Policies - List By Subscription

Service:

Front Door Service

API Version:

2024-02-01

Lists all of the protection policies within a subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies?api-version=2024-02-01

URI Parameters

Name	In	Required	Type	Description
subscriptionId	path	True	string	The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version	query	True	string	Client API version.

Responses

Name	Type	Description
200 OK	WebApplicationFirewallPolicyList	OK. The request has succeeded.
Other Status Codes	DefaultErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Get all Policies in a Resource Group

Sample Request

HTTP

GET https://management.azure.com/subscriptions/subid/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies?api-version=2024-02-01

Java

/**
 * Samples for Policies List.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/
     * WafListPoliciesUnderSubscription.json
     */
    /**
     * Sample code: Get all Policies in a Resource Group.
     * 
     * @param manager Entry point to FrontDoorManager.
     */
    public static void getAllPoliciesInAResourceGroup(com.azure.resourcemanager.frontdoor.FrontDoorManager manager) {
        manager.policies().list(com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armfrontdoor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/frontdoor/armfrontdoor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b54ffc9278eff071455b1dbb4ad2e772afce885d/specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/WafListPoliciesUnderSubscription.json
func ExamplePoliciesClient_NewListBySubscriptionPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armfrontdoor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewPoliciesClient().NewListBySubscriptionPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.WebApplicationFirewallPolicyList = armfrontdoor.WebApplicationFirewallPolicyList{
		// 	Value: []*armfrontdoor.WebApplicationFirewallPolicy{
		// 		{
		// 			Name: to.Ptr("Policy1"),
		// 			Type: to.Ptr("Microsoft.Network/frontdoorwebapplicationfirewallpolicies"),
		// 			ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1"),
		// 			Location: to.Ptr("WestUs"),
		// 			Tags: map[string]*string{
		// 				"key1": to.Ptr("value1"),
		// 				"key2": to.Ptr("value2"),
		// 			},
		// 			Properties: &armfrontdoor.WebApplicationFirewallPolicyProperties{
		// 				CustomRules: &armfrontdoor.CustomRuleList{
		// 					Rules: []*armfrontdoor.CustomRule{
		// 						{
		// 							Name: to.Ptr("Rule1"),
		// 							Action: to.Ptr(armfrontdoor.ActionTypeBlock),
		// 							EnabledState: to.Ptr(armfrontdoor.CustomRuleEnabledStateEnabled),
		// 							MatchConditions: []*armfrontdoor.MatchCondition{
		// 								{
		// 									MatchValue: []*string{
		// 										to.Ptr("192.168.1.0/24"),
		// 										to.Ptr("10.0.0.0/24")},
		// 										MatchVariable: to.Ptr(armfrontdoor.MatchVariableRemoteAddr),
		// 										NegateCondition: to.Ptr(false),
		// 										Operator: to.Ptr(armfrontdoor.OperatorIPMatch),
		// 										Transforms: []*armfrontdoor.TransformType{
		// 										},
		// 								}},
		// 								Priority: to.Ptr[int32](1),
		// 								RateLimitDurationInMinutes: to.Ptr[int32](0),
		// 								RateLimitThreshold: to.Ptr[int32](1000),
		// 								RuleType: to.Ptr(armfrontdoor.RuleTypeRateLimitRule),
		// 							},
		// 							{
		// 								Name: to.Ptr("Rule2"),
		// 								Action: to.Ptr(armfrontdoor.ActionTypeBlock),
		// 								EnabledState: to.Ptr(armfrontdoor.CustomRuleEnabledStateEnabled),
		// 								MatchConditions: []*armfrontdoor.MatchCondition{
		// 									{
		// 										MatchValue: []*string{
		// 											to.Ptr("CH")},
		// 											MatchVariable: to.Ptr(armfrontdoor.MatchVariableRemoteAddr),
		// 											NegateCondition: to.Ptr(false),
		// 											Operator: to.Ptr(armfrontdoor.OperatorGeoMatch),
		// 										},
		// 										{
		// 											MatchValue: []*string{
		// 												to.Ptr("windows")},
		// 												MatchVariable: to.Ptr(armfrontdoor.MatchVariableRequestHeader),
		// 												NegateCondition: to.Ptr(false),
		// 												Operator: to.Ptr(armfrontdoor.OperatorContains),
		// 												Selector: to.Ptr("UserAgent"),
		// 												Transforms: []*armfrontdoor.TransformType{
		// 													to.Ptr(armfrontdoor.TransformTypeLowercase)},
		// 											}},
		// 											Priority: to.Ptr[int32](2),
		// 											RateLimitDurationInMinutes: to.Ptr[int32](0),
		// 											RateLimitThreshold: to.Ptr[int32](0),
		// 											RuleType: to.Ptr(armfrontdoor.RuleTypeMatchRule),
		// 									}},
		// 								},
		// 								FrontendEndpointLinks: []*armfrontdoor.FrontendEndpointLink{
		// 									{
		// 										ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net"),
		// 								}},
		// 								ManagedRules: &armfrontdoor.ManagedRuleSetList{
		// 									ManagedRuleSets: []*armfrontdoor.ManagedRuleSet{
		// 										{
		// 											Exclusions: []*armfrontdoor.ManagedRuleExclusion{
		// 												{
		// 													MatchVariable: to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableRequestHeaderNames),
		// 													Selector: to.Ptr("User-Agent"),
		// 													SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorEquals),
		// 											}},
		// 											RuleGroupOverrides: []*armfrontdoor.ManagedRuleGroupOverride{
		// 												{
		// 													RuleGroupName: to.Ptr("SQLI"),
		// 													Rules: []*armfrontdoor.ManagedRuleOverride{
		// 														{
		// 															Action: to.Ptr(armfrontdoor.ActionTypeRedirect),
