Policies - Create Or Update

Referensi

Layanan:: Front Door Service

Versi API:: 2024-02-01

Create atau perbarui kebijakan dengan nama seperangkat aturan tertentu dalam grup sumber daya.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}?api-version=2024-02-01

Parameter URI

Nama	Dalam	Diperlukan	Jenis	Deskripsi
policyName	path	True	string	Nama Kebijakan Web Application Firewall.
resourceGroupName	path	True	string	Nama grup Sumber Daya dalam langganan Azure. Pola regex: `^[a-zA-Z0-9_\-\.]*[^\.]$`
subscriptionId	path	True	string	Info masuk langganan yang secara unik mengidentifikasi langganan Microsoft Azure. ID langganan membentuk bagian dari URI untuk setiap panggilan layanan.
api-version	query	True	string	Versi API klien.

Isi Permintaan

Nama	Jenis	Deskripsi
etag	string	Mendapatkan string baca-saja unik yang berubah setiap kali sumber daya diperbarui.
location	string	Lokasi sumber daya.
properties.customRules	CustomRuleList	Menjelaskan aturan kustom di dalam kebijakan.
properties.managedRules	ManagedRuleSetList	Menjelaskan aturan terkelola di dalam kebijakan.
properties.policySettings	PolicySettings	Menjelaskan pengaturan untuk kebijakan.
sku	Sku	Tingkat harga kebijakan firewall aplikasi web. Default ke Classic_AzureFrontDoor jika tidak ditentukan.
tags	object	Tag sumber daya.

Respons

Nama	Jenis	Deskripsi
200 OK	WebApplicationFirewallPolicy	OK. Permintaan telah berhasil.
201 Created	WebApplicationFirewallPolicy	Dibuat. Permintaan telah dipenuhi dan kebijakan perlindungan baru telah dibuat.
202 Accepted	WebApplicationFirewallPolicy	Diterima. Permintaan telah diterima untuk diproses dan operasi akan selesai secara asinkron.
Other Status Codes	ErrorResponse	Respons kesalahan yang menjelaskan mengapa operasi gagal.

Keamanan

azure_auth

Alur OAuth2 Azure Active Directory

Jenis: oauth2
Alur: implicit
URL Otorisasi: https://login.microsoftonline.com/common/oauth2/authorize

Cakupan

Nama	Deskripsi
user_impersonation	meniru akun pengguna Anda

Contoh

Creates specific policy

Permintaan sampel

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1?api-version=2024-02-01

{
  "location": "WestUs",
  "properties": {
    "policySettings": {
      "enabledState": "Enabled",
      "mode": "Prevention",
      "redirectUrl": "http://www.bing.com",
      "customBlockResponseStatusCode": 429,
      "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
      "requestBodyCheck": "Disabled",
      "javascriptChallengeExpirationInMinutes": 30,
      "logScrubbing": {
        "state": "Enabled",
        "scrubbingRules": [
          {
            "matchVariable": "RequestIPAddress",
            "selectorMatchOperator": "EqualsAny",
            "selector": null,
            "state": "Enabled"
          }
        ]
      }
    },
    "customRules": {
      "rules": [
        {
          "name": "Rule1",
          "priority": 1,
          "ruleType": "RateLimitRule",
          "rateLimitThreshold": 1000,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "operator": "IPMatch",
              "matchValue": [
                "192.168.1.0/24",
                "10.0.0.0/24"
              ]
            }
          ],
          "action": "Block"
        },
        {
          "name": "Rule2",
          "priority": 2,
          "ruleType": "MatchRule",
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "operator": "GeoMatch",
              "matchValue": [
                "CH"
              ]
            },
            {
              "matchVariable": "RequestHeader",
              "operator": "Contains",
              "selector": "UserAgent",
              "matchValue": [
                "windows"
              ],
              "transforms": [
                "Lowercase"
              ]
            }
          ],
          "action": "Block"
        }
      ]
    },
    "managedRules": {
      "managedRuleSets": [
        {
          "ruleSetType": "DefaultRuleSet",
          "ruleSetVersion": "1.0",
          "ruleSetAction": "Block",
          "exclusions": [
            {
              "matchVariable": "RequestHeaderNames",
              "selectorMatchOperator": "Equals",
              "selector": "User-Agent"
            }
          ],
          "ruleGroupOverrides": [
            {
              "ruleGroupName": "SQLI",
              "exclusions": [
                {
                  "matchVariable": "RequestCookieNames",
                  "selectorMatchOperator": "StartsWith",
                  "selector": "token"
                }
              ],
              "rules": [
                {
                  "ruleId": "942100",
                  "enabledState": "Enabled",
                  "action": "Redirect",
                  "exclusions": [
                    {
                      "matchVariable": "QueryStringArgNames",
                      "selectorMatchOperator": "Equals",
                      "selector": "query"
                    }
                  ]
                },
                {
                  "ruleId": "942110",
                  "enabledState": "Disabled"
                }
              ]
            }
          ]
        }
      ]
    }
  },
  "sku": {
    "name": "Premium_AzureFrontDoor"
  }
}


import com.azure.resourcemanager.frontdoor.models.ActionType;
import com.azure.resourcemanager.frontdoor.models.CustomRule;
import com.azure.resourcemanager.frontdoor.models.CustomRuleList;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleEnabledState;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleExclusion;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleExclusionMatchVariable;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleExclusionSelectorMatchOperator;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleGroupOverride;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleOverride;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleSet;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleSetActionType;
import com.azure.resourcemanager.frontdoor.models.ManagedRuleSetList;
import com.azure.resourcemanager.frontdoor.models.MatchCondition;
import com.azure.resourcemanager.frontdoor.models.MatchVariable;
import com.azure.resourcemanager.frontdoor.models.Operator;
import com.azure.resourcemanager.frontdoor.models.PolicyEnabledState;
import com.azure.resourcemanager.frontdoor.models.PolicyMode;
import com.azure.resourcemanager.frontdoor.models.PolicyRequestBodyCheck;
import com.azure.resourcemanager.frontdoor.models.PolicySettings;
import com.azure.resourcemanager.frontdoor.models.RuleType;
import com.azure.resourcemanager.frontdoor.models.ScrubbingRuleEntryMatchOperator;
import com.azure.resourcemanager.frontdoor.models.ScrubbingRuleEntryMatchVariable;
import com.azure.resourcemanager.frontdoor.models.ScrubbingRuleEntryState;
import com.azure.resourcemanager.frontdoor.models.Sku;
import com.azure.resourcemanager.frontdoor.models.SkuName;
import com.azure.resourcemanager.frontdoor.models.TransformType;
import com.azure.resourcemanager.frontdoor.models.WebApplicationFirewallScrubbingRules;
import com.azure.resourcemanager.frontdoor.models.WebApplicationFirewallScrubbingState;
import java.util.Arrays;

