Web Application Firewall Policies - Create Or Update
Creates or update policy with specified rule set name within a resource group.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}?api-version=2023-09-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
policy
|
path | True |
string |
The name of the policy. |
|
resource
|
path | True |
string |
The name of the resource group. |
|
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
|
api-version
|
query | True |
string |
Client API version. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| properties.managedRules | True |
Describes the managedRules structure. |
|
| id |
string |
Resource ID. |
|
| location |
string |
Resource location. |
|
| properties.customRules |
The custom rules inside the policy. |
||
| properties.policySettings |
The PolicySettings for policy. |
||
| tags |
object |
Resource tags. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK. The request has succeeded. |
|
| 201 Created |
Created. The request has been fulfilled and a new protection policy has been created. |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
Creates or updates a WAF policy within a resource group
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/Policy1?api-version=2023-09-01
{
"location": "WestUs",
"properties": {
"policySettings": {
"logScrubbing": {
"state": "Enabled",
"scrubbingRules": [
{
"state": "Enabled",
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "Equals",
"selector": "test"
},
{
"state": "Enabled",
"matchVariable": "RequestIPAddress",
"selectorMatchOperator": "EqualsAny"
}
]
}
},
"managedRules": {
"managedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroupOverrides": [
{
"ruleGroupName": "REQUEST-931-APPLICATION-ATTACK-RFI",
"rules": [
{
"ruleId": "931120",
"state": "Enabled",
"action": "Log"
},
{
"ruleId": "931130",
"state": "Disabled",
"action": "AnomalyScoring"
}
]
}
]
},
{
"ruleSetType": "Microsoft_BotManagerRuleSet",
"ruleSetVersion": "1.0",
"ruleGroupOverrides": [
{
"ruleGroupName": "UnknownBots",
"rules": [
{
"ruleId": "300700",
"state": "Enabled",
"action": "JSChallenge"
}
]
}
]
}
],
"exclusions": [
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "StartsWith",
"selector": "hello",
"exclusionManagedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroups": [
{
"ruleGroupName": "REQUEST-930-APPLICATION-ATTACK-LFI",
"rules": [
{
"ruleId": "930120"
}
]
},
{
"ruleGroupName": "REQUEST-932-APPLICATION-ATTACK-RCE"
}
]
}
]
},
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "EndsWith",
"selector": "hello",
"exclusionManagedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.1",
"ruleGroups": []
}
]
},
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "StartsWith",
"selector": "test"
},
{
"matchVariable": "RequestArgValues",
"selectorMatchOperator": "StartsWith",
"selector": "test"
}
]
},
"customRules": [
{
"name": "Rule1",
"priority": 1,
"ruleType": "MatchRule",
"action": "Block",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"matchValues": [
"192.168.1.0/24",
"10.0.0.0/24"
]
}
]
},
{
"name": "Rule2",
"priority": 2,
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"matchValues": [
"192.168.1.0/24"
]
},
{
"matchVariables": [
{
"variableName": "RequestHeaders",
"selector": "UserAgent"
}
],
"operator": "Contains",
"matchValues": [
"Windows"
]
}
],
"action": "Block"
},
{
"name": "RateLimitRule3",
"priority": 3,
"rateLimitDuration": "OneMin",
"rateLimitThreshold": 10,
"ruleType": "RateLimitRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": true,
"matchValues": [
"192.168.1.0/24",
"10.0.0.0/24"
]
}
],
"groupByUserSession": [
{
"groupByVariables": [
{
"variableName": "ClientAddr"
}
]
}
],
"action": "Block"
},
{
"name": "Rule4",
"priority": 4,
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"matchValues": [
"192.168.1.0/24"
]
},
{
"matchVariables": [
{
"variableName": "RequestHeaders",
"selector": "UserAgent"
}
],
"operator": "Contains",
"matchValues": [
"Bot"
]
}
],
"action": "JSChallenge"
}
]
}
}
Sample Response
{
"name": "Policy1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/Policy1",
"type": "Microsoft.Network/applicationgatewaywebapplicationfirewallpolicies",
"tags": {
"key1": "value1",
"key2": "value2"
},
"location": "WestUs",
"properties": {
"resourceState": "Enabled",
"provisioningState": "Succeeded",
"policySettings": {
"state": "Enabled",
"mode": "Detection",
"requestBodyEnforcement": true,
"maxRequestBodySizeInKb": 2000,
"requestBodyInspectLimitInKB": 2000,
"fileUploadEnforcement": true,
"fileUploadLimitInMb": 4000,
"requestBodyCheck": true,
"customBlockResponseStatusCode": 405,
"customBlockResponseBody": "SGVsbG8=",
"logScrubbing": {
"state": "Enabled",
"scrubbingRules": [
{
"state": "Enabled",
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "Equals",
"selector": "test"
},
{
"state": "Enabled",
"matchVariable": "RequestIPAddress",
"selectorMatchOperator": "EqualsAny"
}
]
}
},
"managedRules": {
"managedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroupOverrides": [
{
"ruleGroupName": "REQUEST-931-APPLICATION-ATTACK-RFI",
"rules": [
{
"ruleId": "931120",
"state": "Enabled",
"action": "Log"
},
{
"ruleId": "931130",
"state": "Disabled",
"action": "AnomalyScoring"
}
]
}
]
},
{
"ruleSetType": "Microsoft_BotManagerRuleSet",
"ruleSetVersion": "1.0",
"ruleGroupOverrides": [
{
"ruleGroupName": "UnknownBots",
"rules": [
{
"ruleId": "300700",
"state": "Enabled",
"action": "JSChallenge"
}
]
}
]
}
],
"exclusions": [
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "StartsWith",
"selector": "hello",
"exclusionManagedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroups": [
{
"ruleGroupName": "REQUEST-930-APPLICATION-ATTACK-LFI",
"rules": [
{
"ruleId": "930120"
}
]
},
{
"ruleGroupName": "REQUEST-932-APPLICATION-ATTACK-RCE"
}
]
}
]
},
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "EndsWith",
"selector": "hello",
"exclusionManagedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.1",
"ruleGroups": []
}
]
},
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "StartsWith",
"selector": "test"
},
{
"matchVariable": "RequestArgValues",
"selectorMatchOperator": "StartsWith",
"selector": "test"
}
]
},
"customRules": [
{
"name": "Rule1",
"priority": 1,
"state": "Enabled",
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": false,
"matchValues": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"transforms": []
}
],
"action": "Block"
},
{
"name": "Rule2",
"priority": 2,
"state": "Enabled",
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": false,
"matchValues": [
"192.168.1.0/24"
]
},
{
"matchVariables": [
{
"variableName": "RequestHeader",
"selector": "UserAgent"
}
],
"operator": "Contains",
"negationConditon": false,
"matchValues": [
"Windows"
]
}
],
"action": "Block"
},
{
"name": "RateLimitRule3",
"priority": 3,
"rateLimitDuration": "OneMin",
"rateLimitThreshold": 10,
"ruleType": "RateLimitRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": true,
"matchValues": [
"192.168.1.0/24",
"10.0.0.0/24"
]
}
],
"groupByUserSession": [
{
"groupByVariables": [
{
"variableName": "ClientAddr"
}
]
}
],
"action": "Block"
},
{
"name": "Rule4",
"priority": 4,
"state": "Enabled",
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": false,
"matchValues": [
"192.168.1.0/24"
]
},
{
"matchVariables": [
{
"variableName": "RequestHeaders",
"selector": "UserAgent"
}
],
"operator": "Contains",
"negationConditon": false,
"matchValues": [
"Bot"
]
}
],
"action": "JSChallenge"
}
]
}
}{
"name": "Policy1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/Policy1",
"type": "Microsoft.Network/applicationgatewaywebapplicationfirewallpolicies",
"tags": {
"key1": "value1",
"key2": "value2"
},
"location": "WestUs",
"properties": {
"resourceState": "Enabled",
"provisioningState": "Succeeded",
"policySettings": {
"state": "Enabled",
"mode": "Detection",
"requestBodyEnforcement": true,
"maxRequestBodySizeInKb": 2000,
"requestBodyInspectLimitInKB": 2000,
"fileUploadEnforcement": true,
"fileUploadLimitInMb": 4000,
"requestBodyCheck": true,
"customBlockResponseStatusCode": 405,
"customBlockResponseBody": "SGVsbG8="
},
"managedRules": {
"managedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroupOverrides": [
{
"ruleGroupName": "REQUEST-931-APPLICATION-ATTACK-RFI",
"rules": [
{
"ruleId": "931120",
"state": "Enabled",
"action": "Log"
},
{
"ruleId": "931130",
"state": "Disabled",
"action": "AnomalyScoring"
}
]
}
]
},
{
"ruleSetType": "Microsoft_BotManagerRuleSet",
"ruleSetVersion": "1.0",
"ruleGroupOverrides": [
{
"ruleGroupName": "UnknownBots",
"rules": [
{
"ruleId": "300700",
"state": "Enabled",
"action": "JSChallenge"
}
]
}
]
}
],
"exclusions": [
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "StartsWith",
"selector": "hello",
"exclusionManagedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.2",
"ruleGroups": [
{
"ruleGroupName": "REQUEST-930-APPLICATION-ATTACK-LFI",
"rules": [
{
"ruleId": "930120"
}
]
},
{
"ruleGroupName": "REQUEST-932-APPLICATION-ATTACK-RCE"
}
]
}
]
},
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "EndsWith",
"selector": "hello",
"exclusionManagedRuleSets": [
{
"ruleSetType": "OWASP",
"ruleSetVersion": "3.1",
"ruleGroups": []
}
]
},
{
"matchVariable": "RequestArgNames",
"selectorMatchOperator": "StartsWith",
"selector": "test"
},
{
"matchVariable": "RequestArgValues",
"selectorMatchOperator": "StartsWith",
"selector": "test"
}
]
},
"customRules": [
{
"name": "Rule1",
"priority": 1,
"state": "Enabled",
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": false,
"matchValues": [
"192.168.1.0/24",
"10.0.0.0/24"
],
"transforms": []
}
],
"action": "Block"
},
{
"name": "Rule2",
"priority": 2,
"state": "Enabled",
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": false,
"matchValues": [
"192.168.1.0/24"
]
},
{
"matchVariables": [
{
"variableName": "RequestHeader",
"selector": "UserAgent"
}
],
"operator": "Contains",
"negationConditon": false,
"matchValues": [
"Windows"
]
}
],
"action": "Block"
},
{
"name": "RateLimitRule3",
"priority": 3,
"rateLimitDuration": "OneMin",
"rateLimitThreshold": 10,
"ruleType": "RateLimitRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": true,
"matchValues": [
"192.168.1.0/24",
"10.0.0.0/24"
]
}
],
"groupByUserSession": [
{
"groupByVariables": [
{
"variableName": "ClientAddr"
}
]
}
],
"action": "Block"
},
{
"name": "Rule4",
"priority": 4,
"state": "Enabled",
"ruleType": "MatchRule",
"matchConditions": [
{
"matchVariables": [
{
"variableName": "RemoteAddr",
"selector": null
}
],
"operator": "IPMatch",
"negationConditon": false,
"matchValues": [
"192.168.1.0/24"
]
},
{
"matchVariables": [
{
"variableName": "RequestHeaders",
"selector": "UserAgent"
}
],
"operator": "Contains",
"negationConditon": false,
"matchValues": [
"Bot"
]
}
],
"action": "JSChallenge"
}
]
}
}Definitions
| Name | Description |
|---|---|
|
scrubbing |
When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. |
|
scrubbing |
Defines the state of log scrubbing rule. Default value is Enabled. |
|
Action |
Defines the action to take on rule match. |
|
Application |
Application gateway resource. |
|
Application |
Authentication certificates of an application gateway. |
|
Application |
Application Gateway autoscale configuration. |
|
Application |
Backend address of an application gateway. |
|
Application |
Backend Address Pool of an application gateway. |
|
Application |
Backend address pool settings of an application gateway. |
|
Application |
Backend address pool settings of an application gateway. |
|
Application |
Application gateway client authentication configuration. |
|
Application |
Verify client certificate revocation status. |
|
Application |
Connection draining allows open connections to a backend server to be active for a specified time after the backend server got removed from the configuration. |
|
Application |
Cookie based affinity. |
|
Application |
Custom error of an application gateway. |
|
Application |
Status code of the application gateway custom error. |
|
Application |
Allows to disable rules within a rule group or an entire rule group. |
|
Application |
Allow to exclude some variable satisfy the condition for the WAF check. |
|
Application |
Web application firewall mode. |
|
Application |
Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule. |
|
Application |
User Session clause variable. |
|
Application |
Frontend IP configuration of an application gateway. |
|
Application |
Frontend port of an application gateway. |
|
Application |
Application Gateway global configuration. |
|
Application |
Header configuration of the Actions set in Application Gateway. |
|
Application |
Http listener of an application gateway. |
|
Application |
IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. |
|
Application |
Listener of an application gateway. |
|
Application |
Load Distribution Targets resource of an application gateway. |
|
Application |
Load Distribution Policy of an application gateway. |
|
Application |
Load Distribution Target of an application gateway. |
|
Application |
Operational state of the application gateway resource. |
|
Application |
Path rule of URL path map of an application gateway. |
