y, yes}]
[--request-body-inspect-limit-in-kb --request-limit-in-kb]
[--scrubbing-rule --scrubbing-rules]
[--set]
[--state {Disabled, Enabled}]Examples
Update properties of a web application firewall global configuration.
az network application-gateway waf-policy policy-setting update --mode Prevention --policy-name MyPolicy --resource-group MyResourceGroup --state DisabledUpdate a web application firewall global configuration with scrubbing rules.
az network application-gateway waf-policy policy-setting update -g MyResourceGroup --policy-name MyPolicySetting --request-body-inspect-limit-in-kb 64 --file-upload-enforcement True --request-body-enforcement False --log-scrubbing-state Enabled --scrubbing-rules "[{state:Enabled,match-variable:RequestArgNames,selector-match-operator:Equals,selector:test},{state:Enabled,match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null}]"Required Parameters
Name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
If the action type is block, customer can override the response status code.
Whether allow WAF to enforce file upload limits.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Maximum file upload size in Mb for WAF.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.
State of the log scrubbing config. Default value is Enabled.
| Property | Value |
|---|---|
| Parameter group: | Log Scrubbing Arguments |
| Accepted values: | Disabled, Enabled |
Maximum request body size in Kb for WAF.
If it is in detection mode or prevention mode at policy level.
| Property | Value |
|---|---|
| Accepted values: | Detection, Prevention |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Specified to require WAF to check request body.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Whether allow WAF to enforce request body limits.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Max inspection limit in KB for request body inspection for WAF.
The rules that are applied to the logs for scrubbing. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --scrubbing-rule.
| Property | Value |
|---|---|
| Parameter group: | Log Scrubbing Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
If the policy is in enabled state or disabled state.
| Property | Value |
|---|---|
| Accepted values: | Disabled, Enabled |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