/**
 * Samples for Policies CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/WafPolicyCreateOrUpdate.
     * json
     */
    /**
     * Sample code: Creates specific policy.
     * 
     * @param manager Entry point to FrontDoorManager.
     */
    public static void createsSpecificPolicy(com.azure.resourcemanager.frontdoor.FrontDoorManager manager) {
        manager.policies().define("Policy1").withRegion("WestUs").withExistingResourceGroup("rg1")
            .withSku(new Sku().withName(SkuName.PREMIUM_AZURE_FRONT_DOOR))
            .withPolicySettings(new PolicySettings().withEnabledState(PolicyEnabledState.ENABLED)
                .withMode(PolicyMode.PREVENTION).withRedirectUrl("http://www.bing.com")
                .withCustomBlockResponseStatusCode(429)
                .withCustomBlockResponseBody(
                    "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
                .withRequestBodyCheck(
                    PolicyRequestBodyCheck.DISABLED)
                .withJavascriptChallengeExpirationInMinutes(30).withState(WebApplicationFirewallScrubbingState.ENABLED)
                .withScrubbingRules(Arrays.asList(new WebApplicationFirewallScrubbingRules()
                    .withMatchVariable(ScrubbingRuleEntryMatchVariable.REQUEST_IPADDRESS)
                    .withSelectorMatchOperator(ScrubbingRuleEntryMatchOperator.EQUALS_ANY)
                    .withState(ScrubbingRuleEntryState.ENABLED))))
            .withCustomRules(new CustomRuleList().withRules(Arrays.asList(
                new CustomRule().withName("Rule1").withPriority(1).withRuleType(RuleType.RATE_LIMIT_RULE)
                    .withRateLimitThreshold(1000)
                    .withMatchConditions(Arrays.asList(new MatchCondition().withMatchVariable(MatchVariable.REMOTE_ADDR)
                        .withOperator(Operator.IPMATCH).withMatchValue(Arrays.asList("192.168.1.0/24", "10.0.0.0/24"))))
                    .withAction(ActionType.BLOCK),
                new CustomRule().withName("Rule2").withPriority(2).withRuleType(RuleType.MATCH_RULE)
                    .withMatchConditions(Arrays.asList(
                        new MatchCondition().withMatchVariable(MatchVariable.REMOTE_ADDR)
                            .withOperator(Operator.GEO_MATCH).withMatchValue(Arrays.asList("CH")),
                        new MatchCondition().withMatchVariable(MatchVariable.REQUEST_HEADER).withSelector("UserAgent")
                            .withOperator(Operator.CONTAINS).withMatchValue(Arrays.asList("windows"))
                            .withTransforms(Arrays.asList(TransformType.LOWERCASE))))
                    .withAction(ActionType.BLOCK))))
            .withManagedRules(new ManagedRuleSetList()
                .withManagedRuleSets(Arrays.asList(new ManagedRuleSet().withRuleSetType("DefaultRuleSet")
                    .withRuleSetVersion("1.0").withRuleSetAction(ManagedRuleSetActionType.BLOCK)
                    .withExclusions(Arrays.asList(new ManagedRuleExclusion()
                        .withMatchVariable(ManagedRuleExclusionMatchVariable.REQUEST_HEADER_NAMES)
                        .withSelectorMatchOperator(ManagedRuleExclusionSelectorMatchOperator.EQUALS)
                        .withSelector("User-Agent")))
                    .withRuleGroupOverrides(
                        Arrays.asList(new ManagedRuleGroupOverride().withRuleGroupName("SQLI")
                            .withExclusions(Arrays.asList(new ManagedRuleExclusion()
                                .withMatchVariable(ManagedRuleExclusionMatchVariable.REQUEST_COOKIE_NAMES)
                                .withSelectorMatchOperator(ManagedRuleExclusionSelectorMatchOperator.STARTS_WITH)
                                .withSelector("token")))
                            .withRules(
                                Arrays
                                    .asList(
                                        new ManagedRuleOverride().withRuleId("942100")
                                            .withEnabledState(ManagedRuleEnabledState.ENABLED)
                                            .withAction(ActionType.REDIRECT)
                                            .withExclusions(Arrays.asList(new ManagedRuleExclusion()
                                                .withMatchVariable(
                                                    ManagedRuleExclusionMatchVariable.QUERY_STRING_ARG_NAMES)
                                                .withSelectorMatchOperator(
                                                    ManagedRuleExclusionSelectorMatchOperator.EQUALS)
                                                .withSelector("query"))),
                                        new ManagedRuleOverride().withRuleId("942110")
                                            .withEnabledState(ManagedRuleEnabledState.DISABLED))))))))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armfrontdoor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/frontdoor/armfrontdoor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b54ffc9278eff071455b1dbb4ad2e772afce885d/specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/WafPolicyCreateOrUpdate.json
func ExamplePoliciesClient_BeginCreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armfrontdoor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewPoliciesClient().BeginCreateOrUpdate(ctx, "rg1", "Policy1", armfrontdoor.WebApplicationFirewallPolicy{
		Location: to.Ptr("WestUs"),
		Properties: &armfrontdoor.WebApplicationFirewallPolicyProperties{
			CustomRules: &armfrontdoor.CustomRuleList{
				Rules: []*armfrontdoor.CustomRule{
					{
						Name:   to.Ptr("Rule1"),
						Action: to.Ptr(armfrontdoor.ActionTypeBlock),
						MatchConditions: []*armfrontdoor.MatchCondition{
							{
								MatchValue: []*string{
									to.Ptr("192.168.1.0/24"),
									to.Ptr("10.0.0.0/24")},
								MatchVariable: to.Ptr(armfrontdoor.MatchVariableRemoteAddr),
								Operator:      to.Ptr(armfrontdoor.OperatorIPMatch),
							}},
						Priority:           to.Ptr[int32](1),
						RateLimitThreshold: to.Ptr[int32](1000),
						RuleType:           to.Ptr(armfrontdoor.RuleTypeRateLimitRule),
					},
					{
						Name:   to.Ptr("Rule2"),
						Action: to.Ptr(armfrontdoor.ActionTypeBlock),
						MatchConditions: []*armfrontdoor.MatchCondition{
							{
								MatchValue: []*string{
									to.Ptr("CH")},
								MatchVariable: to.Ptr(armfrontdoor.MatchVariableRemoteAddr),
								Operator:      to.Ptr(armfrontdoor.OperatorGeoMatch),
							},
							{
								MatchValue: []*string{
									to.Ptr("windows")},
								MatchVariable: to.Ptr(armfrontdoor.MatchVariableRequestHeader),