|
Application |
Private Endpoint connection on an application gateway. |
|
Application |
Private Link Configuration on an application gateway. |
|
Application |
The application gateway private link ip configuration. |
|
Application |
Probe of the application gateway. |
|
Application |
Application gateway probe health response match. |
|
Application |
Application Gateway protocol. |
|
Application |
Redirect configuration of an application gateway. |
|
Application |
HTTP redirection type. |
|
Application |
Request routing rule of an application gateway. |
|
Application |
Rule type. |
|
Application |
Rewrite rule of an application gateway. |
|
Application |
Set of actions in the Rewrite Rule in Application Gateway. |
|
Application |
Set of conditions in the Rewrite Rule in Application Gateway. |
|
Application |
Rewrite rule set of an application gateway. |
|
Application |
Routing rule of an application gateway. |
|
Application |
SKU of an application gateway. |
|
Application |
Name of an application gateway SKU. |
|
Application |
SSL certificates of an application gateway. |
|
Application |
Ssl cipher suites to be enabled in the specified order to application gateway. |
|
Application |
Application Gateway Ssl policy. |
|
Application |
Name of Ssl predefined policy. |
|
Application |
Type of Ssl Policy. |
|
Application |
SSL profile of an application gateway. |
|
Application |
Ssl protocols to be disabled on application gateway. |
|
Application |
Tier of an application gateway. |
|
Application |
Trusted client certificates of an application gateway. |
|
Application |
Trusted Root certificates of an application gateway. |
|
Application |
Url configuration of the Actions set in Application Gateway. |
|
Application |
UrlPathMaps give a url path to the backend mapping information for PathBasedRouting. |
|
Application |
Application gateway web application firewall configuration. |
|
Application |
An application security group in a resource group. |
|
Auto |
The auto-approval list of the private link service. |
|
Backend |
Pool of backend IP addresses. |
|
Cloud |
An error response from the service. |
|
Cloud |
An error response from the service. |
|
Custom |
Contains custom Dns resolution configuration from customer. |
|
Ddos |
Contains the DDoS protection settings of the public IP. |
|
Ddos |
The DDoS protection mode of the public IP |
| Delegation |
Details the service to which the subnet is delegated. |
|
Delete |
Specify what happens to the public IP address when the VM using it is deleted |
|
Exclusion |
Defines a managed rule to use for exclusion. |
|
Exclusion |
Defines a managed rule group to use for exclusion. |
|
Exclusion |
Defines a managed rule set for Exclusions. |
|
Extended |
ExtendedLocation complex type. |
|
Extended |
The type of the extended location. |
|
Flow |
A flow log resource. |
|
Flow |
Parameters that define the flow log format. |
|
Flow |
The file type of flow log. |
|
Frontend |
Frontend IP address of the load balancer. |
|
Gateway |
Gateway load balancer tunnel interface of a load balancer backend address pool. |
|
Gateway |
Traffic type of gateway load balancer tunnel interface. |
|
Gateway |
Protocol of gateway load balancer tunnel interface. |
|
Group |
Define user session identifier group by clauses. |
|
Group |
Define user session group by clause variables. |
|
Inbound |
Inbound NAT rule of the load balancer. |
|
IPAllocation |
IP address allocation method. |
| IPConfiguration |
IP configuration. |
|
IPConfiguration |
IP configuration profile child resource. |
|
Ip |
Contains the IpTag associated with the object. |
| IPVersion |
IP address version. |
|
Load |
Load balancer backend addresses. |
|
Load |
A list of administrative states which once set can override health probe so that Load Balancer will always forward new connections to backend, or deny new connections and reset existing connections. |
|
Log |
To scrub sensitive log fields |
|
Managed |
The state of the managed rule. Defaults to Disabled if not specified. |
|
Managed |
Defines a managed rule group override setting. |
|
Managed |
Defines a managed rule group override setting. |
|
Managed |
Allow to exclude some variable satisfy the condition for the WAF check. |
|
Managed |
Defines a managed rule set. |
|
Managed |
Identity for the resource. |
|
Match |
Define match conditions. |
|
Match |
Define match variables. |
|
Nat |
Nat Gateway resource. |
|
Nat |
SKU of nat gateway. |
|
Nat |
Name of Nat Gateway SKU. |
|
Nat |
Individual port mappings for inbound NAT rule created for backend pool. |
|
Network |
A network interface in a resource group. |
|
Network |
Auxiliary mode of Network Interface resource. |
|
Network |
Auxiliary sku of Network Interface resource. |
|
Network |
DNS settings of a network interface. |
|
Network |
IPConfiguration in a network interface. |
|
Network |
PrivateLinkConnection properties for the network interface. |
|
Network |
Migration phase of Network Interface resource. |
|
Network |
Type of Network Interface resource. |
|
Network |
Tap configuration in a Network Interface. |
|
Network |
NetworkSecurityGroup resource. |
|
Owasp |
Allow to exclude some variable satisfy the condition for the WAF check. |
|
Owasp |
The variable to be excluded. |
|
Owasp |
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. |
|
Policy |
Defines contents of a web application firewall global configuration. |
|
Private |
Private endpoint resource. |
|
Private |
PrivateEndpointConnection resource. |
|
Private |
An IP Configuration of the private endpoint. |
|
Private |
Private link service resource. |
|
Private |
PrivateLinkServiceConnection resource. |
|
Private |
A collection of information about the state of the connection between service consumer and provider. |
|
Private |
The private link service ip configuration. |
|
Provisioning |
The current provisioning state. |
|
Public |
Public IP address resource. |
|
Public |
Contains FQDN of the DNS record associated with the public IP address. |
|
Public |
The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. |
|
Public |
Migration phase of Public IP Address. |
|
Public |
SKU of a public IP address. |
|
Public |
Name of a public IP address SKU. |
|
Public |
Tier of a public IP address SKU. |
|
Resource |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. |
|
Resource |
ResourceNavigationLink resource. |
|
Retention |
Parameters that define the retention policy for flow log. |
| Route |
Route resource. |
|
Route |
The type of Azure hop the packet should be sent to. |
|
Route |
Route table resource. |
|
scrubbing |
The variable to be scrubbed from the logs. |
|
Security |
Network security rule. |
|
Security |
Whether network traffic is allowed or denied. |
|
Security |
The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. |
|
Security |
Network protocol this rule applies to. |
|
Service |
ServiceAssociationLink resource. |
|
Service |
Service End point policy resource. |
|
Service |
Service Endpoint policy definitions. |
|
Service |
The service endpoint properties. |
| Subnet |
Subnet in a virtual network resource. |
|
Sub |
Reference to another subresource. |
|
Sync |
Backend address synchronous mode for the backend pool |
|
Traffic |
Parameters that define the configuration of traffic analytics. |
|
Traffic |
Parameters that define the configuration of traffic analytics. |
|
Transport |
The transport protocol for the endpoint. |
|
User |
The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
|
Virtual |
Enable or Disable apply network policies on private end point in the subnet. |
|
Virtual |
Enable or Disable apply network policies on private link service in the subnet. |
|
Virtual |
Virtual Network Tap resource. |
| Visibility |
The visibility list of the private link service. |
|
Web |
Type of Actions. |
|
Web |
Defines contents of a web application rule. |
|
Web |
The state of the policy. |
|
Web |
Match Variable. |
|
Web |
The mode of the policy. |
|
Web |
The operator to be matched. |
|
Web |
Defines web application firewall policy. |
|
Web |
Resource status of the policy. |
|
Web |
The rule type. |
|
Web |
Allow certain variables to be scrubbed on WAF logs |
|
Web |
State of the log scrubbing config. Default value is Enabled. |
|
Web |
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified. |
|
Web |
List of transforms. |
scrubbingRuleEntryMatchOperator
When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.
| Name | Type | Description |
|---|---|---|
| Equals |
string |
|
| EqualsAny |
string |
scrubbingRuleEntryState
Defines the state of log scrubbing rule. Default value is Enabled.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
ActionType
Defines the action to take on rule match.
| Name | Type | Description |
|---|---|---|
| Allow |
string |
|
| AnomalyScoring |
string |
|
| Block |
string |
|
| JSChallenge |
string |
|
| Log |
string |
ApplicationGateway
Application gateway resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| identity |
The identity of the application gateway, if configured. |
|
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.authenticationCertificates |
Authentication certificates of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.autoscaleConfiguration |
Autoscale Configuration. |
|
| properties.backendAddressPools |
Backend address pool of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.backendHttpSettingsCollection |
Backend http settings of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.backendSettingsCollection |
Backend settings of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.customErrorConfigurations |
Custom error configurations of the application gateway resource. |
|
| properties.defaultPredefinedSslPolicy |
The default predefined SSL Policy applied on the application gateway resource. |
|
| properties.enableFips |
boolean |
Whether FIPS is enabled on the application gateway resource. |
| properties.enableHttp2 |
boolean |
Whether HTTP2 is enabled on the application gateway resource. |
| properties.firewallPolicy |
Reference to the FirewallPolicy resource. |
|
| properties.forceFirewallPolicyAssociation |
boolean |
If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF Config. |
| properties.frontendIPConfigurations |
Frontend IP addresses of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.frontendPorts |
Frontend ports of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.gatewayIPConfigurations |
Subnets of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.globalConfiguration |
Global Configuration. |
|
| properties.httpListeners |
Http listeners of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.listeners |
Listeners of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.loadDistributionPolicies |
Load distribution policies of the application gateway resource. |
|
| properties.operationalState |
Operational state of the application gateway resource. |
|
| properties.privateEndpointConnections |
Private Endpoint connections on application gateway. |
|
| properties.privateLinkConfigurations |
PrivateLink configurations on application gateway. |
|
| properties.probes |
Probes of the application gateway resource. |
|
| properties.provisioningState |
The provisioning state of the application gateway resource. |
|
| properties.redirectConfigurations |
Redirect configurations of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.requestRoutingRules |
Request routing rules of the application gateway resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the application gateway resource. |
| properties.rewriteRuleSets |
Rewrite rules for the application gateway resource. |
|
| properties.routingRules |
Routing rules of the application gateway resource. |
|
| properties.sku |
SKU of the application gateway resource. |
|
| properties.sslCertificates |
SSL certificates of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.sslPolicy |
SSL policy of the application gateway resource. |
|
| properties.sslProfiles |
SSL profiles of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.trustedClientCertificates |
Trusted client certificates of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.trustedRootCertificates |
Trusted Root certificates of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.urlPathMaps |
URL path map of the application gateway resource. For default limits, see Application Gateway limits. |
|
| properties.webApplicationFirewallConfiguration |
Web application firewall configuration. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
| zones |
string[] |
A list of availability zones denoting where the resource needs to come from. |
ApplicationGatewayAuthenticationCertificate
Authentication certificates of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the authentication certificate that is unique within an Application Gateway. |
| properties.data |
string |
Certificate public data. |
| properties.provisioningState |
The provisioning state of the authentication certificate resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayAutoscaleConfiguration
Application Gateway autoscale configuration.