		// 															EnabledState: to.Ptr(armfrontdoor.ManagedRuleEnabledStateEnabled),
		// 															RuleID: to.Ptr("942100"),
		// 														},
		// 														{
		// 															EnabledState: to.Ptr(armfrontdoor.ManagedRuleEnabledStateDisabled),
		// 															RuleID: to.Ptr("942110"),
		// 													}},
		// 											}},
		// 											RuleSetType: to.Ptr("DefaultRuleSet"),
		// 											RuleSetVersion: to.Ptr("1.0"),
		// 									}},
		// 								},
		// 								PolicySettings: &armfrontdoor.PolicySettings{
		// 									CustomBlockResponseBody: to.Ptr("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
		// 									CustomBlockResponseStatusCode: to.Ptr[int32](499),
		// 									EnabledState: to.Ptr(armfrontdoor.PolicyEnabledStateEnabled),
		// 									Mode: to.Ptr(armfrontdoor.PolicyModePrevention),
		// 									RedirectURL: to.Ptr("http://www.bing.com"),
		// 								},
		// 								ProvisioningState: to.Ptr("Succeeded"),
		// 								ResourceState: to.Ptr(armfrontdoor.PolicyResourceStateEnabled),
		// 								SecurityPolicyLinks: []*armfrontdoor.SecurityPolicyLink{
		// 								},
		// 							},
		// 							SKU: &armfrontdoor.SKU{
		// 								Name: to.Ptr(armfrontdoor.SKUNameClassicAzureFrontDoor),
		// 							},
		// 					}},
		// 				}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { FrontDoorManagementClient } = require("@azure/arm-frontdoor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Lists all of the protection policies within a subscription.
 *
 * @summary Lists all of the protection policies within a subscription.
 * x-ms-original-file: specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/WafListPoliciesUnderSubscription.json
 */
async function getAllPoliciesInAResourceGroup() {
  const subscriptionId = process.env["FRONTDOOR_SUBSCRIPTION_ID"] || "subid";
  const credential = new DefaultAzureCredential();
  const client = new FrontDoorManagementClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.policies.listBySubscription()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "name": "Policy1",
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
      "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies",
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "location": "WestUs",
      "sku": {
        "name": "Classic_AzureFrontDoor"
      },
      "properties": {
        "resourceState": "Enabled",
        "provisioningState": "Succeeded",
        "policySettings": {
          "enabledState": "Enabled",
          "mode": "Prevention",
          "redirectUrl": "http://www.bing.com",
          "customBlockResponseStatusCode": 499,
          "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="
        },
        "customRules": {
          "rules": [
            {
              "name": "Rule1",
              "priority": 1,
              "enabledState": "Enabled",
              "ruleType": "RateLimitRule",
              "rateLimitDurationInMinutes": 0,
              "rateLimitThreshold": 1000,
              "matchConditions": [
                {
                  "matchVariable": "RemoteAddr",
                  "selector": null,
                  "operator": "IPMatch",
                  "negateCondition": false,
                  "matchValue": [
                    "192.168.1.0/24",
                    "10.0.0.0/24"
                  ],
                  "transforms": []
                }
              ],
              "action": "Block"
            },
            {
              "name": "Rule2",
              "priority": 2,
              "enabledState": "Enabled",
              "ruleType": "MatchRule",
              "rateLimitDurationInMinutes": 0,
              "rateLimitThreshold": 0,
              "matchConditions": [
                {
                  "matchVariable": "RemoteAddr",
                  "selector": null,
                  "operator": "GeoMatch",
                  "negateCondition": false,
                  "matchValue": [
                    "CH"
                  ]
                },
                {
                  "matchVariable": "RequestHeader",
                  "selector": "UserAgent",
                  "operator": "Contains",
                  "negateCondition": false,
                  "matchValue": [
                    "windows"
                  ],
                  "transforms": [
                    "Lowercase"
                  ]
                }
              ],
              "action": "Block"
            }
          ]
        },
        "managedRules": {
          "managedRuleSets": [
            {
              "ruleSetType": "DefaultRuleSet",
              "ruleSetVersion": "1.0",
              "exclusions": [
                {
                  "matchVariable": "RequestHeaderNames",
                  "selectorMatchOperator": "Equals",
                  "selector": "User-Agent"
                }
              ],
              "ruleGroupOverrides": [
                {
                  "ruleGroupName": "SQLI",
                  "rules": [
                    {
                      "ruleId": "942100",
                      "enabledState": "Enabled",
                      "action": "Redirect"
                    },
                    {
                      "ruleId": "942110",
                      "enabledState": "Disabled"
                    }
                  ]
                }
              ]
            }
          ]
        },
        "frontendEndpointLinks": [
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net"
          }
        ],
        "securityPolicyLinks": []
      }
    }
  ]
}