								Operator:      to.Ptr(armfrontdoor.OperatorContains),
								Selector:      to.Ptr("UserAgent"),
								Transforms: []*armfrontdoor.TransformType{
									to.Ptr(armfrontdoor.TransformTypeLowercase)},
							}},
						Priority: to.Ptr[int32](2),
						RuleType: to.Ptr(armfrontdoor.RuleTypeMatchRule),
					}},
			},
			ManagedRules: &armfrontdoor.ManagedRuleSetList{
				ManagedRuleSets: []*armfrontdoor.ManagedRuleSet{
					{
						Exclusions: []*armfrontdoor.ManagedRuleExclusion{
							{
								MatchVariable:         to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableRequestHeaderNames),
								Selector:              to.Ptr("User-Agent"),
								SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorEquals),
							}},
						RuleGroupOverrides: []*armfrontdoor.ManagedRuleGroupOverride{
							{
								Exclusions: []*armfrontdoor.ManagedRuleExclusion{
									{
										MatchVariable:         to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableRequestCookieNames),
										Selector:              to.Ptr("token"),
										SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorStartsWith),
									}},
								RuleGroupName: to.Ptr("SQLI"),
								Rules: []*armfrontdoor.ManagedRuleOverride{
									{
										Action:       to.Ptr(armfrontdoor.ActionTypeRedirect),
										EnabledState: to.Ptr(armfrontdoor.ManagedRuleEnabledStateEnabled),
										Exclusions: []*armfrontdoor.ManagedRuleExclusion{
											{
												MatchVariable:         to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableQueryStringArgNames),
												Selector:              to.Ptr("query"),
												SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorEquals),
											}},
										RuleID: to.Ptr("942100"),
									},
									{
										EnabledState: to.Ptr(armfrontdoor.ManagedRuleEnabledStateDisabled),
										RuleID:       to.Ptr("942110"),
									}},
							}},
						RuleSetAction:  to.Ptr(armfrontdoor.ManagedRuleSetActionTypeBlock),
						RuleSetType:    to.Ptr("DefaultRuleSet"),
						RuleSetVersion: to.Ptr("1.0"),
					}},
			},
			PolicySettings: &armfrontdoor.PolicySettings{
				CustomBlockResponseBody:                to.Ptr("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
				CustomBlockResponseStatusCode:          to.Ptr[int32](429),
				EnabledState:                           to.Ptr(armfrontdoor.PolicyEnabledStateEnabled),
				JavascriptChallengeExpirationInMinutes: to.Ptr[int32](30),
				LogScrubbing: &armfrontdoor.PolicySettingsLogScrubbing{
					ScrubbingRules: []*armfrontdoor.WebApplicationFirewallScrubbingRules{
						{
							MatchVariable:         to.Ptr(armfrontdoor.ScrubbingRuleEntryMatchVariableRequestIPAddress),
							SelectorMatchOperator: to.Ptr(armfrontdoor.ScrubbingRuleEntryMatchOperatorEqualsAny),
							State:                 to.Ptr(armfrontdoor.ScrubbingRuleEntryStateEnabled),
						}},
					State: to.Ptr(armfrontdoor.WebApplicationFirewallScrubbingStateEnabled),
				},
				Mode:             to.Ptr(armfrontdoor.PolicyModePrevention),
				RedirectURL:      to.Ptr("http://www.bing.com"),
				RequestBodyCheck: to.Ptr(armfrontdoor.PolicyRequestBodyCheckDisabled),
			},
		},
		SKU: &armfrontdoor.SKU{
			Name: to.Ptr(armfrontdoor.SKUNamePremiumAzureFrontDoor),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.WebApplicationFirewallPolicy = armfrontdoor.WebApplicationFirewallPolicy{
	// 	Name: to.Ptr("Policy1"),
	// 	Type: to.Ptr("Microsoft.Network/frontdoorwebapplicationfirewallpolicies"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1"),
	// 	Location: to.Ptr("WestUs"),
	// 	Tags: map[string]*string{
	// 		"key1": to.Ptr("value1"),
	// 		"key2": to.Ptr("value2"),
	// 	},
	// 	Properties: &armfrontdoor.WebApplicationFirewallPolicyProperties{
	// 		CustomRules: &armfrontdoor.CustomRuleList{
	// 			Rules: []*armfrontdoor.CustomRule{
	// 				{
	// 					Name: to.Ptr("Rule1"),
	// 					Action: to.Ptr(armfrontdoor.ActionTypeBlock),
	// 					EnabledState: to.Ptr(armfrontdoor.CustomRuleEnabledStateEnabled),
	// 					MatchConditions: []*armfrontdoor.MatchCondition{
	// 						{
	// 							MatchValue: []*string{
	// 								to.Ptr("192.168.1.0/24"),
	// 								to.Ptr("10.0.0.0/24")},
	// 								MatchVariable: to.Ptr(armfrontdoor.MatchVariableRemoteAddr),
	// 								NegateCondition: to.Ptr(false),
	// 								Operator: to.Ptr(armfrontdoor.OperatorIPMatch),
	// 								Transforms: []*armfrontdoor.TransformType{
	// 								},
	// 						}},
	// 						Priority: to.Ptr[int32](1),
	// 						RateLimitDurationInMinutes: to.Ptr[int32](0),
	// 						RateLimitThreshold: to.Ptr[int32](1000),
	// 						RuleType: to.Ptr(armfrontdoor.RuleTypeRateLimitRule),
	// 					},
	// 					{
	// 						Name: to.Ptr("Rule2"),
	// 						Action: to.Ptr(armfrontdoor.ActionTypeBlock),
	// 						EnabledState: to.Ptr(armfrontdoor.CustomRuleEnabledStateEnabled),
	// 						MatchConditions: []*armfrontdoor.MatchCondition{
	// 							{
	// 								MatchValue: []*string{
	// 									to.Ptr("CH")},
	// 									MatchVariable: to.Ptr(armfrontdoor.MatchVariableRemoteAddr),
	// 									NegateCondition: to.Ptr(false),
	// 									Operator: to.Ptr(armfrontdoor.OperatorGeoMatch),
	// 								},
	// 								{
	// 									MatchValue: []*string{
	// 										to.Ptr("windows")},
	// 										MatchVariable: to.Ptr(armfrontdoor.MatchVariableRequestHeader),
	// 										NegateCondition: to.Ptr(false),
	// 										Operator: to.Ptr(armfrontdoor.OperatorContains),
	// 										Selector: to.Ptr("UserAgent"),
	// 										Transforms: []*armfrontdoor.TransformType{
	// 											to.Ptr(armfrontdoor.TransformTypeLowercase)},
	// 									}},
	// 									Priority: to.Ptr[int32](2),
	// 									RateLimitDurationInMinutes: to.Ptr[int32](0),
	// 									RateLimitThreshold: to.Ptr[int32](0),
	// 									RuleType: to.Ptr(armfrontdoor.RuleTypeMatchRule),
	// 							}},
	// 						},
	// 						FrontendEndpointLinks: []*armfrontdoor.FrontendEndpointLink{
	// 						},
	// 						ManagedRules: &armfrontdoor.ManagedRuleSetList{
	// 							ManagedRuleSets: []*armfrontdoor.ManagedRuleSet{
	// 								{
	// 									Exclusions: []*armfrontdoor.ManagedRuleExclusion{
	// 										{
	// 											MatchVariable: to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableRequestHeaderNames),
	// 											Selector: to.Ptr("User-Agent"),
	// 											SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorEquals),
	// 									}},
	// 									RuleGroupOverrides: []*armfrontdoor.ManagedRuleGroupOverride{
	// 										{
	// 											Exclusions: []*armfrontdoor.ManagedRuleExclusion{
	// 												{