| Name | Type | Description |
|---|---|---|
| maxCapacity |
integer |
Upper bound on number of Application Gateway capacity. |
| minCapacity |
integer |
Lower bound on number of Application Gateway capacity. |
ApplicationGatewayBackendAddress
Backend address of an application gateway.
| Name | Type | Description |
|---|---|---|
| fqdn |
string |
Fully qualified domain name (FQDN). |
| ipAddress |
string |
IP address. |
ApplicationGatewayBackendAddressPool
Backend Address Pool of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the backend address pool that is unique within an Application Gateway. |
| properties.backendAddresses |
Backend addresses. |
|
| properties.backendIPConfigurations |
Collection of references to IPs defined in network interfaces. |
|
| properties.provisioningState |
The provisioning state of the backend address pool resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayBackendHttpSettings
Backend address pool settings of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the backend http settings that is unique within an Application Gateway. |
| properties.affinityCookieName |
string |
Cookie name to use for the affinity cookie. |
| properties.authenticationCertificates |
Array of references to application gateway authentication certificates. |
|
| properties.connectionDraining |
Connection draining of the backend http settings resource. |
|
| properties.cookieBasedAffinity |
Cookie based affinity. |
|
| properties.hostName |
string |
Host header to be sent to the backend servers. |
| properties.path |
string |
Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. Default value is null. |
| properties.pickHostNameFromBackendAddress |
boolean |
Whether to pick host header should be picked from the host name of the backend server. Default value is false. |
| properties.port |
integer |
The destination port on the backend. |
| properties.probe |
Probe resource of an application gateway. |
|
| properties.probeEnabled |
boolean |
Whether the probe is enabled. Default value is false. |
| properties.protocol |
The protocol used to communicate with the backend. |
|
| properties.provisioningState |
The provisioning state of the backend HTTP settings resource. |
|
| properties.requestTimeout |
integer |
Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. |
| properties.trustedRootCertificates |
Array of references to application gateway trusted root certificates. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayBackendSettings
Backend address pool settings of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the backend settings that is unique within an Application Gateway. |
| properties.hostName |
string |
Server name indication to be sent to the backend servers for Tls protocol. |
| properties.pickHostNameFromBackendAddress |
boolean |
Whether to pick server name indication from the host name of the backend server for Tls protocol. Default value is false. |
| properties.port |
integer |
The destination port on the backend. |
| properties.probe |
Probe resource of an application gateway. |
|
| properties.protocol |
The protocol used to communicate with the backend. |
|
| properties.provisioningState |
The provisioning state of the backend HTTP settings resource. |
|
| properties.timeout |
integer |
Connection timeout in seconds. Application Gateway will fail the request if response is not received within ConnectionTimeout. Acceptable values are from 1 second to 86400 seconds. |
| properties.trustedRootCertificates |
Array of references to application gateway trusted root certificates. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayClientAuthConfiguration
Application gateway client authentication configuration.
| Name | Type | Description |
|---|---|---|
| verifyClientCertIssuerDN |
boolean |
Verify client certificate issuer name on the application gateway. |
| verifyClientRevocation |
Verify client certificate revocation status. |
ApplicationGatewayClientRevocationOptions
Verify client certificate revocation status.
| Name | Type | Description |
|---|---|---|
| None |
string |
|
| OCSP |
string |
ApplicationGatewayConnectionDraining
Connection draining allows open connections to a backend server to be active for a specified time after the backend server got removed from the configuration.
| Name | Type | Description |
|---|---|---|
| drainTimeoutInSec |
integer |
The number of seconds connection draining is active. Acceptable values are from 1 second to 3600 seconds. |
| enabled |
boolean |
Whether connection draining is enabled or not. |
ApplicationGatewayCookieBasedAffinity
Cookie based affinity.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
ApplicationGatewayCustomError
Custom error of an application gateway.
| Name | Type | Description |
|---|---|---|
| customErrorPageUrl |
string |
Error page URL of the application gateway custom error. |
| statusCode |
Status code of the application gateway custom error. |
ApplicationGatewayCustomErrorStatusCode
Status code of the application gateway custom error.
| Name | Type | Description |
|---|---|---|
| HttpStatus400 |
string |
|
| HttpStatus403 |
string |
|
| HttpStatus404 |
string |
|
| HttpStatus405 |
string |
|
| HttpStatus408 |
string |
|
| HttpStatus500 |
string |
|
| HttpStatus502 |
string |
|
| HttpStatus503 |
string |
|
| HttpStatus504 |
string |
ApplicationGatewayFirewallDisabledRuleGroup
Allows to disable rules within a rule group or an entire rule group.
| Name | Type | Description |
|---|---|---|
| ruleGroupName |
string |
The name of the rule group that will be disabled. |
| rules |
integer[] |
The list of rules that will be disabled. If null, all rules of the rule group will be disabled. |
ApplicationGatewayFirewallExclusion
Allow to exclude some variable satisfy the condition for the WAF check.
| Name | Type | Description |
|---|---|---|
| matchVariable |
string |
The variable to be excluded. |
| selector |
string |
When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. |
| selectorMatchOperator |
string |
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. |
ApplicationGatewayFirewallMode
Web application firewall mode.
| Name | Type | Description |
|---|---|---|
| Detection |
string |
|
| Prevention |
string |
ApplicationGatewayFirewallRateLimitDuration
Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.
| Name | Type | Description |
|---|---|---|
| FiveMins |
string |
|
| OneMin |
string |
ApplicationGatewayFirewallUserSessionVariable
User Session clause variable.
| Name | Type | Description |
|---|---|---|
| ClientAddr |
string |
|
| GeoLocation |
string |
|
| None |
string |
ApplicationGatewayFrontendIPConfiguration
Frontend IP configuration of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the frontend IP configuration that is unique within an Application Gateway. |
| properties.privateIPAddress |
string |
PrivateIPAddress of the network interface IP Configuration. |
| properties.privateIPAllocationMethod |
The private IP address allocation method. |
|
| properties.privateLinkConfiguration |
Reference to the application gateway private link configuration. |
|
| properties.provisioningState |
The provisioning state of the frontend IP configuration resource. |
|
| properties.publicIPAddress |
Reference to the PublicIP resource. |
|
| properties.subnet |
Reference to the subnet resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayFrontendPort
Frontend port of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the frontend port that is unique within an Application Gateway. |
| properties.port |
integer |
Frontend port. |
| properties.provisioningState |
The provisioning state of the frontend port resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayGlobalConfiguration
Application Gateway global configuration.
| Name | Type | Description |
|---|---|---|
| enableRequestBuffering |
boolean |
Enable request buffering. |
| enableResponseBuffering |
boolean |
Enable response buffering. |
ApplicationGatewayHeaderConfiguration
Header configuration of the Actions set in Application Gateway.
| Name | Type | Description |
|---|---|---|
| headerName |
string |
Header name of the header configuration. |
| headerValue |
string |
Header value of the header configuration. |
ApplicationGatewayHttpListener
Http listener of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the HTTP listener that is unique within an Application Gateway. |
| properties.customErrorConfigurations |
Custom error configurations of the HTTP listener. |
|
| properties.firewallPolicy |
Reference to the FirewallPolicy resource. |
|
| properties.frontendIPConfiguration |
Frontend IP configuration resource of an application gateway. |
|
| properties.frontendPort |
Frontend port resource of an application gateway. |
|
| properties.hostName |
string |
Host name of HTTP listener. |
| properties.hostNames |
string[] |
List of Host names for HTTP Listener that allows special wildcard characters as well. |
| properties.protocol |
Protocol of the HTTP listener. |
|
| properties.provisioningState |
The provisioning state of the HTTP listener resource. |
|
| properties.requireServerNameIndication |
boolean |
Applicable only if protocol is https. Enables SNI for multi-hosting. |
| properties.sslCertificate |
SSL certificate resource of an application gateway. |
|
| properties.sslProfile |
SSL profile resource of the application gateway. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayIPConfiguration
IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the IP configuration that is unique within an Application Gateway. |
| properties.provisioningState |
The provisioning state of the application gateway IP configuration resource. |
|
| properties.subnet |
Reference to the subnet resource. A subnet from where application gateway gets its private address. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayListener
Listener of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the listener that is unique within an Application Gateway. |
| properties.frontendIPConfiguration |
Frontend IP configuration resource of an application gateway. |
|
| properties.frontendPort |
Frontend port resource of an application gateway. |
|
| properties.hostNames |
string[] |
List of Server Name Indications(SNI) for TLS Multi-site Listener that allows special wildcard characters as well. |
| properties.protocol |
Protocol of the listener. |
|
| properties.provisioningState |
The provisioning state of the listener resource. |
|
| properties.sslCertificate |
SSL certificate resource of an application gateway. |
|
| properties.sslProfile |
SSL profile resource of the application gateway. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayLoadDistributionAlgorithm
Load Distribution Targets resource of an application gateway.
| Name | Type | Description |
|---|---|---|
| IpHash |
string |
|
| LeastConnections |
string |
|
| RoundRobin |
string |
ApplicationGatewayLoadDistributionPolicy
Load Distribution Policy of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the load distribution policy that is unique within an Application Gateway. |
| properties.loadDistributionAlgorithm |
Load Distribution Targets resource of an application gateway. |
|
| properties.loadDistributionTargets |
Load Distribution Targets resource of an application gateway. |
|
| properties.provisioningState |
The provisioning state of the Load Distribution Policy resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayLoadDistributionTarget
Load Distribution Target of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the load distribution policy that is unique within an Application Gateway. |
| properties.backendAddressPool |
Backend address pool resource of the application gateway. |
|
| properties.weightPerServer |
integer |
Weight per server. Range between 1 and 100. |
| type |
string |
Type of the resource. |
ApplicationGatewayOperationalState
Operational state of the application gateway resource.