Definitions

Name	Description
scrubbingRuleEntryMatchOperator	When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.
scrubbingRuleEntryState	Defines the state of a log scrubbing rule. Default value is enabled.
ActionType	Defines the action to take on rule match.
CustomRule	Defines contents of a web application rule
CustomRuleEnabledState	Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
CustomRuleList	Defines contents of custom rules
DefaultErrorResponse	Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.
Error	Error model.
FrontendEndpointLink	Defines the Resource ID for a Frontend Endpoint.
GroupByVariable	Describes the variables available to group the rate limit requests
ManagedRuleEnabledState	Describes if the managed rule is in enabled or disabled state.
ManagedRuleExclusion	Exclude variables from managed rule evaluation.
ManagedRuleExclusionMatchVariable	The variable type to be excluded.
ManagedRuleExclusionSelectorMatchOperator	Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.
ManagedRuleGroupOverride	Defines a managed rule group override setting.
ManagedRuleOverride	Defines a managed rule group override setting.
ManagedRuleSet	Defines a managed rule set.
ManagedRuleSetActionType	Defines the action to take when a managed rule set score threshold is met.
ManagedRuleSetList	Defines the list of managed rule sets for the policy.
MatchCondition	Define a match condition.
MatchVariable	Request variable to compare with.
Operator	Comparison type to use for matching with the variable value.
PolicyEnabledState	Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
PolicyMode	Describes if it is in detection mode or prevention mode at policy level.
PolicyRequestBodyCheck	Describes if policy managed rules will inspect the request body content.
PolicyResourceState	Resource status of the policy.
PolicySettings	Defines top-level WebApplicationFirewallPolicy configuration settings.
RoutingRuleLink	Defines the Resource ID for a Routing Rule.
RuleType	Describes type of rule.
scrubbingRuleEntryMatchVariable	The variable to be scrubbed from the logs.
SecurityPolicyLink	Defines the Resource ID for a Security Policy.
Sku	The pricing tier of the web application firewall policy.
SkuName	Name of the pricing tier.
TransformType	Describes what transforms applied before matching.
VariableName	Describes the supported variable for group by
WebApplicationFirewallPolicy	Defines web application firewall policy.
WebApplicationFirewallPolicyList	Defines a list of WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.
WebApplicationFirewallScrubbingRules	Defines the contents of the log scrubbing rules.
WebApplicationFirewallScrubbingState	State of the log scrubbing config. Default value is Enabled.

scrubbingRuleEntryMatchOperator

When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.

Name	Type	Description
Equals	string
EqualsAny	string

scrubbingRuleEntryState

Defines the state of a log scrubbing rule. Default value is enabled.

Name	Type	Description
Disabled	string
Enabled	string

ActionType

Defines the action to take on rule match.