	// 													MatchVariable: to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableRequestCookieNames),
	// 													Selector: to.Ptr("token"),
	// 													SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorStartsWith),
	// 											}},
	// 											RuleGroupName: to.Ptr("SQLI"),
	// 											Rules: []*armfrontdoor.ManagedRuleOverride{
	// 												{
	// 													Action: to.Ptr(armfrontdoor.ActionTypeRedirect),
	// 													EnabledState: to.Ptr(armfrontdoor.ManagedRuleEnabledStateEnabled),
	// 													Exclusions: []*armfrontdoor.ManagedRuleExclusion{
	// 														{
	// 															MatchVariable: to.Ptr(armfrontdoor.ManagedRuleExclusionMatchVariableQueryStringArgNames),
	// 															Selector: to.Ptr("query"),
	// 															SelectorMatchOperator: to.Ptr(armfrontdoor.ManagedRuleExclusionSelectorMatchOperatorEquals),
	// 													}},
	// 													RuleID: to.Ptr("942100"),
	// 												},
	// 												{
	// 													EnabledState: to.Ptr(armfrontdoor.ManagedRuleEnabledStateDisabled),
	// 													RuleID: to.Ptr("942110"),
	// 											}},
	// 									}},
	// 									RuleSetAction: to.Ptr(armfrontdoor.ManagedRuleSetActionTypeBlock),
	// 									RuleSetType: to.Ptr("DefaultRuleSet"),
	// 									RuleSetVersion: to.Ptr("1.0"),
	// 							}},
	// 						},
	// 						PolicySettings: &armfrontdoor.PolicySettings{
	// 							CustomBlockResponseBody: to.Ptr("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
	// 							CustomBlockResponseStatusCode: to.Ptr[int32](429),
	// 							EnabledState: to.Ptr(armfrontdoor.PolicyEnabledStateEnabled),
	// 							JavascriptChallengeExpirationInMinutes: to.Ptr[int32](30),
	// 							LogScrubbing: &armfrontdoor.PolicySettingsLogScrubbing{
	// 								ScrubbingRules: []*armfrontdoor.WebApplicationFirewallScrubbingRules{
	// 									{
	// 										MatchVariable: to.Ptr(armfrontdoor.ScrubbingRuleEntryMatchVariableRequestIPAddress),
	// 										SelectorMatchOperator: to.Ptr(armfrontdoor.ScrubbingRuleEntryMatchOperatorEqualsAny),
	// 										State: to.Ptr(armfrontdoor.ScrubbingRuleEntryStateEnabled),
	// 								}},
	// 								State: to.Ptr(armfrontdoor.WebApplicationFirewallScrubbingStateEnabled),
	// 							},
	// 							Mode: to.Ptr(armfrontdoor.PolicyModePrevention),
	// 							RedirectURL: to.Ptr("http://www.bing.com"),
	// 							RequestBodyCheck: to.Ptr(armfrontdoor.PolicyRequestBodyCheckDisabled),
	// 						},
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ResourceState: to.Ptr(armfrontdoor.PolicyResourceStateEnabled),
	// 						SecurityPolicyLinks: []*armfrontdoor.SecurityPolicyLink{
	// 						},
	// 					},
	// 					SKU: &armfrontdoor.SKU{
	// 						Name: to.Ptr(armfrontdoor.SKUNamePremiumAzureFrontDoor),
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { FrontDoorManagementClient } = require("@azure/arm-frontdoor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create or update policy with specified rule set name within a resource group.
 *
 * @summary Create or update policy with specified rule set name within a resource group.
 * x-ms-original-file: specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/WafPolicyCreateOrUpdate.json
 */
async function createsSpecificPolicy() {
  const subscriptionId = process.env["FRONTDOOR_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["FRONTDOOR_RESOURCE_GROUP"] || "rg1";
  const policyName = "Policy1";
  const parameters = {
    customRules: {
      rules: [
        {
          name: "Rule1",
          action: "Block",
          matchConditions: [
            {
              matchValue: ["192.168.1.0/24", "10.0.0.0/24"],
              matchVariable: "RemoteAddr",
              operator: "IPMatch",
            },
          ],
          priority: 1,
          rateLimitThreshold: 1000,
          ruleType: "RateLimitRule",
        },
        {
          name: "Rule2",
          action: "Block",
          matchConditions: [
            {
              matchValue: ["CH"],
              matchVariable: "RemoteAddr",
              operator: "GeoMatch",
            },
            {
              matchValue: ["windows"],
              matchVariable: "RequestHeader",
              operator: "Contains",
              selector: "UserAgent",
              transforms: ["Lowercase"],
            },
          ],
          priority: 2,
          ruleType: "MatchRule",
        },
      ],
    },
    location: "WestUs",
    managedRules: {
      managedRuleSets: [
        {
          exclusions: [
            {
              matchVariable: "RequestHeaderNames",
              selector: "User-Agent",
              selectorMatchOperator: "Equals",
            },
          ],
          ruleGroupOverrides: [
            {
              exclusions: [
                {
                  matchVariable: "RequestCookieNames",
                  selector: "token",
                  selectorMatchOperator: "StartsWith",
                },
              ],
              ruleGroupName: "SQLI",
              rules: [
                {
                  action: "Redirect",
                  enabledState: "Enabled",
                  exclusions: [
                    {
                      matchVariable: "QueryStringArgNames",
                      selector: "query",
                      selectorMatchOperator: "Equals",
                    },
                  ],
                  ruleId: "942100",
                },
                { enabledState: "Disabled", ruleId: "942110" },
              ],
            },
          ],
          ruleSetAction: "Block",
          ruleSetType: "DefaultRuleSet",
          ruleSetVersion: "1.0",
        },
      ],
    },
    policySettings: {
      customBlockResponseBody:
        "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
      customBlockResponseStatusCode: 429,
      enabledState: "Enabled",
      javascriptChallengeExpirationInMinutes: 30,
      mode: "Prevention",
      redirectUrl: "http://www.bing.com",
      requestBodyCheck: "Disabled",
      scrubbingRules: [
        {
          matchVariable: "RequestIPAddress",
          selector: undefined,
          selectorMatchOperator: "EqualsAny",
          state: "Enabled",
        },
      ],
      state: "Enabled",
    },
    sku: { name: "Premium_AzureFrontDoor" },
  };
  const credential = new DefaultAzureCredential();
  const client = new FrontDoorManagementClient(credential, subscriptionId);
  const result = await client.policies.beginCreateOrUpdateAndWait(
    resourceGroupName,
    policyName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.FrontDoor.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.FrontDoor;