| Name | Type | Description |
|---|---|---|
| Running |
string |
|
| Starting |
string |
|
| Stopped |
string |
|
| Stopping |
string |
ApplicationGatewayPathRule
Path rule of URL path map of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the path rule that is unique within an Application Gateway. |
| properties.backendAddressPool |
Backend address pool resource of URL path map path rule. |
|
| properties.backendHttpSettings |
Backend http settings resource of URL path map path rule. |
|
| properties.firewallPolicy |
Reference to the FirewallPolicy resource. |
|
| properties.loadDistributionPolicy |
Load Distribution Policy resource of URL path map path rule. |
|
| properties.paths |
string[] |
Path rules of URL path map. |
| properties.provisioningState |
The provisioning state of the path rule resource. |
|
| properties.redirectConfiguration |
Redirect configuration resource of URL path map path rule. |
|
| properties.rewriteRuleSet |
Rewrite rule set resource of URL path map path rule. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayPrivateEndpointConnection
Private Endpoint connection on an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the private endpoint connection on an application gateway. |
| properties.linkIdentifier |
string |
The consumer link id. |
| properties.privateEndpoint |
The resource of private end point. |
|
| properties.privateLinkServiceConnectionState |
A collection of information about the state of the connection between service consumer and provider. |
|
| properties.provisioningState |
The provisioning state of the application gateway private endpoint connection resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayPrivateLinkConfiguration
Private Link Configuration on an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the private link configuration that is unique within an Application Gateway. |
| properties.ipConfigurations |
An array of application gateway private link ip configurations. |
|
| properties.provisioningState |
The provisioning state of the application gateway private link configuration. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayPrivateLinkIpConfiguration
The application gateway private link ip configuration.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of application gateway private link ip configuration. |
| properties.primary |
boolean |
Whether the ip configuration is primary or not. |
| properties.privateIPAddress |
string |
The private IP address of the IP configuration. |
| properties.privateIPAllocationMethod |
The private IP address allocation method. |
|
| properties.provisioningState |
The provisioning state of the application gateway private link IP configuration. |
|
| properties.subnet |
Reference to the subnet resource. |
|
| type |
string |
The resource type. |
ApplicationGatewayProbe
Probe of the application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the probe that is unique within an Application Gateway. |
| properties.host |
string |
Host name to send the probe to. |
| properties.interval |
integer |
The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. |
| properties.match |
Criterion for classifying a healthy probe response. |
|
| properties.minServers |
integer |
Minimum number of servers that are always marked healthy. Default value is 0. |
| properties.path |
string |
Relative path of probe. Valid path starts from '/'. Probe is sent to ://:. |
| properties.pickHostNameFromBackendHttpSettings |
boolean |
Whether the host header should be picked from the backend http settings. Default value is false. |
| properties.pickHostNameFromBackendSettings |
boolean |
Whether the server name indication should be picked from the backend settings for Tls protocol. Default value is false. |
| properties.port |
integer |
Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from http settings will be used. This property is valid for Basic, Standard_v2 and WAF_v2 only. |
| properties.protocol |
The protocol used for the probe. |
|
| properties.provisioningState |
The provisioning state of the probe resource. |
|
| properties.timeout |
integer |
The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. |
| properties.unhealthyThreshold |
integer |
The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. |
| type |
string |
Type of the resource. |
ApplicationGatewayProbeHealthResponseMatch
Application gateway probe health response match.
| Name | Type | Description |
|---|---|---|
| body |
string |
Body that must be contained in the health response. Default value is empty. |
| statusCodes |
string[] |
Allowed ranges of healthy status codes. Default range of healthy status codes is 200-399. |
ApplicationGatewayProtocol
Application Gateway protocol.
| Name | Type | Description |
|---|---|---|
| Http |
string |
Supported for httpListeners and backendHttpSettingsCollection properties. |
| Https |
string |
Supported for httpListeners and backendHttpSettingsCollection properties. |
| Tcp |
string |
Supported for listeners and backendSettingsCollection properties. |
| Tls |
string |
Supported for listeners and backendSettingsCollection properties. |
ApplicationGatewayRedirectConfiguration
Redirect configuration of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the redirect configuration that is unique within an Application Gateway. |
| properties.includePath |
boolean |
Include path in the redirected url. |
| properties.includeQueryString |
boolean |
Include query string in the redirected url. |
| properties.pathRules |
Path rules specifying redirect configuration. |
|
| properties.redirectType |
HTTP redirection type. |
|
| properties.requestRoutingRules |
Request routing specifying redirect configuration. |
|
| properties.targetListener |
Reference to a listener to redirect the request to. |
|
| properties.targetUrl |
string |
Url to redirect the request to. |
| properties.urlPathMaps |
Url path maps specifying default redirect configuration. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayRedirectType
HTTP redirection type.
| Name | Type | Description |
|---|---|---|
| Found |
string |
|
| Permanent |
string |
|
| SeeOther |
string |
|
| Temporary |
string |
ApplicationGatewayRequestRoutingRule
Request routing rule of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the request routing rule that is unique within an Application Gateway. |
| properties.backendAddressPool |
Backend address pool resource of the application gateway. |
|
| properties.backendHttpSettings |
Backend http settings resource of the application gateway. |
|
| properties.httpListener |
Http listener resource of the application gateway. |
|
| properties.loadDistributionPolicy |
Load Distribution Policy resource of the application gateway. |
|
| properties.priority |
integer |
Priority of the request routing rule. |
| properties.provisioningState |
The provisioning state of the request routing rule resource. |
|
| properties.redirectConfiguration |
Redirect configuration resource of the application gateway. |
|
| properties.rewriteRuleSet |
Rewrite Rule Set resource in Basic rule of the application gateway. |
|
| properties.ruleType |
Rule type. |
|
| properties.urlPathMap |
URL path map resource of the application gateway. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayRequestRoutingRuleType
Rule type.
| Name | Type | Description |
|---|---|---|
| Basic |
string |
|
| PathBasedRouting |
string |
ApplicationGatewayRewriteRule
Rewrite rule of an application gateway.
| Name | Type | Description |
|---|---|---|
| actionSet |
Set of actions to be done as part of the rewrite Rule. |
|
| conditions |
Conditions based on which the action set execution will be evaluated. |
|
| name |
string |
Name of the rewrite rule that is unique within an Application Gateway. |
| ruleSequence |
integer |
Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet. |
ApplicationGatewayRewriteRuleActionSet
Set of actions in the Rewrite Rule in Application Gateway.
| Name | Type | Description |
|---|---|---|
| requestHeaderConfigurations |
Request Header Actions in the Action Set. |
|
| responseHeaderConfigurations |
Response Header Actions in the Action Set. |
|
| urlConfiguration |
Url Configuration Action in the Action Set. |
ApplicationGatewayRewriteRuleCondition
Set of conditions in the Rewrite Rule in Application Gateway.
| Name | Type | Description |
|---|---|---|
| ignoreCase |
boolean |
Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison. |
| negate |
boolean |
Setting this value as truth will force to check the negation of the condition given by the user. |
| pattern |
string |
The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. |
| variable |
string |
The condition parameter of the RewriteRuleCondition. |
ApplicationGatewayRewriteRuleSet
Rewrite rule set of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the rewrite rule set that is unique within an Application Gateway. |
| properties.provisioningState |
The provisioning state of the rewrite rule set resource. |
|
| properties.rewriteRules |
Rewrite rules in the rewrite rule set. |
ApplicationGatewayRoutingRule
Routing rule of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the routing rule that is unique within an Application Gateway. |
| properties.backendAddressPool |
Backend address pool resource of the application gateway. |
|
| properties.backendSettings |
Backend settings resource of the application gateway. |
|
| properties.listener |
Listener resource of the application gateway. |
|
| properties.priority |
integer |
Priority of the routing rule. |
| properties.provisioningState |
The provisioning state of the request routing rule resource. |
|
| properties.ruleType |
Rule type. |
|
| type |
string |
Type of the resource. |
ApplicationGatewaySku
SKU of an application gateway.
| Name | Type | Description |
|---|---|---|
| capacity |
integer |
Capacity (instance count) of an application gateway. |
| name |
Name of an application gateway SKU. |
|
| tier |
Tier of an application gateway. |
ApplicationGatewaySkuName
Name of an application gateway SKU.
| Name | Type | Description |
|---|---|---|
| Basic |
string |
|
| Standard_Large |
string |
|
| Standard_Medium |
string |
|
| Standard_Small |
string |
|
| Standard_v2 |
string |
|
| WAF_Large |
string |
|
| WAF_Medium |
string |
|
| WAF_v2 |
string |
ApplicationGatewaySslCertificate
SSL certificates of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the SSL certificate that is unique within an Application Gateway. |
| properties.data |
string |
Base-64 encoded pfx certificate. Only applicable in PUT Request. |
| properties.keyVaultSecretId |
string |
Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. |
| properties.password |
string |
Password for the pfx file specified in data. Only applicable in PUT request. |
| properties.provisioningState |
The provisioning state of the SSL certificate resource. |
|
| properties.publicCertData |
string |
Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request. |
| type |
string |
Type of the resource. |
ApplicationGatewaySslCipherSuite
Ssl cipher suites to be enabled in the specified order to application gateway.
| Name | Type | Description |
|---|---|---|
| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
string |
|
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
string |
|
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
string |
|
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
string |
|
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
string |
|
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
string |
|
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
string |
|
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
string |
|
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
string |
|
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
string |
|
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
string |
|
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
string |
|
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
string |
|
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
string |
|
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
string |
|
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
string |
|
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
string |
|
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
string |
|
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
string |
|
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
string |
|
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
string |
|
| TLS_RSA_WITH_3DES_EDE_CBC_SHA |
string |
|
| TLS_RSA_WITH_AES_128_CBC_SHA |
string |
|
| TLS_RSA_WITH_AES_128_CBC_SHA256 |
string |
|
| TLS_RSA_WITH_AES_128_GCM_SHA256 |
string |
|
| TLS_RSA_WITH_AES_256_CBC_SHA |
string |
|
| TLS_RSA_WITH_AES_256_CBC_SHA256 |
string |
|
| TLS_RSA_WITH_AES_256_GCM_SHA384 |
string |
ApplicationGatewaySslPolicy
Application Gateway Ssl policy.
| Name | Type | Description |
|---|---|---|
| cipherSuites |
Ssl cipher suites to be enabled in the specified order to application gateway. |
|
| disabledSslProtocols |
Ssl protocols to be disabled on application gateway. |
|
| minProtocolVersion |
Minimum version of Ssl protocol to be supported on application gateway. |
|
| policyName |
Name of Ssl predefined policy. |
|
| policyType |
Type of Ssl Policy. |
ApplicationGatewaySslPolicyName
Name of Ssl predefined policy.
| Name | Type | Description |
|---|---|---|
| AppGwSslPolicy20150501 |
string |
|
| AppGwSslPolicy20170401 |
string |
|
| AppGwSslPolicy20170401S |
string |
|
| AppGwSslPolicy20220101 |
string |
|
| AppGwSslPolicy20220101S |
string |
ApplicationGatewaySslPolicyType
Type of Ssl Policy.
| Name | Type | Description |
|---|---|---|
| Custom |
string |
|
| CustomV2 |
string |
|
| Predefined |
string |
ApplicationGatewaySslProfile
SSL profile of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the SSL profile that is unique within an Application Gateway. |
| properties.clientAuthConfiguration |
Client authentication configuration of the application gateway resource. |
|
| properties.provisioningState |
The provisioning state of the HTTP listener resource. |
|
| properties.sslPolicy |
SSL policy of the application gateway resource. |
|
| properties.trustedClientCertificates |
Array of references to application gateway trusted client certificates. |
|
| type |
string |
Type of the resource. |
ApplicationGatewaySslProtocol
Ssl protocols to be disabled on application gateway.
| Name | Type | Description |
|---|---|---|
| TLSv1_0 |
string |
|
| TLSv1_1 |
string |
|
| TLSv1_2 |
string |
|
| TLSv1_3 |
string |
ApplicationGatewayTier
Tier of an application gateway.
