az network application-gateway waf-policy
Manage application gateway web application firewall (WAF) policies.
To learn more about Web Application Firewall visit https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview.
Commands
Name | Description | Type | Status |
---|---|---|---|
az network application-gateway waf-policy create |
Create an application gateway WAF policy. |
Core | GA |
az network application-gateway waf-policy custom-rule |
Manage application gateway web application firewall (WAF) policy custom rules. |
Core | GA |
az network application-gateway waf-policy custom-rule create |
Create an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule delete |
Delete an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule list |
List application gateway WAF policy custom rules. |
Core | GA |
az network application-gateway waf-policy custom-rule match-condition |
Manage match conditions in an application gateway web application firewall (WAF) policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule match-condition add |
Add a match condition to an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule match-condition list |
List application gateway WAF policy custom rule match conditions. |
Core | GA |
az network application-gateway waf-policy custom-rule match-condition remove |
Remove a match condition from an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule show |
Get the details of an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule update |
Update an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy delete |
Delete an application gateway WAF policy. |
Core | GA |
az network application-gateway waf-policy list |
List application gateway WAF policies. |
Core | GA |
az network application-gateway waf-policy managed-rule |
Manage managed rules of a WAF policy. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion |
Manage OWASP CRS exclusions that are applied on a WAF policy managed rules. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion add |
Add an OWASP CRS exclusion rule to the WAF policy managed rules. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion list |
List all OWASP CRS exclusion rules that are applied on a WAF policy managed rules. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion remove |
Remove all OWASP CRS exclusion rules that are applied on a WAF policy managed rules. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion rule-set |
Define a managed rule set for exclusions. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion rule-set add |
Add a managed rule set to an exclusion. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion rule-set list |
List all managed rule sets of an exclusion. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion rule-set remove |
Remove managed rule set within an exclusion. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set |
Manage managed rule set of managed rules of a WAF policy. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set add |
Add managed rule set to the WAF policy managed rules. For rule set and rules, please visit: https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set list |
List all managed rule set. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set remove |
Remove a managed rule set by rule set group name if rule_group_name is specified. Otherwise, remove all rule set. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set update |
Manage rules of a WAF policy. If --group-name and --rules are provided, override existing rules. If --group-name is provided, clear all rules under a certain rule group. If neither of them are provided, update rule set and clear all rules under itself. For rule set and rules, please visit: https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules. |
Core | GA |
az network application-gateway waf-policy policy-setting |
Define contents of a web application firewall global configuration. |
Core | GA |
az network application-gateway waf-policy policy-setting list |
List properties of a web application firewall global configuration. |
Core | GA |
az network application-gateway waf-policy policy-setting update |
Update properties of a web application firewall global configuration. |
Core | GA |
az network application-gateway waf-policy show |
Get the details of an application gateway WAF policy. |
Core | GA |
az network application-gateway waf-policy update |
Update an application gateway WAF policy. |
Core | GA |
az network application-gateway waf-policy wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network application-gateway waf-policy create
Create an application gateway WAF policy.
az network application-gateway waf-policy create --name
--resource-group
[--custom-rules]
[--location]
[--managed-rules]
[--policy-settings]
[--tags]
[--type {Microsoft_BotManagerRuleSet, Microsoft_DefaultRuleSet, OWASP}]
[--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}]
Examples
Create an application gateway WAF policy.
az network application-gateway waf-policy create --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroup
Required Parameters
Name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
The custom rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Location. Values from: az account list-locations
. You can configure the default location using az configure --defaults location=<location>
.
Describes the managedRules structure. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The PolicySettings for policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Type of the web application firewall rule set.
Version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy delete
Delete an application gateway WAF policy.
az network application-gateway waf-policy delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
Examples
Delete an application gateway WAF policy.
az network application-gateway waf-policy delete --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroup
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the application gateway WAF policy.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy list
List application gateway WAF policies.
az network application-gateway waf-policy list [--max-items]
[--next-token]
[--resource-group]
Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token
argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy show
Get the details of an application gateway WAF policy.
az network application-gateway waf-policy show [--ids]
[--name]
[--resource-group]
[--subscription]
Examples
Get the details of an application gateway WAF policy.
az network application-gateway waf-policy show --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroup
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy update
Update an application gateway WAF policy.
az network application-gateway waf-policy update [--add]
[--custom-rules]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--managed-rules]
[--name]
[--policy-settings]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]
Examples
Update an application gateway WAF policy.
az network application-gateway waf-policy update --add communities='12076:5010' --name MyApplicationGatewayWAFPolicy --resource-group MyResourceGroup
Override existing managed rule set via shorthand syntax.
az network application-gateway waf-policy update --managed-rules "{managed-rule-sets:[{rule-group-overrides:[{rule-group-name:REQUEST-921-PROTOCOL-ATTACK,rules:[{rule-id:921100},{rule-id:921100}]}],rule-set-type:OWASP,rule-set-version:3.0}]}"
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
The custom rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Describes the managedRules structure. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The name of the application gateway WAF policy.
The PolicySettings for policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy wait
Place the CLI in a waiting state until a condition is met.
az network application-gateway waf-policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
The name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.