// Generated from example definition: specification/frontdoor/resource-manager/Microsoft.Network/stable/2024-02-01/examples/WafPolicyCreateOrUpdate.json
// this example is just showing the usage of "Policies_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this FrontDoorWebApplicationFirewallPolicyResource
FrontDoorWebApplicationFirewallPolicyCollection collection = resourceGroupResource.GetFrontDoorWebApplicationFirewallPolicies();

// invoke the operation
string policyName = "Policy1";
FrontDoorWebApplicationFirewallPolicyData data = new FrontDoorWebApplicationFirewallPolicyData(new AzureLocation("WestUs"))
{
    SkuName = FrontDoorSkuName.PremiumAzureFrontDoor,
    PolicySettings = new FrontDoorWebApplicationFirewallPolicySettings()
    {
        EnabledState = PolicyEnabledState.Enabled,
        Mode = FrontDoorWebApplicationFirewallPolicyMode.Prevention,
        RedirectUri = new Uri("http://www.bing.com"),
        CustomBlockResponseStatusCode = 429,
        CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        RequestBodyCheck = PolicyRequestBodyCheck.Disabled,
        JavascriptChallengeExpirationInMinutes = 30,
        State = WebApplicationFirewallScrubbingState.Enabled,
        ScrubbingRules =
        {
        new WebApplicationFirewallScrubbingRules(ScrubbingRuleEntryMatchVariable.RequestIPAddress,ScrubbingRuleEntryMatchOperator.EqualsAny)
        {
        Selector = null,
        State = ScrubbingRuleEntryState.Enabled,
        }
        },
    },
    Rules =
    {
    new WebApplicationCustomRule(1,WebApplicationRuleType.RateLimitRule,new WebApplicationRuleMatchCondition[]
    {
    new WebApplicationRuleMatchCondition(WebApplicationRuleMatchVariable.RemoteAddr,WebApplicationRuleMatchOperator.IPMatch,new string[]
    {
    "192.168.1.0/24","10.0.0.0/24"
    })
    },RuleMatchActionType.Block)
    {
    Name = "Rule1",
    RateLimitThreshold = 1000,
    },new WebApplicationCustomRule(2,WebApplicationRuleType.MatchRule,new WebApplicationRuleMatchCondition[]
    {
    new WebApplicationRuleMatchCondition(WebApplicationRuleMatchVariable.RemoteAddr,WebApplicationRuleMatchOperator.GeoMatch,new string[]
    {
    "CH"
    }),new WebApplicationRuleMatchCondition(WebApplicationRuleMatchVariable.RequestHeader,WebApplicationRuleMatchOperator.Contains,new string[]
    {
    "windows"
    })
    {
    Selector = "UserAgent",
    Transforms =
    {
    WebApplicationRuleMatchTransformType.Lowercase
    },
    }
    },RuleMatchActionType.Block)
    {
    Name = "Rule2",
    }
    },
    ManagedRuleSets =
    {
    new ManagedRuleSet("DefaultRuleSet","1.0")
    {
    RuleSetAction = ManagedRuleSetActionType.Block,
    Exclusions =
    {
    new ManagedRuleExclusion(ManagedRuleExclusionMatchVariable.RequestHeaderNames,ManagedRuleExclusionSelectorMatchOperator.EqualsValue,"User-Agent")
    },
    RuleGroupOverrides =
    {
    new ManagedRuleGroupOverride("SQLI")
    {
    Exclusions =
    {
    new ManagedRuleExclusion(ManagedRuleExclusionMatchVariable.RequestCookieNames,ManagedRuleExclusionSelectorMatchOperator.StartsWith,"token")
    },
    Rules =
    {
    new ManagedRuleOverride("942100")
    {
    EnabledState = ManagedRuleEnabledState.Enabled,
    Action = RuleMatchActionType.Redirect,
    Exclusions =
    {
    new ManagedRuleExclusion(ManagedRuleExclusionMatchVariable.QueryStringArgNames,ManagedRuleExclusionSelectorMatchOperator.EqualsValue,"query")
    },
    },new ManagedRuleOverride("942110")
    {
    EnabledState = ManagedRuleEnabledState.Disabled,
    }
    },
    }
    },
    }
    },
};
ArmOperation<FrontDoorWebApplicationFirewallPolicyResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, policyName, data);
FrontDoorWebApplicationFirewallPolicyResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FrontDoorWebApplicationFirewallPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respon sampel

