az network application-gateway waf-policy
Manage application gateway web application firewall (WAF) policies.
To learn more about Web Application Firewall visit https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network application-gateway waf-policy create |
Create an application gateway WAF policy. |
Core | GA |
| az network application-gateway waf-policy custom-rule |
Manage application gateway web application firewall (WAF) policy custom rules. |
Core | GA |
| az network application-gateway waf-policy custom-rule create |
Create an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule delete |
Delete an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule list |
List application gateway WAF policy custom rules. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition |
Manage match conditions in an application gateway web application firewall (WAF) policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition add |
Add a match condition to an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition list |
List application gateway WAF policy custom rule match conditions. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition remove |
Remove a match condition from an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule show |
Get the details of an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule update |
Update an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy delete |
Delete an application gateway WAF policy. |
Core | GA |
| az network application-gateway waf-policy list |
List application gateway WAF policies. |
Core | GA |
| az network application-gateway waf-policy managed-rule |
Manage managed rules of a WAF policy. |
Core | GA |
| az network application-gateway waf-policy managed-rule exception |
Manage exceptions to allow a request to skip the managed rules when the condition is satisfied. |
Core | GA |
| az network application-gateway waf-policy managed-rule exception add |
Allows traffic that met configured criteria to skip the configured managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exception list |
List all managed rule exceptions that are applied on a WAF policy managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exception remove |
Remove all managed rule exceptions that are applied on a WAF policy managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion |
Manage OWASP CRS exclusions that are applied on a WAF policy managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion add |
Add an OWASP CRS exclusion rule to the WAF policy managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion list |
List all OWASP CRS exclusion rules that are applied on a WAF policy managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion remove |
Remove all OWASP CRS exclusion rules that are applied on a WAF policy managed rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion rule-set |
Define a managed rule set for exclusions. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion rule-set add |
Add a managed rule set to an exclusion. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion rule-set list |
List all managed rule sets of an exclusion. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion rule-set remove |
Remove managed rule set within an exclusion. |
Core | GA |
| az network application-gateway waf-policy managed-rule rule-set |
Manage managed rule set of managed rules of a WAF policy. |
Core | GA |
| az network application-gateway waf-policy managed-rule rule-set add |
Add managed rule set to the WAF policy managed rules. For rule set and rules, please visit: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules. |
Core | GA |
| az network application-gateway waf-policy managed-rule rule-set list |
List all managed rule set. |
Core | GA |
| az network application-gateway waf-policy managed-rule rule-set remove |
Remove a managed rule set by rule set group name if rule_group_name is specified. Otherwise, remove all rule set. |
Core | GA |
| az network application-gateway waf-policy managed-rule rule-set update |
Manage rules of a WAF policy. If --group-name and --rules are provided, override existing rules. If --group-name is provided, clear all rules under a certain rule group. If neither of them are provided, update rule set and clear all rules under itself. For rule set and rules, please visit: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules. |
Core | GA |
| az network application-gateway waf-policy policy-setting |
Define contents of a web application firewall global configuration. |
Core | GA |
| az network application-gateway waf-policy policy-setting list |
List properties of a web application firewall global configuration. |
Core | GA |
| az network application-gateway waf-policy policy-setting update |
Update properties of a web application firewall global configuration. |
Core | GA |
| az network application-gateway waf-policy show |
Get the details of an application gateway WAF policy. |
Core | GA |
| az network application-gateway waf-policy update |
Update an application gateway WAF policy. |
Core | GA |
| az network application-gateway waf-policy wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network application-gateway waf-policy create
Create an application gateway WAF policy.
az network application-gateway waf-policy create --name
--resource-group
[--custom-rules]
[--location]
[--managed-rules]
[--policy-settings]
[--tags]
[--type {Microsoft_BotManagerRuleSet, Microsoft_DefaultRuleSet, OWASP}]
[--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}]Examples
Create an application gateway WAF policy.
az network application-gateway waf-policy create --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroupRequired Parameters
Name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The custom rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Describes the managedRules structure. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The PolicySettings for policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Type of the web application firewall rule set.
| Property | Value |
|---|---|
| Default value: | Microsoft_DefaultRuleSet |
| Accepted values: | Microsoft_BotManagerRuleSet, Microsoft_DefaultRuleSet, OWASP |
Version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
| Property | Value |
|---|---|
| Default value: | 2.1 |
| Accepted values: | 0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2 |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy delete
Delete an application gateway WAF policy.
az network application-gateway waf-policy delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Delete an application gateway WAF policy.
az network application-gateway waf-policy delete --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the application gateway WAF policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy list
List application gateway WAF policies.
az network application-gateway waf-policy list [--max-items]
[--next-token]
[--resource-group]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy show
Get the details of an application gateway WAF policy.
az network application-gateway waf-policy show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get the details of an application gateway WAF policy.
az network application-gateway waf-policy show --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the application gateway WAF policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy update
Update an application gateway WAF policy.
az network application-gateway waf-policy update [--add]
[--custom-rules]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--managed-rules]
[--name]
[--policy-settings]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]Examples
Update an application gateway WAF policy.
az network application-gateway waf-policy update --add communities='12076:5010' --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroupOverride existing managed rule set via shorthand syntax.
az network application-gateway waf-policy update --managed-rules "{managed-rule-sets:[{rule-group-overrides:[{rule-group-name:REQUEST-921-PROTOCOL-ATTACK,rules:[{rule-id:921100},{rule-id:921100}]}],rule-set-type:OWASP,rule-set-version:3.0}]}"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The custom rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Describes the managedRules structure. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The name of the application gateway WAF policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The PolicySettings for policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy wait
Place the CLI in a waiting state until a condition is met.
az network application-gateway waf-policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
The name of the application gateway WAF policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