| Name | Type | Description |
|---|---|---|
| Basic |
string |
|
| Standard |
string |
|
| Standard_v2 |
string |
|
| WAF |
string |
|
| WAF_v2 |
string |
ApplicationGatewayTrustedClientCertificate
Trusted client certificates of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the trusted client certificate that is unique within an Application Gateway. |
| properties.clientCertIssuerDN |
string |
Distinguished name of client certificate issuer. |
| properties.data |
string |
Certificate public data. |
| properties.provisioningState |
The provisioning state of the trusted client certificate resource. |
|
| properties.validatedCertData |
string |
Validated certificate data. |
| type |
string |
Type of the resource. |
ApplicationGatewayTrustedRootCertificate
Trusted Root certificates of an application gateway.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the trusted root certificate that is unique within an Application Gateway. |
| properties.data |
string |
Certificate public data. |
| properties.keyVaultSecretId |
string |
Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault. |
| properties.provisioningState |
The provisioning state of the trusted root certificate resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayUrlConfiguration
Url configuration of the Actions set in Application Gateway.
| Name | Type | Description |
|---|---|---|
| modifiedPath |
string |
Url path which user has provided for url rewrite. Null means no path will be updated. Default value is null. |
| modifiedQueryString |
string |
Query string which user has provided for url rewrite. Null means no query string will be updated. Default value is null. |
| reroute |
boolean |
If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path. Default value is false. |
ApplicationGatewayUrlPathMap
UrlPathMaps give a url path to the backend mapping information for PathBasedRouting.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the URL path map that is unique within an Application Gateway. |
| properties.defaultBackendAddressPool |
Default backend address pool resource of URL path map. |
|
| properties.defaultBackendHttpSettings |
Default backend http settings resource of URL path map. |
|
| properties.defaultLoadDistributionPolicy |
Default Load Distribution Policy resource of URL path map. |
|
| properties.defaultRedirectConfiguration |
Default redirect configuration resource of URL path map. |
|
| properties.defaultRewriteRuleSet |
Default Rewrite rule set resource of URL path map. |
|
| properties.pathRules |
Path rule of URL path map resource. |
|
| properties.provisioningState |
The provisioning state of the URL path map resource. |
|
| type |
string |
Type of the resource. |
ApplicationGatewayWebApplicationFirewallConfiguration
Application gateway web application firewall configuration.
| Name | Type | Description |
|---|---|---|
| disabledRuleGroups |
The disabled rule groups. |
|
| enabled |
boolean |
Whether the web application firewall is enabled or not. |
| exclusions |
The exclusion list. |
|
| fileUploadLimitInMb |
integer |
Maximum file upload size in Mb for WAF. |
| firewallMode |
Web application firewall mode. |
|
| maxRequestBodySize |
integer |
Maximum request body size for WAF. |
| maxRequestBodySizeInKb |
integer |
Maximum request body size in Kb for WAF. |
| requestBodyCheck |
boolean |
Whether allow WAF to check request Body. |
| ruleSetType |
string |
The type of the web application firewall rule set. Possible values are: 'OWASP'. |
| ruleSetVersion |
string |
The version of the rule set type. |
ApplicationSecurityGroup
An application security group in a resource group.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.provisioningState |
The provisioning state of the application security group resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups. |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
AutoApproval
The auto-approval list of the private link service.
| Name | Type | Description |
|---|---|---|
| subscriptions |
string[] |
The list of subscriptions. |
BackendAddressPool
Pool of backend IP addresses.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. |
| properties.backendIPConfigurations |
An array of references to IP addresses defined in network interfaces. |
|
| properties.drainPeriodInSeconds |
integer |
Amount of seconds Load Balancer waits for before sending RESET to client and backend address. |
| properties.inboundNatRules |
An array of references to inbound NAT rules that use this backend address pool. |
|
| properties.loadBalancerBackendAddresses |
An array of backend addresses. |
|
| properties.loadBalancingRules |
An array of references to load balancing rules that use this backend address pool. |
|
| properties.location |
string |
The location of the backend address pool. |
| properties.outboundRule |
A reference to an outbound rule that uses this backend address pool. |
|
| properties.outboundRules |
An array of references to outbound rules that use this backend address pool. |
|
| properties.provisioningState |
The provisioning state of the backend address pool resource. |
|
| properties.syncMode |
Backend address synchronous mode for the backend pool |
|
| properties.tunnelInterfaces |
An array of gateway load balancer tunnel interfaces. |
|
| properties.virtualNetwork |
A reference to a virtual network. |
|
| type |
string |
Type of the resource. |
CloudError
An error response from the service.
| Name | Type | Description |
|---|---|---|
| error |
Cloud error body. |
CloudErrorBody
An error response from the service.
| Name | Type | Description |
|---|---|---|
| code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
| details |
A list of additional details about the error. |
|
| message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
| target |
string |
The target of the particular error. For example, the name of the property in error. |
CustomDnsConfigPropertiesFormat
Contains custom Dns resolution configuration from customer.
| Name | Type | Description |
|---|---|---|
| fqdn |
string |
Fqdn that resolves to private endpoint ip address. |
| ipAddresses |
string[] |
A list of private ip addresses of the private endpoint. |
DdosSettings
Contains the DDoS protection settings of the public IP.
| Name | Type | Description |
|---|---|---|
| ddosProtectionPlan |
The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled |
|
| protectionMode |
The DDoS protection mode of the public IP |
DdosSettingsProtectionMode
The DDoS protection mode of the public IP
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
|
| VirtualNetworkInherited |
string |
Delegation
Details the service to which the subnet is delegated.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a subnet. This name can be used to access the resource. |
| properties.actions |
string[] |
The actions permitted to the service upon delegation. |
| properties.provisioningState |
The provisioning state of the service delegation resource. |
|
| properties.serviceName |
string |
The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). |
| type |
string |
Resource type. |
DeleteOptions
Specify what happens to the public IP address when the VM using it is deleted
| Name | Type | Description |
|---|---|---|
| Delete |
string |
|
| Detach |
string |
ExclusionManagedRule
Defines a managed rule to use for exclusion.
| Name | Type | Description |
|---|---|---|
| ruleId |
string |
Identifier for the managed rule. |
ExclusionManagedRuleGroup
Defines a managed rule group to use for exclusion.
| Name | Type | Description |
|---|---|---|
| ruleGroupName |
string |
The managed rule group for exclusion. |
| rules |
List of rules that will be excluded. If none specified, all rules in the group will be excluded. |
ExclusionManagedRuleSet
Defines a managed rule set for Exclusions.
| Name | Type | Description |
|---|---|---|
| ruleGroups |
Defines the rule groups to apply to the rule set. |
|
| ruleSetType |
string |
Defines the rule set type to use. |
| ruleSetVersion |
string |
Defines the version of the rule set to use. |
ExtendedLocation
ExtendedLocation complex type.
| Name | Type | Description |
|---|---|---|
| name |
string |
The name of the extended location. |
| type |
The type of the extended location. |
ExtendedLocationTypes
The type of the extended location.
| Name | Type | Description |
|---|---|---|
| EdgeZone |
string |
FlowLog
A flow log resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.enabled |
boolean |
Flag to enable/disable flow logging. |
| properties.flowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
|
| properties.format |
Parameters that define the flow log format. |
|
| properties.provisioningState |
The provisioning state of the flow log. |
|
| properties.retentionPolicy |
Parameters that define the retention policy for flow log. |
|
| properties.storageId |
string |
ID of the storage account which is used to store the flow log. |
| properties.targetResourceGuid |
string |
Guid of network security group to which flow log will be applied. |
| properties.targetResourceId |
string |
ID of network security group to which flow log will be applied. |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
FlowLogFormatParameters
Parameters that define the flow log format.
| Name | Type | Default Value | Description |
|---|---|---|---|
| type |
The file type of flow log. |
||
| version |
integer |
0 |
The version (revision) of the flow log. |
FlowLogFormatType
The file type of flow log.
| Name | Type | Description |
|---|---|---|
| JSON |
string |
FrontendIPConfiguration
Frontend IP address of the load balancer.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. |
| properties.gatewayLoadBalancer |
The reference to gateway load balancer frontend IP. |
|
| properties.inboundNatPools |
An array of references to inbound pools that use this frontend IP. |
|
| properties.inboundNatRules |
An array of references to inbound rules that use this frontend IP. |
|
| properties.loadBalancingRules |
An array of references to load balancing rules that use this frontend IP. |
|
| properties.outboundRules |
An array of references to outbound rules that use this frontend IP. |
|
| properties.privateIPAddress |
string |
The private IP address of the IP configuration. |
| properties.privateIPAddressVersion |
Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. |
|
| properties.privateIPAllocationMethod |
The Private IP allocation method. |
|
| properties.provisioningState |
The provisioning state of the frontend IP configuration resource. |
|
| properties.publicIPAddress |
The reference to the Public IP resource. |
|
| properties.publicIPPrefix |
The reference to the Public IP Prefix resource. |
|
| properties.subnet |
The reference to the subnet resource. |
|
| type |
string |
Type of the resource. |
| zones |
string[] |
A list of availability zones denoting the IP allocated for the resource needs to come from. |
GatewayLoadBalancerTunnelInterface
Gateway load balancer tunnel interface of a load balancer backend address pool.
| Name | Type | Description |
|---|---|---|
| identifier |
integer |
Identifier of gateway load balancer tunnel interface. |
| port |
integer |
Port of gateway load balancer tunnel interface. |
| protocol |
Protocol of gateway load balancer tunnel interface. |
|
| type |
Traffic type of gateway load balancer tunnel interface. |
GatewayLoadBalancerTunnelInterfaceType
Traffic type of gateway load balancer tunnel interface.
| Name | Type | Description |
|---|---|---|
| External |
string |
|
| Internal |
string |
|
| None |
string |
GatewayLoadBalancerTunnelProtocol
Protocol of gateway load balancer tunnel interface.
| Name | Type | Description |
|---|---|---|
| Native |
string |
|
| None |
string |
|
| VXLAN |
string |
GroupByUserSession
Define user session identifier group by clauses.
| Name | Type | Description |
|---|---|---|
| groupByVariables |
List of group by clause variables. |
GroupByVariable
Define user session group by clause variables.
| Name | Type | Description |
|---|---|---|
| variableName |
User Session clause variable. |
InboundNatRule
Inbound NAT rule of the load balancer.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. |
| properties.backendAddressPool |
A reference to backendAddressPool resource. |
|
| properties.backendIPConfiguration |
A reference to a private IP address defined on a network interface of a VM. Traffic sent to the frontend port of each of the frontend IP configurations is forwarded to the backend IP. |
|
| properties.backendPort |
integer |
The port used for the internal endpoint. Acceptable values range from 1 to 65535. |
| properties.enableFloatingIP |
boolean |
Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. |
| properties.enableTcpReset |
boolean |
Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. |
| properties.frontendIPConfiguration |
A reference to frontend IP addresses. |
|
| properties.frontendPort |
integer |
The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. |
| properties.frontendPortRangeEnd |
integer |
The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. Acceptable values range from 1 to 65534. |
| properties.frontendPortRangeStart |
integer |
The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. Acceptable values range from 1 to 65534. |
| properties.idleTimeoutInMinutes |
integer |
The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. |
| properties.protocol |
The reference to the transport protocol used by the load balancing rule. |
|
| properties.provisioningState |
The provisioning state of the inbound NAT rule resource. |
|
| type |
string |
Type of the resource. |
IPAllocationMethod
IP address allocation method.
| Name | Type | Description |
|---|---|---|
| Dynamic |
string |
|
| Static |
string |
IPConfiguration
IP configuration.
| Name | Type | Default Value | Description |
|---|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
|
| id |
string |
Resource ID. |
|
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
| properties.privateIPAddress |
string |
The private IP address of the IP configuration. |
|
| properties.privateIPAllocationMethod | Dynamic |
The private IP address allocation method. |
|
| properties.provisioningState |
The provisioning state of the IP configuration resource. |
||
| properties.publicIPAddress |
The reference to the public IP resource. |
||
| properties.subnet |
The reference to the subnet resource. |
IPConfigurationProfile
IP configuration profile child resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource. This name can be used to access the resource. |
| properties.provisioningState |
The provisioning state of the IP configuration profile resource. |
|
| properties.subnet |
The reference to the subnet resource to create a container network interface ip configuration. |
|
| type |
string |
Sub Resource type. |
IpTag
Contains the IpTag associated with the object.