Kode status:: 200

{
  "name": "Policy1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
  "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies",
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "location": "WestUs",
  "properties": {
    "resourceState": "Enabled",
    "provisioningState": "Succeeded",
    "policySettings": {
      "enabledState": "Enabled",
      "mode": "Prevention",
      "redirectUrl": "http://www.bing.com",
      "customBlockResponseStatusCode": 429,
      "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
      "requestBodyCheck": "Disabled",
      "javascriptChallengeExpirationInMinutes": 30,
      "logScrubbing": {
        "state": "Enabled",
        "scrubbingRules": [
          {
            "matchVariable": "RequestIPAddress",
            "selectorMatchOperator": "EqualsAny",
            "selector": null,
            "state": "Enabled"
          }
        ]
      }
    },
    "customRules": {
      "rules": [
        {
          "name": "Rule1",
          "priority": 1,
          "enabledState": "Enabled",
          "ruleType": "RateLimitRule",
          "rateLimitDurationInMinutes": 0,
          "rateLimitThreshold": 1000,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "selector": null,
              "operator": "IPMatch",
              "negateCondition": false,
              "matchValue": [
                "192.168.1.0/24",
                "10.0.0.0/24"
              ],
              "transforms": []
            }
          ],
          "action": "Block"
        },
        {
          "name": "Rule2",
          "priority": 2,
          "enabledState": "Enabled",
          "ruleType": "MatchRule",
          "rateLimitDurationInMinutes": 0,
          "rateLimitThreshold": 0,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "selector": null,
              "operator": "GeoMatch",
              "negateCondition": false,
              "matchValue": [
                "CH"
              ]
            },
            {
              "matchVariable": "RequestHeader",
              "selector": "UserAgent",
              "operator": "Contains",
              "negateCondition": false,
              "matchValue": [
                "windows"
              ],
              "transforms": [
                "Lowercase"
              ]
            }
          ],
          "action": "Block"
        }
      ]
    },
    "managedRules": {
      "managedRuleSets": [
        {
          "ruleSetType": "DefaultRuleSet",
          "ruleSetVersion": "1.0",
          "ruleSetAction": "Block",
          "exclusions": [
            {
              "matchVariable": "RequestHeaderNames",
              "selectorMatchOperator": "Equals",
              "selector": "User-Agent"
            }
          ],
          "ruleGroupOverrides": [
            {
              "ruleGroupName": "SQLI",
              "exclusions": [
                {
                  "matchVariable": "RequestCookieNames",
                  "selectorMatchOperator": "StartsWith",
                  "selector": "token"
                }
              ],
              "rules": [
                {
                  "ruleId": "942100",
                  "enabledState": "Enabled",
                  "action": "Redirect",
                  "exclusions": [
                    {
                      "matchVariable": "QueryStringArgNames",
                      "selectorMatchOperator": "Equals",
                      "selector": "query"
                    }
                  ]
                },
                {
                  "ruleId": "942110",
                  "enabledState": "Disabled"
                }
              ]
            }
          ]
        }
      ]
    },
    "frontendEndpointLinks": [],
    "securityPolicyLinks": []
  },
  "sku": {
    "name": "Premium_AzureFrontDoor"
  }
}

Kode status:: 201

{
  "name": "Policy1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
  "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies",
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "location": "WestUs",
  "properties": {
    "resourceState": "Enabled",
    "provisioningState": "Succeeded",
    "policySettings": {
      "enabledState": "Enabled",
      "mode": "Prevention",
      "redirectUrl": "http://www.bing.com",
      "customBlockResponseStatusCode": 429,
      "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
      "requestBodyCheck": "Disabled",
      "logScrubbing": {
        "state": "Enabled",
        "scrubbingRules": [
          {
            "matchVariable": "RequestIPAddress",
            "selectorMatchOperator": "EqualsAny",
            "selector": null,
            "state": "Enabled"
          }
        ]
      }
    },
    "customRules": {
      "rules": [
        {
          "name": "Rule1",
          "priority": 1,
          "enabledState": "Enabled",
          "ruleType": "RateLimitRule",
          "rateLimitDurationInMinutes": 0,
          "rateLimitThreshold": 1000,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "selector": null,
              "operator": "IPMatch",
              "negateCondition": false,
              "matchValue": [
                "192.168.1.0/24",
                "10.0.0.0/24"
              ],
              "transforms": []
            }
          ],
          "action": "Block"
        },
        {
          "name": "Rule2",
          "priority": 2,
          "enabledState": "Enabled",
          "ruleType": "MatchRule",
          "rateLimitDurationInMinutes": 0,
          "rateLimitThreshold": 0,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "selector": null,
              "operator": "GeoMatch",
              "negateCondition": false,
              "matchValue": [
                "CH"
              ]
            },
            {
              "matchVariable": "RequestHeader",
              "selector": "UserAgent",
              "operator": "Contains",
              "negateCondition": false,
              "matchValue": [
                "windows"
              ],
              "transforms": [
                "Lowercase"
              ]
            }
          ],
          "action": "Block"
        }
      ]
    },
    "managedRules": {
      "managedRuleSets": [
        {
          "ruleSetType": "DefaultRuleSet",
          "ruleSetVersion": "1.0",
          "exclusions": [
            {
              "matchVariable": "RequestHeaderNames",
              "selectorMatchOperator": "Equals",
              "selector": "User-Agent"
            }
          ],
          "ruleGroupOverrides": [
            {
              "ruleGroupName": "SQLI",
              "exclusions": [
                {
                  "matchVariable": "RequestCookieNames",
                  "selectorMatchOperator": "StartsWith",
                  "selector": "token"
                }
              ],
              "rules": [
                {
                  "ruleId": "942100",
                  "enabledState": "Enabled",
                  "action": "Redirect",
                  "exclusions": [
                    {
                      "matchVariable": "QueryStringArgNames",
                      "selectorMatchOperator": "Equals",
                      "selector": "query"
                    }
                  ]
                },
                {
                  "ruleId": "942110",
                  "enabledState": "Disabled"
                }
              ]
            }
          ]
        }
      ]
    },
    "frontendEndpointLinks": [],
    "securityPolicyLinks": []
  },
  "sku": {
    "name": "Classic_AzureFrontDoor"
  }
}