Name	Type	Description
Allow	string
AnomalyScoring	string
Block	string
JSChallenge	string
Log	string
Redirect	string

CustomRule

Defines contents of a web application rule

Name	Type	Description
action	ActionType	Describes what action to be applied when rule matches.
enabledState	CustomRuleEnabledState	Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
groupBy	GroupByVariable[]	Describes the list of variables to group the rate limit requests
matchConditions	MatchCondition[]	List of match conditions.
name	string	Describes the name of the rule.
priority	integer	Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
rateLimitDurationInMinutes	integer	Time window for resetting the rate limit count. Default is 1 minute.
rateLimitThreshold	integer	Number of allowed requests per client within the time window.
ruleType	RuleType	Describes type of rule.

CustomRuleEnabledState

Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

Name	Type	Description
Disabled	string
Enabled	string

CustomRuleList

Defines contents of custom rules

Name	Type	Description
rules	CustomRule[]	List of rules

DefaultErrorResponse

Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.

Name	Type	Description
error	Error	Error model.

Error

Error model.

Name	Type	Description
code	string	Error code.
message	string	Error message indicating why the operation failed.

FrontendEndpointLink

Defines the Resource ID for a Frontend Endpoint.

Name	Type	Description
id	string	Resource ID.

GroupByVariable

Describes the variables available to group the rate limit requests

Name	Type	Description
variableName	VariableName	Describes the supported variable for group by

ManagedRuleEnabledState

Describes if the managed rule is in enabled or disabled state.

Name	Type	Description
Disabled	string
Enabled	string

ManagedRuleExclusion

Exclude variables from managed rule evaluation.

Name	Type	Description
matchVariable	ManagedRuleExclusionMatchVariable	The variable type to be excluded.
selector	string	Selector value for which elements in the collection this exclusion applies to.
selectorMatchOperator	ManagedRuleExclusionSelectorMatchOperator	Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.

ManagedRuleExclusionMatchVariable

The variable type to be excluded.

Name	Type	Description
QueryStringArgNames	string
RequestBodyJsonArgNames	string
RequestBodyPostArgNames	string
RequestCookieNames	string
RequestHeaderNames	string

ManagedRuleExclusionSelectorMatchOperator

Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.

Name	Type	Description
Contains	string
EndsWith	string
Equals	string
EqualsAny	string
StartsWith	string

ManagedRuleGroupOverride

Defines a managed rule group override setting.

Name	Type	Description
exclusions	ManagedRuleExclusion[]	Describes the exclusions that are applied to all rules in the group.
ruleGroupName	string	Describes the managed rule group to override.
rules	ManagedRuleOverride[]	List of rules that will be disabled. If none specified, all rules in the group will be disabled.

ManagedRuleOverride

Defines a managed rule group override setting.

Name	Type	Description
action	ActionType	Describes the override action to be applied when rule matches.
enabledState	ManagedRuleEnabledState	Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
exclusions	ManagedRuleExclusion[]	Describes the exclusions that are applied to this specific rule.
ruleId	string	Identifier for the managed rule.

ManagedRuleSet

Defines a managed rule set.

Name	Type	Description
exclusions	ManagedRuleExclusion[]	Describes the exclusions that are applied to all rules in the set.
ruleGroupOverrides	ManagedRuleGroupOverride[]	Defines the rule group overrides to apply to the rule set.
ruleSetAction	ManagedRuleSetActionType	ruleSetAction Defines the rule set action.
ruleSetType	string	Defines the rule set type to use.
ruleSetVersion	string	Defines the version of the rule set to use.

ManagedRuleSetActionType

Defines the action to take when a managed rule set score threshold is met.

Name	Type	Description
Block	string
Log	string
Redirect	string

ManagedRuleSetList

Defines the list of managed rule sets for the policy.

Name	Type	Description
managedRuleSets	ManagedRuleSet[]	List of rule sets.

MatchCondition

Define a match condition.

Name	Type	Description
matchValue	string[]	List of possible match values.
matchVariable	MatchVariable	Request variable to compare with.
negateCondition	boolean	Describes if the result of this condition should be negated.
operator	Operator	Comparison type to use for matching with the variable value.
selector	string	Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.
transforms	TransformType[]	List of transforms.

MatchVariable

Request variable to compare with.

Name	Type	Description
Cookies	string
PostArgs	string
QueryString	string
RemoteAddr	string
RequestBody	string
RequestHeader	string
RequestMethod	string
RequestUri	string
SocketAddr	string

Operator

Comparison type to use for matching with the variable value.

Name	Type	Description
Any	string
BeginsWith	string
Contains	string
EndsWith	string
Equal	string
GeoMatch	string
GreaterThan	string
GreaterThanOrEqual	string
IPMatch	string
LessThan	string
LessThanOrEqual	string
RegEx	string

PolicyEnabledState

Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.

