Share via


az network front-door waf-policy managed-rules exclusion

Note

This reference is part of the front-door extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az network front-door waf-policy managed-rules exclusion command. Learn more about extensions.

View and alter exclusions on a managed rule set, rule group, or rule within a managed rule set.

Exclusions prevent the rule set, rule group, or rule from being applied to the content of the specified variable. Use 'az network front-door waf-policy managed-rule-definition list' to see the available rules.

Commands

Name Description Type Status
az network front-door waf-policy managed-rules exclusion add

Add an exclusion on a managed rule set, rule group, or rule within a managed rule set.

Extension GA
az network front-door waf-policy managed-rules exclusion list

List the exclusions on managed rule set, rule group, or rule within a managed rule set.

Extension GA
az network front-door waf-policy managed-rules exclusion remove

Remove an exclusion on a managed rule set, rule group, or rule within a managed rule set.

Extension GA

az network front-door waf-policy managed-rules exclusion add

Add an exclusion on a managed rule set, rule group, or rule within a managed rule set.

Prevents the rule set, rule group, or rule from being applied to the content of the specified variable. Use 'az network front-door waf-policy managed-rule-definition list' to see the available rules.

az network front-door waf-policy managed-rules exclusion add --match-variable
                                                             --operator
                                                             --type
                                                             --value
                                                             [--ids]
                                                             [--policy-name]
                                                             [--resource-group]
                                                             [--rule-group-id]
                                                             [--rule-id]
                                                             [--subscription]

Required Parameters

--match-variable

Which kind of variable's content will be ignored, e.g. RequestHeaderNames, RequestCookieNames, QueryStringArgNames, RequestBodyPostArgNames.

--operator

Operator used to compare the variable name to the value, e.g. Equals, Contains, StartsWith, EndsWith, EqualsAny.

--type

ID of the ruleset to exclusion.

--value

Values to match the variable name against.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--policy-name

Name of the WAF policy. Name must begin with a letter and contain only letters and numbers.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--rule-group-id

ID of the rule group containing the rule to exclusion.

--rule-id

ID of the rule to apply exclusion.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network front-door waf-policy managed-rules exclusion list

List the exclusions on managed rule set, rule group, or rule within a managed rule set.

az network front-door waf-policy managed-rules exclusion list --policy-name
                                                              --resource-group
                                                              --type
                                                              [--rule-group-id]
                                                              [--rule-id]

Required Parameters

--policy-name

Name of the WAF policy. Name must begin with a letter and contain only letters and numbers.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--type

ID of the ruleset with the exclusions to list.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--rule-group-id

ID of the rule group containing the exclusions to list.

--rule-id

ID of the rule to list exclusion for.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az network front-door waf-policy managed-rules exclusion remove

Remove an exclusion on a managed rule set, rule group, or rule within a managed rule set.

After this command, the standard behavior for the rule within the managed rule set will apply. Use 'az network front-door waf-policy managed-rule-definition list' to see the available rules.

az network front-door waf-policy managed-rules exclusion remove --match-variable
                                                                --operator
                                                                --type
                                                                --value
                                                                [--ids]
                                                                [--policy-name]
                                                                [--resource-group]
                                                                [--rule-group-id]
                                                                [--rule-id]
                                                                [--subscription]

Required Parameters

--match-variable

Which kind of variable's content will be ignored, e.g. RequestHeaderNames, RequestCookieNames, QueryStringArgNames, RequestBodyPostArgNames.

--operator

Operator used to compare the variable name to the value, e.g. Equals, Contains, StartsWith, EndsWith, EqualsAny.

--type

ID of the ruleset with the exclusion to remove.

--value

Values to match the variable name against.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--policy-name

Name of the WAF policy. Name must begin with a letter and contain only letters and numbers.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--rule-group-id

ID of the rule group containing the exclusion to remove.

--rule-id

ID of the rule to remove from exclusion.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False