Kode status:: 202

{
  "name": "Policy1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1",
  "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies",
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "location": "WestUs",
  "properties": {
    "resourceState": "Enabled",
    "provisioningState": "Succeeded",
    "policySettings": {
      "enabledState": "Enabled",
      "mode": "Prevention",
      "redirectUrl": "http://www.bing.com",
      "customBlockResponseStatusCode": 429,
      "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
      "requestBodyCheck": "Disabled",
      "logScrubbing": {
        "state": "Enabled",
        "scrubbingRules": [
          {
            "matchVariable": "RequestIPAddress",
            "selectorMatchOperator": "EqualsAny",
            "selector": null,
            "state": "Enabled"
          }
        ]
      }
    },
    "customRules": {
      "rules": [
        {
          "name": "Rule1",
          "priority": 1,
          "enabledState": "Enabled",
          "ruleType": "RateLimitRule",
          "rateLimitDurationInMinutes": 0,
          "rateLimitThreshold": 1000,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "selector": null,
              "operator": "IPMatch",
              "negateCondition": false,
              "matchValue": [
                "192.168.1.0/24",
                "10.0.0.0/24"
              ],
              "transforms": []
            }
          ],
          "action": "Block"
        },
        {
          "name": "Rule2",
          "priority": 2,
          "enabledState": "Enabled",
          "ruleType": "MatchRule",
          "rateLimitDurationInMinutes": 0,
          "rateLimitThreshold": 0,
          "matchConditions": [
            {
              "matchVariable": "RemoteAddr",
              "selector": null,
              "operator": "GeoMatch",
              "negateCondition": false,
              "matchValue": [
                "CH"
              ]
            },
            {
              "matchVariable": "RequestHeader",
              "selector": "UserAgent",
              "operator": "Contains",
              "negateCondition": false,
              "matchValue": [
                "windows"
              ],
              "transforms": [
                "Lowercase"
              ]
            }
          ],
          "action": "Block"
        }
      ]
    },
    "managedRules": {
      "managedRuleSets": [
        {
          "ruleSetType": "DefaultRuleSet",
          "ruleSetVersion": "1.0",
          "ruleSetAction": "Block",
          "exclusions": [
            {
              "matchVariable": "RequestHeaderNames",
              "selectorMatchOperator": "Equals",
              "selector": "User-Agent"
            }
          ],
          "ruleGroupOverrides": [
            {
              "ruleGroupName": "SQLI",
              "exclusions": [
                {
                  "matchVariable": "RequestCookieNames",
                  "selectorMatchOperator": "StartsWith",
                  "selector": "token"
                }
              ],
              "rules": [
                {
                  "ruleId": "942100",
                  "enabledState": "Enabled",
                  "action": "Redirect",
                  "exclusions": [
                    {
                      "matchVariable": "QueryStringArgNames",
                      "selectorMatchOperator": "Equals",
                      "selector": "query"
                    }
                  ]
                },
                {
                  "ruleId": "942110",
                  "enabledState": "Disabled"
                }
              ]
            }
          ]
        }
      ]
    },
    "frontendEndpointLinks": [],
    "securityPolicyLinks": []
  },
  "sku": {
    "name": "Premium_AzureFrontDoor"
  }
}

Definisi

Nama	Deskripsi
scrubbingRuleEntryMatchOperator	Ketika matchVariable adalah koleksi, operasikan pada pemilih untuk menentukan elemen mana dalam koleksi tempat aturan ini berlaku.
scrubbingRuleEntryState	Menentukan status aturan scrubbing log. Nilai default diaktifkan.
ActionType	Menentukan tindakan yang akan diambil pada kecocokan aturan.
CustomRule	Menentukan konten aturan aplikasi web
CustomRuleEnabledState	Menjelaskan apakah aturan kustom dalam status diaktifkan atau dinonaktifkan. Default ke Diaktifkan jika tidak ditentukan.
CustomRuleList	Menentukan konten aturan kustom
ErrorResponse	Respons kesalahan menunjukkan layanan Front Door tidak dapat memproses permintaan masuk. Alasannya disediakan dalam pesan kesalahan.
FrontendEndpointLink	Menentukan ID Sumber Daya untuk Titik Akhir Frontend.
GroupByVariable	Menjelaskan variabel yang tersedia untuk mengelompokkan permintaan batas tarif
ManagedRuleEnabledState	Menjelaskan apakah aturan terkelola dalam status diaktifkan atau dinonaktifkan.
ManagedRuleExclusion	Mengecualikan variabel dari evaluasi aturan terkelola.
ManagedRuleExclusionMatchVariable	Jenis variabel yang akan dikecualikan.
ManagedRuleExclusionSelectorMatchOperator	Operator perbandingan untuk diterapkan ke pemilih saat menentukan elemen mana dalam koleksi tempat pengecualian ini berlaku.
ManagedRuleGroupOverride	Menentukan pengaturan penimpaan grup aturan terkelola.
ManagedRuleOverride	Menentukan pengaturan penimpaan grup aturan terkelola.
ManagedRuleSet	Menentukan seperangkat aturan terkelola.
ManagedRuleSetActionType	Menentukan tindakan yang harus diambil saat ambang skor kumpulan aturan terkelola terpenuhi.
ManagedRuleSetList	Menentukan daftar seperangkat aturan terkelola untuk kebijakan.
MatchCondition	Tentukan kondisi kecocokan.
MatchVariable	Minta variabel untuk dibandingkan dengan.
Operator	Jenis perbandingan yang digunakan untuk pencocokan dengan nilai variabel.
PolicyEnabledState	Menjelaskan apakah kebijakan dalam status diaktifkan atau dinonaktifkan. Default ke Diaktifkan jika tidak ditentukan.
PolicyMode	Menjelaskan apakah dalam mode deteksi atau mode pencegahan pada tingkat kebijakan.
PolicyRequestBodyCheck	Menjelaskan apakah aturan terkelola kebijakan akan memeriksa konten isi permintaan.
PolicyResourceState	Status sumber daya kebijakan.
PolicySettings	Menentukan pengaturan konfigurasi WebApplicationFirewallPolicy tingkat atas.
RoutingRuleLink	Menentukan ID Sumber Daya untuk Aturan Perutean.
RuleType	Menjelaskan jenis aturan.
scrubbingRuleEntryMatchVariable	Variabel yang akan digosok dari log.
SecurityPolicyLink	Menentukan ID Sumber Daya untuk Kebijakan Keamanan.
Sku	Tingkat harga kebijakan firewall aplikasi web.
SkuName	Nama tingkat harga.
TransformType	Menjelaskan transformasi apa yang diterapkan sebelum pencocokan.
VariableName	Menjelaskan variabel yang didukung untuk grup menurut
WebApplicationFirewallPolicy	Menentukan kebijakan firewall aplikasi web.
WebApplicationFirewallScrubbingRules	Menentukan konten aturan scrubbing log.
WebApplicationFirewallScrubbingState	Status konfigurasi scrubbing log. Nilai default Diaktifkan.

scrubbingRuleEntryMatchOperator

Ketika matchVariable adalah koleksi, operasikan pada pemilih untuk menentukan elemen mana dalam koleksi tempat aturan ini berlaku.