Name	Type	Description
Disabled	string
Enabled	string

PolicyMode

Describes if it is in detection mode or prevention mode at policy level.

Name	Type	Description
Detection	string
Prevention	string

PolicyRequestBodyCheck

Describes if policy managed rules will inspect the request body content.

Name	Type	Description
Disabled	string
Enabled	string

PolicyResourceState

Resource status of the policy.

Name	Type	Description
Creating	string
Deleting	string
Disabled	string
Disabling	string
Enabled	string
Enabling	string

PolicySettings

Defines top-level WebApplicationFirewallPolicy configuration settings.

Name	Type	Description
customBlockResponseBody	string	If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
customBlockResponseStatusCode	integer	If the action type is block, customer can override the response status code.
enabledState	PolicyEnabledState	Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.
javascriptChallengeExpirationInMinutes	integer	Defines the JavaScript challenge cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30.
logScrubbing.scrubbingRules	WebApplicationFirewallScrubbingRules[]	List of log scrubbing rules applied to the Web Application Firewall logs.
logScrubbing.state	WebApplicationFirewallScrubbingState	State of the log scrubbing config. Default value is Enabled.
mode	PolicyMode	Describes if it is in detection mode or prevention mode at policy level.
redirectUrl	string	If action type is redirect, this field represents redirect URL for the client.
requestBodyCheck	PolicyRequestBodyCheck	Describes if policy managed rules will inspect the request body content.

RoutingRuleLink

Defines the Resource ID for a Routing Rule.

Name	Type	Description
id	string	Resource ID.

RuleType

Describes type of rule.

Name	Type	Description
MatchRule	string
RateLimitRule	string

scrubbingRuleEntryMatchVariable

The variable to be scrubbed from the logs.

Name	Type	Description
QueryStringArgNames	string
RequestBodyJsonArgNames	string
RequestBodyPostArgNames	string
RequestCookieNames	string
RequestHeaderNames	string
RequestIPAddress	string
RequestUri	string

SecurityPolicyLink

Defines the Resource ID for a Security Policy.

Name	Type	Description
id	string	Resource ID.

Sku

The pricing tier of the web application firewall policy.

Name	Type	Description
name	SkuName	Name of the pricing tier.

SkuName

Name of the pricing tier.

Name	Type	Description
Classic_AzureFrontDoor	string
Premium_AzureFrontDoor	string
Standard_AzureFrontDoor	string

TransformType

Describes what transforms applied before matching.

Name	Type	Description
Lowercase	string
RemoveNulls	string
Trim	string
Uppercase	string
UrlDecode	string
UrlEncode	string

VariableName

Describes the supported variable for group by

Name	Type	Description
GeoLocation	string
None	string
SocketAddr	string

WebApplicationFirewallPolicy

Defines web application firewall policy.

Name	Type	Description
etag	string	Gets a unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
location	string	Resource location.
name	string	Resource name.
properties.customRules	CustomRuleList	Describes custom rules inside the policy.
properties.frontendEndpointLinks	FrontendEndpointLink[]	Describes Frontend Endpoints associated with this Web Application Firewall policy.
properties.managedRules	ManagedRuleSetList	Describes managed rules inside the policy.
properties.policySettings	PolicySettings	Describes settings for the policy.
properties.provisioningState	string	Provisioning state of the policy.
properties.resourceState	PolicyResourceState	Resource status of the policy.
properties.routingRuleLinks	RoutingRuleLink[]	Describes Routing Rules associated with this Web Application Firewall policy.
properties.securityPolicyLinks	SecurityPolicyLink[]	Describes Security Policy associated with this Web Application Firewall policy.
sku	Sku	The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.
tags	object	Resource tags.
type	string	Resource type.

WebApplicationFirewallPolicyList

Defines a list of WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.

Name	Type	Description
nextLink	string	URL to get the next set of WebApplicationFirewallPolicy objects if there are any.
value	WebApplicationFirewallPolicy[]	List of WebApplicationFirewallPolicies within a resource group.

WebApplicationFirewallScrubbingRules

Defines the contents of the log scrubbing rules.

Name	Type	Description
matchVariable	scrubbingRuleEntryMatchVariable	The variable to be scrubbed from the logs.
selector	string	When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.
selectorMatchOperator	scrubbingRuleEntryMatchOperator	When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.
state	scrubbingRuleEntryState	Defines the state of a log scrubbing rule. Default value is enabled.

WebApplicationFirewallScrubbingState

State of the log scrubbing config. Default value is Enabled.

Name	Type	Description
Disabled	string
Enabled	string