| Name | Type | Description |
|---|---|---|
| ipTagType |
string |
The IP tag type. Example: FirstPartyUsage. |
| tag |
string |
The value of the IP tag associated with the public IP. Example: SQL. |
IPVersion
IP address version.
| Name | Type | Description |
|---|---|---|
| IPv4 |
string |
|
| IPv6 |
string |
LoadBalancerBackendAddress
Load balancer backend addresses.
| Name | Type | Description |
|---|---|---|
| name |
string |
Name of the backend address. |
| properties.adminState |
A list of administrative states which once set can override health probe so that Load Balancer will always forward new connections to backend, or deny new connections and reset existing connections. |
|
| properties.inboundNatRulesPortMapping |
Collection of inbound NAT rule port mappings. |
|
| properties.ipAddress |
string |
IP Address belonging to the referenced virtual network. |
| properties.loadBalancerFrontendIPConfiguration |
Reference to the frontend ip address configuration defined in regional loadbalancer. |
|
| properties.networkInterfaceIPConfiguration |
Reference to IP address defined in network interfaces. |
|
| properties.subnet |
Reference to an existing subnet. |
|
| properties.virtualNetwork |
Reference to an existing virtual network. |
LoadBalancerBackendAddressAdminState
A list of administrative states which once set can override health probe so that Load Balancer will always forward new connections to backend, or deny new connections and reset existing connections.
| Name | Type | Description |
|---|---|---|
| Down |
string |
|
| None |
string |
|
| Up |
string |
LogScrubbing
To scrub sensitive log fields
| Name | Type | Description |
|---|---|---|
| scrubbingRules |
The rules that are applied to the logs for scrubbing. |
|
| state |
State of the log scrubbing config. Default value is Enabled. |
ManagedRuleEnabledState
The state of the managed rule. Defaults to Disabled if not specified.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
ManagedRuleGroupOverride
Defines a managed rule group override setting.
| Name | Type | Description |
|---|---|---|
| ruleGroupName |
string |
The managed rule group to override. |
| rules |
List of rules that will be disabled. If none specified, all rules in the group will be disabled. |
ManagedRuleOverride
Defines a managed rule group override setting.
| Name | Type | Description |
|---|---|---|
| action |
Describes the override action to be applied when rule matches. |
|
| ruleId |
string |
Identifier for the managed rule. |
| state |
The state of the managed rule. Defaults to Disabled if not specified. |
ManagedRulesDefinition
Allow to exclude some variable satisfy the condition for the WAF check.
| Name | Type | Description |
|---|---|---|
| exclusions |
The Exclusions that are applied on the policy. |
|
| managedRuleSets |
The managed rule sets that are associated with the policy. |
ManagedRuleSet
Defines a managed rule set.
| Name | Type | Description |
|---|---|---|
| ruleGroupOverrides |
Defines the rule group overrides to apply to the rule set. |
|
| ruleSetType |
string |
Defines the rule set type to use. |
| ruleSetVersion |
string |
Defines the version of the rule set to use. |
ManagedServiceIdentity
Identity for the resource.
| Name | Type | Description |
|---|---|---|
| principalId |
string |
The principal id of the system assigned identity. This property will only be provided for a system assigned identity. |
| tenantId |
string |
The tenant id of the system assigned identity. This property will only be provided for a system assigned identity. |
| type |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. |
|
| userAssignedIdentities |
The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
MatchCondition
Define match conditions.
| Name | Type | Description |
|---|---|---|
| matchValues |
string[] |
Match value. |
| matchVariables |
List of match variables. |
|
| negationConditon |
boolean |
Whether this is negate condition or not. |
| operator |
The operator to be matched. |
|
| transforms |
List of transforms. |
MatchVariable
Define match variables.
| Name | Type | Description |
|---|---|---|
| selector |
string |
The selector of match variable. |
| variableName |
Match Variable. |
NatGateway
Nat Gateway resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.idleTimeoutInMinutes |
integer |
The idle timeout of the nat gateway. |
| properties.provisioningState |
The provisioning state of the NAT gateway resource. |
|
| properties.publicIpAddresses |
An array of public ip addresses associated with the nat gateway resource. |
|
| properties.publicIpPrefixes |
An array of public ip prefixes associated with the nat gateway resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the NAT gateway resource. |
| properties.subnets |
An array of references to the subnets using this nat gateway resource. |
|
| sku |
The nat gateway SKU. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
| zones |
string[] |
A list of availability zones denoting the zone in which Nat Gateway should be deployed. |
NatGatewaySku
SKU of nat gateway.
| Name | Type | Description |
|---|---|---|
| name |
Name of Nat Gateway SKU. |
NatGatewaySkuName
Name of Nat Gateway SKU.
| Name | Type | Description |
|---|---|---|
| Standard |
string |
NatRulePortMapping
Individual port mappings for inbound NAT rule created for backend pool.
| Name | Type | Description |
|---|---|---|
| backendPort |
integer |
Backend port. |
| frontendPort |
integer |
Frontend port. |
| inboundNatRuleName |
string |
Name of inbound NAT rule. |
NetworkInterface
A network interface in a resource group.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| extendedLocation |
The extended location of the network interface. |
|
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.auxiliaryMode |
Auxiliary mode of Network Interface resource. |
|
| properties.auxiliarySku |
Auxiliary sku of Network Interface resource. |
|
| properties.disableTcpStateTracking |
boolean |
Indicates whether to disable tcp state tracking. |
| properties.dnsSettings |
The DNS settings in network interface. |
|
| properties.dscpConfiguration |
A reference to the dscp configuration to which the network interface is linked. |
|
| properties.enableAcceleratedNetworking |
boolean |
If the network interface is configured for accelerated networking. Not applicable to VM sizes which require accelerated networking. |
| properties.enableIPForwarding |
boolean |
Indicates whether IP forwarding is enabled on this network interface. |
| properties.hostedWorkloads |
string[] |
A list of references to linked BareMetal resources. |
| properties.ipConfigurations |
A list of IPConfigurations of the network interface. |
|
| properties.macAddress |
string |
The MAC address of the network interface. |
| properties.migrationPhase |
Migration phase of Network Interface resource. |
|
| properties.networkSecurityGroup |
The reference to the NetworkSecurityGroup resource. |
|
| properties.nicType |
Type of Network Interface resource. |
|
| properties.primary |
boolean |
Whether this is a primary network interface on a virtual machine. |
| properties.privateEndpoint |
A reference to the private endpoint to which the network interface is linked. |
|
| properties.privateLinkService |
Privatelinkservice of the network interface resource. |
|
| properties.provisioningState |
The provisioning state of the network interface resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the network interface resource. |
| properties.tapConfigurations |
A list of TapConfigurations of the network interface. |
|
| properties.virtualMachine |
The reference to a virtual machine. |
|
| properties.vnetEncryptionSupported |
boolean |
Whether the virtual machine this nic is attached to supports encryption. |
| properties.workloadType |
string |
WorkloadType of the NetworkInterface for BareMetal resources |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
NetworkInterfaceAuxiliaryMode
Auxiliary mode of Network Interface resource.
| Name | Type | Description |
|---|---|---|
| AcceleratedConnections |
string |
|
| Floating |
string |
|
| MaxConnections |
string |
|
| None |
string |
NetworkInterfaceAuxiliarySku
Auxiliary sku of Network Interface resource.
| Name | Type | Description |
|---|---|---|
| A1 |
string |
|
| A2 |
string |
|
| A4 |
string |
|
| A8 |
string |
|
| None |
string |
NetworkInterfaceDnsSettings
DNS settings of a network interface.
| Name | Type | Description |
|---|---|---|
| appliedDnsServers |
string[] |
If the VM that uses this NIC is part of an Availability Set, then this list will have the union of all DNS servers from all NICs that are part of the Availability Set. This property is what is configured on each of those VMs. |
| dnsServers |
string[] |
List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. |
| internalDnsNameLabel |
string |
Relative DNS name for this NIC used for internal communications between VMs in the same virtual network. |
| internalDomainNameSuffix |
string |
Even if internalDnsNameLabel is not specified, a DNS entry is created for the primary NIC of the VM. This DNS name can be constructed by concatenating the VM name with the value of internalDomainNameSuffix. |
| internalFqdn |
string |
Fully qualified DNS name supporting internal communications between VMs in the same virtual network. |
NetworkInterfaceIPConfiguration
IPConfiguration in a network interface.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.applicationGatewayBackendAddressPools |
The reference to ApplicationGatewayBackendAddressPool resource. |
|
| properties.applicationSecurityGroups |
Application security groups in which the IP configuration is included. |
|
| properties.gatewayLoadBalancer |
The reference to gateway load balancer frontend IP. |
|
| properties.loadBalancerBackendAddressPools |
The reference to LoadBalancerBackendAddressPool resource. |
|
| properties.loadBalancerInboundNatRules |
A list of references of LoadBalancerInboundNatRules. |
|
| properties.primary |
boolean |
Whether this is a primary customer address on the network interface. |
| properties.privateIPAddress |
string |
Private IP address of the IP configuration. |
| properties.privateIPAddressVersion |
Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. |
|
| properties.privateIPAllocationMethod |
The private IP address allocation method. |
|
| properties.privateLinkConnectionProperties |
Network |
PrivateLinkConnection properties for the network interface. |
| properties.provisioningState |
The provisioning state of the network interface IP configuration. |
|
| properties.publicIPAddress |
Public IP address bound to the IP configuration. |
|
| properties.subnet |
Subnet bound to the IP configuration. |
|
| properties.virtualNetworkTaps |
The reference to Virtual Network Taps. |
|
| type |
string |
Resource type. |
NetworkInterfaceIPConfigurationPrivateLinkConnectionProperties
PrivateLinkConnection properties for the network interface.
| Name | Type | Description |
|---|---|---|
| fqdns |
string[] |
List of FQDNs for current private link connection. |
| groupId |
string |
The group ID for current private link connection. |
| requiredMemberName |
string |
The required member name for current private link connection. |
NetworkInterfaceMigrationPhase
Migration phase of Network Interface resource.
| Name | Type | Description |
|---|---|---|
| Abort |
string |
|
| Commit |
string |
|
| Committed |
string |
|
| None |
string |
|
| Prepare |
string |
NetworkInterfaceNicType
Type of Network Interface resource.
| Name | Type | Description |
|---|---|---|
| Elastic |
string |
|
| Standard |
string |
NetworkInterfaceTapConfiguration
Tap configuration in a Network Interface.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.provisioningState |
The provisioning state of the network interface tap configuration resource. |
|
| properties.virtualNetworkTap |
The reference to the Virtual Network Tap resource. |
|
| type |
string |
Sub Resource type. |
NetworkSecurityGroup
NetworkSecurityGroup resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.defaultSecurityRules |
The default security rules of network security group. |
|
| properties.flowLogs |
Flow |
A collection of references to flow log resources. |
| properties.flushConnection |
boolean |
When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. |
| properties.networkInterfaces |
A collection of references to network interfaces. |
|
| properties.provisioningState |
The provisioning state of the network security group resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the network security group resource. |
| properties.securityRules |
A collection of security rules of the network security group. |
|
| properties.subnets |
Subnet[] |
A collection of references to subnets. |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
OwaspCrsExclusionEntry
Allow to exclude some variable satisfy the condition for the WAF check.
