az network front-door waf-policy managed-rules exclusion
Note
This reference is part of the front-door extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az network front-door waf-policy managed-rules exclusion command. Learn more about extensions.
View and alter exclusions on a managed rule set, rule group, or rule within a managed rule set.
Exclusions prevent the rule set, rule group, or rule from being applied to the content of the specified variable. Use 'az network front-door waf-policy managed-rule-definition list' to see the available rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network front-door waf-policy managed-rules exclusion add |
Add an exclusion on a managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
| az network front-door waf-policy managed-rules exclusion list |
List the exclusions on managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
| az network front-door waf-policy managed-rules exclusion remove |
Remove an exclusion on a managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules exclusion add
Add an exclusion on a managed rule set, rule group, or rule within a managed rule set.
Prevents the rule set, rule group, or rule from being applied to the content of the specified variable. Use 'az network front-door waf-policy managed-rule-definition list' to see the available rules.
az network front-door waf-policy managed-rules exclusion add --match-variable
--operator
--type
--value
[--ids]
[--policy-name]
[--resource-group]
[--rule-group-id]
[--rule-id]
[--subscription]Required Parameters
Which kind of variable's content will be ignored, e.g. RequestHeaderNames, RequestCookieNames, QueryStringArgNames, RequestBodyPostArgNames.
Operator used to compare the variable name to the value, e.g. Equals, Contains, StartsWith, EndsWith, EqualsAny.
ID of the ruleset to exclusion.
Values to match the variable name against.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the WAF policy. Name must begin with a letter and contain only letters and numbers.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
ID of the rule group containing the rule to exclusion.
ID of the rule to apply exclusion.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network front-door waf-policy managed-rules exclusion list
List the exclusions on managed rule set, rule group, or rule within a managed rule set.
az network front-door waf-policy managed-rules exclusion list --policy-name
--resource-group
--type
[--rule-group-id]
[--rule-id]Required Parameters
Name of the WAF policy. Name must begin with a letter and contain only letters and numbers.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
ID of the ruleset with the exclusions to list.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
ID of the rule group containing the exclusions to list.
ID of the rule to list exclusion for.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network front-door waf-policy managed-rules exclusion remove
Remove an exclusion on a managed rule set, rule group, or rule within a managed rule set.
After this command, the standard behavior for the rule within the managed rule set will apply. Use 'az network front-door waf-policy managed-rule-definition list' to see the available rules.
az network front-door waf-policy managed-rules exclusion remove --match-variable
--operator
--type
--value
[--ids]
[--policy-name]
[--resource-group]
[--rule-group-id]
[--rule-id]
[--subscription]Required Parameters
Which kind of variable's content will be ignored, e.g. RequestHeaderNames, RequestCookieNames, QueryStringArgNames, RequestBodyPostArgNames.
Operator used to compare the variable name to the value, e.g. Equals, Contains, StartsWith, EndsWith, EqualsAny.
ID of the ruleset with the exclusion to remove.
Values to match the variable name against.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the WAF policy. Name must begin with a letter and contain only letters and numbers.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
ID of the rule group containing the exclusion to remove.
ID of the rule to remove from exclusion.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