| Name | Type | Description |
|---|---|---|
| exclusionManagedRuleSets |
The managed rule sets that are associated with the exclusion. |
|
| matchVariable |
The variable to be excluded. |
|
| selector |
string |
When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. |
| selectorMatchOperator |
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. |
OwaspCrsExclusionEntryMatchVariable
The variable to be excluded.
| Name | Type | Description |
|---|---|---|
| RequestArgKeys |
string |
|
| RequestArgNames |
string |
|
| RequestArgValues |
string |
|
| RequestCookieKeys |
string |
|
| RequestCookieNames |
string |
|
| RequestCookieValues |
string |
|
| RequestHeaderKeys |
string |
|
| RequestHeaderNames |
string |
|
| RequestHeaderValues |
string |
OwaspCrsExclusionEntrySelectorMatchOperator
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.
| Name | Type | Description |
|---|---|---|
| Contains |
string |
|
| EndsWith |
string |
|
| Equals |
string |
|
| EqualsAny |
string |
|
| StartsWith |
string |
PolicySettings
Defines contents of a web application firewall global configuration.
| Name | Type | Default Value | Description |
|---|---|---|---|
| customBlockResponseBody |
string |
If the action type is block, customer can override the response body. The body must be specified in base64 encoding. |
|
| customBlockResponseStatusCode |
integer |
If the action type is block, customer can override the response status code. |
|
| fileUploadEnforcement |
boolean |
True |
Whether allow WAF to enforce file upload limits. |
| fileUploadLimitInMb |
integer |
Maximum file upload size in Mb for WAF. |
|
| logScrubbing |
To scrub sensitive log fields |
||
| maxRequestBodySizeInKb |
integer |
Maximum request body size in Kb for WAF. |
|
| mode |
The mode of the policy. |
||
| requestBodyCheck |
boolean |
Whether to allow WAF to check request Body. |
|
| requestBodyEnforcement |
boolean |
True |
Whether allow WAF to enforce request body limits. |
| requestBodyInspectLimitInKB |
integer |
Max inspection limit in KB for request body inspection for WAF. |
|
| state |
The state of the policy. |
PrivateEndpoint
Private endpoint resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| extendedLocation |
The extended location of the load balancer. |
|
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.applicationSecurityGroups |
Application security groups in which the private endpoint IP configuration is included. |
|
| properties.customDnsConfigs |
An array of custom dns configurations. |
|
| properties.customNetworkInterfaceName |
string |
The custom name of the network interface attached to the private endpoint. |
| properties.ipConfigurations |
A list of IP configurations of the private endpoint. This will be used to map to the First Party Service's endpoints. |
|
| properties.manualPrivateLinkServiceConnections |
A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. |
|
| properties.networkInterfaces |
An array of references to the network interfaces created for this private endpoint. |
|
| properties.privateLinkServiceConnections |
A grouping of information about the connection to the remote resource. |
|
| properties.provisioningState |
The provisioning state of the private endpoint resource. |
|
| properties.subnet |
The ID of the subnet from which the private IP will be allocated. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
PrivateEndpointConnection
PrivateEndpointConnection resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.linkIdentifier |
string |
The consumer link id. |
| properties.privateEndpoint |
The resource of private end point. |
|
| properties.privateEndpointLocation |
string |
The location of the private endpoint. |
| properties.privateLinkServiceConnectionState |
A collection of information about the state of the connection between service consumer and provider. |
|
| properties.provisioningState |
The provisioning state of the private endpoint connection resource. |
|
| type |
string |
The resource type. |
PrivateEndpointIPConfiguration
An IP Configuration of the private endpoint.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| name |
string |
The name of the resource that is unique within a resource group. |
| properties.groupId |
string |
The ID of a group obtained from the remote resource that this private endpoint should connect to. |
| properties.memberName |
string |
The member name of a group obtained from the remote resource that this private endpoint should connect to. |
| properties.privateIPAddress |
string |
A private ip address obtained from the private endpoint's subnet. |
| type |
string |
The resource type. |
PrivateLinkService
Private link service resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| extendedLocation |
The extended location of the load balancer. |
|
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.alias |
string |
The alias of the private link service. |
| properties.autoApproval |
The auto-approval list of the private link service. |
|
| properties.enableProxyProtocol |
boolean |
Whether the private link service is enabled for proxy protocol or not. |
| properties.fqdns |
string[] |
The list of Fqdn. |
| properties.ipConfigurations |
An array of private link service IP configurations. |
|
| properties.loadBalancerFrontendIpConfigurations |
An array of references to the load balancer IP configurations. |
|
| properties.networkInterfaces |
An array of references to the network interfaces created for this private link service. |
|
| properties.privateEndpointConnections |
An array of list about connections to the private endpoint. |
|
| properties.provisioningState |
The provisioning state of the private link service resource. |
|
| properties.visibility |
The visibility list of the private link service. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
PrivateLinkServiceConnection
PrivateLinkServiceConnection resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.groupIds |
string[] |
The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to. |
| properties.privateLinkServiceConnectionState |
A collection of read-only information about the state of the connection to the remote resource. |
|
| properties.privateLinkServiceId |
string |
The resource id of private link service. |
| properties.provisioningState |
The provisioning state of the private link service connection resource. |
|
| properties.requestMessage |
string |
A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars. |
| type |
string |
The resource type. |
PrivateLinkServiceConnectionState
A collection of information about the state of the connection between service consumer and provider.
| Name | Type | Description |
|---|---|---|
| actionsRequired |
string |
A message indicating if changes on the service provider require any updates on the consumer. |
| description |
string |
The reason for approval/rejection of the connection. |
| status |
string |
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. |
PrivateLinkServiceIpConfiguration
The private link service ip configuration.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of private link service ip configuration. |
| properties.primary |
boolean |
Whether the ip configuration is primary or not. |
| properties.privateIPAddress |
string |
The private IP address of the IP configuration. |
| properties.privateIPAddressVersion |
Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. |
|
| properties.privateIPAllocationMethod |
The private IP address allocation method. |
|
| properties.provisioningState |
The provisioning state of the private link service IP configuration resource. |
|
| properties.subnet |
The reference to the subnet resource. |
|
| type |
string |
The resource type. |
ProvisioningState
The current provisioning state.
| Name | Type | Description |
|---|---|---|
| Deleting |
string |
|
| Failed |
string |
|
| Succeeded |
string |
|
| Updating |
string |
PublicIPAddress
Public IP address resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| extendedLocation |
The extended location of the public ip address. |
|
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.ddosSettings |
The DDoS protection custom policy associated with the public IP address. |
|
| properties.deleteOption |
Specify what happens to the public IP address when the VM using it is deleted |
|
| properties.dnsSettings |
The FQDN of the DNS record associated with the public IP address. |
|
| properties.idleTimeoutInMinutes |
integer |
The idle timeout of the public IP address. |
| properties.ipAddress |
string |
The IP address associated with the public IP address resource. |
| properties.ipConfiguration |
The IP configuration associated with the public IP address. |
|
| properties.ipTags |
Ip |
The list of tags associated with the public IP address. |
| properties.linkedPublicIPAddress |
The linked public IP address of the public IP address resource. |
|
| properties.migrationPhase |
Migration phase of Public IP Address. |
|
| properties.natGateway |
The NatGateway for the Public IP address. |
|
| properties.provisioningState |
The provisioning state of the public IP address resource. |
|
| properties.publicIPAddressVersion |
The public IP address version. |
|
| properties.publicIPAllocationMethod |
The public IP address allocation method. |
|
| properties.publicIPPrefix |
The Public IP Prefix this Public IP Address should be allocated from. |
|
| properties.resourceGuid |
string |
The resource GUID property of the public IP address resource. |
| properties.servicePublicIPAddress |
The service public IP address of the public IP address resource. |
|
| sku |
The public IP address SKU. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
| zones |
string[] |
A list of availability zones denoting the IP allocated for the resource needs to come from. |
PublicIPAddressDnsSettings
Contains FQDN of the DNS record associated with the public IP address.
| Name | Type | Description |
|---|---|---|
| domainNameLabel |
string |
The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. |
| domainNameLabelScope |
The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. |
|
| fqdn |
string |
The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. |
| reverseFqdn |
string |
The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. |
PublicIpAddressDnsSettingsDomainNameLabelScope
The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN.
| Name | Type | Description |
|---|---|---|
| NoReuse |
string |
|
| ResourceGroupReuse |
string |
|
| SubscriptionReuse |
string |
|
| TenantReuse |
string |
PublicIPAddressMigrationPhase
Migration phase of Public IP Address.
| Name | Type | Description |
|---|---|---|
| Abort |
string |
|
| Commit |
string |
|
| Committed |
string |
|
| None |
string |
|
| Prepare |
string |
PublicIPAddressSku
SKU of a public IP address.
| Name | Type | Description |
|---|---|---|
| name |
Name of a public IP address SKU. |
|
| tier |
Tier of a public IP address SKU. |
PublicIPAddressSkuName
Name of a public IP address SKU.
| Name | Type | Description |
|---|---|---|
| Basic |
string |
|
| Standard |
string |
PublicIPAddressSkuTier
Tier of a public IP address SKU.
| Name | Type | Description |
|---|---|---|
| Global |
string |
|
| Regional |
string |
ResourceIdentityType
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
| Name | Type | Description |
|---|---|---|
| None |
string |
|
| SystemAssigned |
string |
|
| SystemAssigned, UserAssigned |
string |
|
| UserAssigned |
string |
ResourceNavigationLink
ResourceNavigationLink resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource navigation link identifier. |
| name |
string |
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.link |
string |
Link to the external resource. |
| properties.linkedResourceType |
string |
Resource type of the linked resource. |
| properties.provisioningState |
The provisioning state of the resource navigation link resource. |
|
| type |
string |
Resource type. |
RetentionPolicyParameters
Parameters that define the retention policy for flow log.
| Name | Type | Default Value | Description |
|---|---|---|---|
| days |
integer |
0 |
Number of days to retain flow log records. |
| enabled |
boolean |
False |
Flag to enable/disable retention. |
Route
Route resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.addressPrefix |
string |
The destination CIDR to which the route applies. |
| properties.hasBgpOverride |
boolean |
A value indicating whether this route overrides overlapping BGP routes regardless of LPM. |
| properties.nextHopIpAddress |
string |
The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. |
| properties.nextHopType |
The type of Azure hop the packet should be sent to. |
|
| properties.provisioningState |
The provisioning state of the route resource. |
|
| type |
string |
The type of the resource. |
RouteNextHopType
The type of Azure hop the packet should be sent to.
| Name | Type | Description |
|---|---|---|
| Internet |
string |
|
| None |
string |
|
| VirtualAppliance |
string |
|
| VirtualNetworkGateway |
string |
|
| VnetLocal |
string |
RouteTable
Route table resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.disableBgpRoutePropagation |
boolean |
Whether to disable the routes learned by BGP on that route table. True means disable. |
| properties.provisioningState |
The provisioning state of the route table resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the route table. |
| properties.routes |
Route[] |
Collection of routes contained within a route table. |
| properties.subnets |
Subnet[] |
A collection of references to subnets. |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
scrubbingRuleEntryMatchVariable
The variable to be scrubbed from the logs.
| Name | Type | Description |
|---|---|---|
| RequestArgNames |
string |
|
| RequestCookieNames |
string |
|
| RequestHeaderNames |
string |
|
| RequestIPAddress |
string |
|
| RequestJSONArgNames |
string |
|
| RequestPostArgNames |
string |
SecurityRule
Network security rule.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.access |
The network traffic is allowed or denied. |
|
| properties.description |
string |
A description for this rule. Restricted to 140 chars. |
| properties.destinationAddressPrefix |
string |
The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. |
| properties.destinationAddressPrefixes |
string[] |
The destination address prefixes. CIDR or destination IP ranges. |
| properties.destinationApplicationSecurityGroups |
The application security group specified as destination. |
|
| properties.destinationPortRange |
string |
The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. |
| properties.destinationPortRanges |
string[] |
The destination port ranges. |
| properties.direction |
The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. |
|
| properties.priority |
integer |
The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. |
| properties.protocol |
Network protocol this rule applies to. |
|
| properties.provisioningState |
The provisioning state of the security rule resource. |
|
| properties.sourceAddressPrefix |
string |
The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. |
| properties.sourceAddressPrefixes |
string[] |
The CIDR or source IP ranges. |
| properties.sourceApplicationSecurityGroups |
The application security group specified as source. |
|
| properties.sourcePortRange |
string |
The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. |
| properties.sourcePortRanges |
string[] |
The source port ranges. |
| type |
string |
The type of the resource. |
SecurityRuleAccess
Whether network traffic is allowed or denied.
| Name | Type | Description |
|---|---|---|
| Allow |
string |
|
| Deny |
string |
SecurityRuleDirection
The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
| Name | Type | Description |
|---|---|---|
| Inbound |
string |
|
| Outbound |
string |
SecurityRuleProtocol
Network protocol this rule applies to.
| Name | Type | Description |
|---|---|---|
| * |
string |
|
| Ah |
string |
|
| Esp |
string |
|
| Icmp |
string |
|
| Tcp |
string |
|
| Udp |
string |
ServiceAssociationLink
ServiceAssociationLink resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.allowDelete |
boolean |
If true, the resource can be deleted. |
| properties.link |
string |
Link to the external resource. |
| properties.linkedResourceType |
string |
Resource type of the linked resource. |
| properties.locations |
string[] |
A list of locations. |
| properties.provisioningState |
The provisioning state of the service association link resource. |
|
| type |
string |
Resource type. |
ServiceEndpointPolicy
Service End point policy resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| kind |
string |
Kind of service endpoint policy. This is metadata used for the Azure portal experience. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.contextualServiceEndpointPolicies |
string[] |
A collection of contextual service endpoint policy. |
| properties.provisioningState |
The provisioning state of the service endpoint policy resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the service endpoint policy resource. |
| properties.serviceAlias |
string |
The alias indicating if the policy belongs to a service |
| properties.serviceEndpointPolicyDefinitions |
A collection of service endpoint policy definitions of the service endpoint policy. |
|
| properties.subnets |
Subnet[] |
A collection of references to subnets. |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
ServiceEndpointPolicyDefinition
Service Endpoint policy definitions.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
| properties.description |
string |
A description for this rule. Restricted to 140 chars. |
| properties.provisioningState |
The provisioning state of the service endpoint policy definition resource. |
|
| properties.service |
string |
Service endpoint name. |
| properties.serviceResources |
string[] |
A list of service resources. |
| type |
string |
The type of the resource. |
ServiceEndpointPropertiesFormat
The service endpoint properties.
| Name | Type | Description |
|---|---|---|
| locations |
string[] |
A list of locations. |
| provisioningState |
The provisioning state of the service endpoint resource. |
|
| service |
string |
The type of the endpoint service. |
Subnet
Subnet in a virtual network resource.
| Name | Type | Default Value | Description |
|---|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
|
| id |
string |
Resource ID. |
|
| name |
string |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
| properties.addressPrefix |
string |
The address prefix for the subnet. |
|
| properties.addressPrefixes |
string[] |
List of address prefixes for the subnet. |
|
| properties.applicationGatewayIPConfigurations |
Application gateway IP configurations of virtual network resource. |
||
| properties.defaultOutboundAccess |
boolean |
Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. |
|
| properties.delegations |
An array of references to the delegations on the subnet. |
||
| properties.ipAllocations |
Array of IpAllocation which reference this subnet. |
||
| properties.ipConfigurationProfiles |
Array of IP configuration profiles which reference this subnet. |
||
| properties.ipConfigurations |
An array of references to the network interface IP configurations using subnet. |
||
| properties.natGateway |
Nat gateway associated with this subnet. |
||
| properties.networkSecurityGroup |
The reference to the NetworkSecurityGroup resource. |
||
| properties.privateEndpointNetworkPolicies | Disabled |
Enable or Disable apply network policies on private end point in the subnet. |
|
| properties.privateEndpoints |
An array of references to private endpoints. |
||
| properties.privateLinkServiceNetworkPolicies | Enabled |
Enable or Disable apply network policies on private link service in the subnet. |
|
| properties.provisioningState |
The provisioning state of the subnet resource. |
||
| properties.purpose |
string |
A read-only string identifying the intention of use for this subnet based on delegations and other user-defined properties. |
|
| properties.resourceNavigationLinks |
An array of references to the external resources using subnet. |
||
| properties.routeTable |
The reference to the RouteTable resource. |
||
| properties.serviceAssociationLinks |
An array of references to services injecting into this subnet. |
||
| properties.serviceEndpointPolicies |
An array of service endpoint policies. |
||
| properties.serviceEndpoints |
An array of service endpoints. |
||
| type |
string |
Resource type. |
SubResource
Reference to another subresource.
| Name | Type | Description |
|---|---|---|
| id |
string |
Resource ID. |
SyncMode
Backend address synchronous mode for the backend pool
| Name | Type | Description |
|---|---|---|
| Automatic |
string |
|
| Manual |
string |
TrafficAnalyticsConfigurationProperties
Parameters that define the configuration of traffic analytics.
| Name | Type | Description |
|---|---|---|
| enabled |
boolean |
Flag to enable/disable traffic analytics. |
| trafficAnalyticsInterval |
integer |
The interval in minutes which would decide how frequently TA service should do flow analytics. |
| workspaceId |
string |
The resource guid of the attached workspace. |
| workspaceRegion |
string |
The location of the attached workspace. |
| workspaceResourceId |
string |
Resource Id of the attached workspace. |
TrafficAnalyticsProperties
Parameters that define the configuration of traffic analytics.
| Name | Type | Description |
|---|---|---|
| networkWatcherFlowAnalyticsConfiguration |
Parameters that define the configuration of traffic analytics. |
TransportProtocol
The transport protocol for the endpoint.
| Name | Type | Description |
|---|---|---|
| All |
string |
|
| Tcp |
string |
|
| Udp |
string |
UserAssignedIdentities
The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
| Name | Type | Description |
|---|---|---|
|
|
VirtualNetworkPrivateEndpointNetworkPolicies
Enable or Disable apply network policies on private end point in the subnet.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
|
| NetworkSecurityGroupEnabled |
string |
|
| RouteTableEnabled |
string |
VirtualNetworkPrivateLinkServiceNetworkPolicies
Enable or Disable apply network policies on private link service in the subnet.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
VirtualNetworkTap
Virtual Network Tap resource.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.destinationLoadBalancerFrontEndIPConfiguration |
The reference to the private IP address on the internal Load Balancer that will receive the tap. |
|
| properties.destinationNetworkInterfaceIPConfiguration |
The reference to the private IP Address of the collector nic that will receive the tap. |
|
| properties.destinationPort |
integer |
The VXLAN destination port that will receive the tapped traffic. |
| properties.networkInterfaceTapConfigurations |
Specifies the list of resource IDs for the network interface IP configuration that needs to be tapped. |
|
| properties.provisioningState |
The provisioning state of the virtual network tap resource. |
|
| properties.resourceGuid |
string |
The resource GUID property of the virtual network tap resource. |
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
Visibility
The visibility list of the private link service.
| Name | Type | Description |
|---|---|---|
| subscriptions |
string[] |
The list of subscriptions. |
WebApplicationFirewallAction
Type of Actions.
| Name | Type | Description |
|---|---|---|
| Allow |
string |
|
| Block |
string |
|
| JSChallenge |
string |
|
| Log |
string |
WebApplicationFirewallCustomRule
Defines contents of a web application rule.
| Name | Type | Description |
|---|---|---|
| action |
Type of Actions. |
|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| groupByUserSession |
List of user session identifier group by clauses. |
|
| matchConditions |
List of match conditions. |
|
| name |
string |
The name of the resource that is unique within a policy. This name can be used to access the resource. |
| priority |
integer |
Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. |
| rateLimitDuration |
Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule. |
|
| rateLimitThreshold |
integer |
Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1 |
| ruleType |
The rule type. |
|
| state |
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified. |
WebApplicationFirewallEnabledState
The state of the policy.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
WebApplicationFirewallMatchVariable
Match Variable.
| Name | Type | Description |
|---|---|---|
| PostArgs |
string |
|
| QueryString |
string |
|
| RemoteAddr |
string |
|
| RequestBody |
string |
|
| RequestCookies |
string |
|
| RequestHeaders |
string |
|
| RequestMethod |
string |
|
| RequestUri |
string |
WebApplicationFirewallMode
The mode of the policy.
| Name | Type | Description |
|---|---|---|
| Detection |
string |
|
| Prevention |
string |
WebApplicationFirewallOperator
The operator to be matched.
| Name | Type | Description |
|---|---|---|
| Any |
string |
|
| BeginsWith |
string |
|
| Contains |
string |
|
| EndsWith |
string |
|
| Equal |
string |
|
| GeoMatch |
string |
|
| GreaterThan |
string |
|
| GreaterThanOrEqual |
string |
|
| IPMatch |
string |
|
| LessThan |
string |
|
| LessThanOrEqual |
string |
|
| Regex |
string |
WebApplicationFirewallPolicy
Defines web application firewall policy.
| Name | Type | Description |
|---|---|---|
| etag |
string |
A unique read-only string that changes whenever the resource is updated. |
| id |
string |
Resource ID. |
| location |
string |
Resource location. |
| name |
string |
Resource name. |
| properties.applicationGateways |
A collection of references to application gateways. |
|
| properties.customRules |
The custom rules inside the policy. |
|
| properties.httpListeners |
A collection of references to application gateway http listeners. |
|
| properties.managedRules |
Describes the managedRules structure. |
|
| properties.pathBasedRules |
A collection of references to application gateway path rules. |
|
| properties.policySettings |
The PolicySettings for policy. |
|
| properties.provisioningState |
The provisioning state of the web application firewall policy resource. |
|
| properties.resourceState |
Resource status of the policy. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type. |
WebApplicationFirewallPolicyResourceState
Resource status of the policy.
| Name | Type | Description |
|---|---|---|
| Creating |
string |
|
| Deleting |
string |
|
| Disabled |
string |
|
| Disabling |
string |
|
| Enabled |
string |
|
| Enabling |
string |
WebApplicationFirewallRuleType
The rule type.
| Name | Type | Description |
|---|---|---|
| Invalid |
string |
|
| MatchRule |
string |
|
| RateLimitRule |
string |
WebApplicationFirewallScrubbingRules
Allow certain variables to be scrubbed on WAF logs
| Name | Type | Description |
|---|---|---|
| matchVariable |
The variable to be scrubbed from the logs. |
|
| selector |
string |
When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. |
| selectorMatchOperator |
When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. |
|
| state |
Defines the state of log scrubbing rule. Default value is Enabled. |
WebApplicationFirewallScrubbingState
State of the log scrubbing config. Default value is Enabled.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
WebApplicationFirewallState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
WebApplicationFirewallTransform
List of transforms.
| Name | Type | Description |
|---|---|---|
| HtmlEntityDecode |
string |
|
| Lowercase |
string |
|
| RemoveNulls |
string |
|
| Trim |
string |
|
| Uppercase |
string |
|
| UrlDecode |
string |
|
| UrlEncode |
string |