Nama	Jenis	Deskripsi
Equals	string
EqualsAny	string

scrubbingRuleEntryState

Menentukan status aturan scrubbing log. Nilai default diaktifkan.

Nama	Jenis	Deskripsi
Disabled	string
Enabled	string

ActionType

Menentukan tindakan yang akan diambil pada kecocokan aturan.

Nama	Jenis	Deskripsi
Allow	string
AnomalyScoring	string
Block	string
JSChallenge	string
Log	string
Redirect	string

CustomRule

Menentukan konten aturan aplikasi web

Nama	Jenis	Deskripsi
action	ActionType	Menjelaskan tindakan apa yang akan diterapkan saat aturan cocok.
enabledState	CustomRuleEnabledState	Menjelaskan apakah aturan kustom dalam status diaktifkan atau dinonaktifkan. Default ke Diaktifkan jika tidak ditentukan.
groupBy	GroupByVariable[]	Menjelaskan daftar variabel untuk mengelompokkan permintaan batas tarif
matchConditions	MatchCondition[]	Daftar kondisi kecocokan.
name	string	Menjelaskan nama aturan.
priority	integer	Menjelaskan prioritas aturan. Aturan dengan nilai yang lebih rendah akan dievaluasi sebelum aturan dengan nilai yang lebih tinggi.
rateLimitDurationInMinutes	integer	Jendela waktu untuk mengatur ulang jumlah batas laju. Defaultnya adalah 1 menit.
rateLimitThreshold	integer	Jumlah permintaan yang diizinkan per klien dalam jendela waktu.
ruleType	RuleType	Menjelaskan jenis aturan.

CustomRuleEnabledState

Menjelaskan apakah aturan kustom dalam status diaktifkan atau dinonaktifkan. Default ke Diaktifkan jika tidak ditentukan.

Nama	Jenis	Deskripsi
Disabled	string
Enabled	string

CustomRuleList

Menentukan konten aturan kustom

Nama	Jenis	Deskripsi
rules	CustomRule[]	Daftar aturan

ErrorResponse

Respons kesalahan menunjukkan layanan Front Door tidak dapat memproses permintaan masuk. Alasannya disediakan dalam pesan kesalahan.

Nama	Jenis	Deskripsi
code	string	Kode Kesalahan.
message	string	Pesan kesalahan yang menunjukkan mengapa operasi gagal.

FrontendEndpointLink

Menentukan ID Sumber Daya untuk Titik Akhir Frontend.

Nama	Jenis	Deskripsi
id	string	ID Sumber Daya.

GroupByVariable

Menjelaskan variabel yang tersedia untuk mengelompokkan permintaan batas tarif

Nama	Jenis	Deskripsi
variableName	VariableName	Menjelaskan variabel yang didukung untuk grup menurut

ManagedRuleEnabledState

Menjelaskan apakah aturan terkelola dalam status diaktifkan atau dinonaktifkan.

Nama	Jenis	Deskripsi
Disabled	string
Enabled	string

ManagedRuleExclusion

Mengecualikan variabel dari evaluasi aturan terkelola.

Nama	Jenis	Deskripsi
matchVariable	ManagedRuleExclusionMatchVariable	Jenis variabel yang akan dikecualikan.
selector	string	Nilai pemilih tempat elemen dalam koleksi pengecualian ini berlaku.
selectorMatchOperator	ManagedRuleExclusionSelectorMatchOperator	Operator perbandingan untuk diterapkan ke pemilih saat menentukan elemen mana dalam koleksi tempat pengecualian ini berlaku.

ManagedRuleExclusionMatchVariable

Jenis variabel yang akan dikecualikan.

Nama	Jenis	Deskripsi
QueryStringArgNames	string
RequestBodyJsonArgNames	string
RequestBodyPostArgNames	string
RequestCookieNames	string
RequestHeaderNames	string

ManagedRuleExclusionSelectorMatchOperator

Operator perbandingan untuk diterapkan ke pemilih saat menentukan elemen mana dalam koleksi tempat pengecualian ini berlaku.

Nama	Jenis	Deskripsi
Contains	string
EndsWith	string
Equals	string
EqualsAny	string
StartsWith	string

ManagedRuleGroupOverride

Menentukan pengaturan penimpaan grup aturan terkelola.

Nama	Jenis	Deskripsi
exclusions	ManagedRuleExclusion[]	Menjelaskan pengecualian yang diterapkan ke semua aturan dalam grup.
ruleGroupName	string	Menjelaskan grup aturan terkelola untuk diambil alih.
rules	ManagedRuleOverride[]	Daftar aturan yang akan dinonaktifkan. Jika tidak ada yang ditentukan, semua aturan dalam grup akan dinonaktifkan.

ManagedRuleOverride

Menentukan pengaturan penimpaan grup aturan terkelola.

Nama	Jenis	Deskripsi
action	ActionType	Menjelaskan tindakan penimpaan yang akan diterapkan saat aturan cocok.
enabledState	ManagedRuleEnabledState	Menjelaskan apakah aturan terkelola dalam status diaktifkan atau dinonaktifkan. Default ke Dinonaktifkan jika tidak ditentukan.
exclusions	ManagedRuleExclusion[]	Menjelaskan pengecualian yang diterapkan ke aturan khusus ini.
ruleId	string	Pengidentifikasi untuk aturan terkelola.

ManagedRuleSet

Menentukan seperangkat aturan terkelola.

Nama	Jenis	Deskripsi
exclusions	ManagedRuleExclusion[]	Menjelaskan pengecualian yang diterapkan ke semua aturan dalam set.
ruleGroupOverrides	ManagedRuleGroupOverride[]	Menentukan penimpaan grup aturan untuk diterapkan ke seperangkat aturan.
ruleSetAction	ManagedRuleSetActionType	ruleSetAction Menentukan tindakan seperangkat aturan.
ruleSetType	string	Menentukan jenis seperangkat aturan yang akan digunakan.
ruleSetVersion	string	Menentukan versi seperangkat aturan yang akan digunakan.

ManagedRuleSetActionType

Menentukan tindakan yang harus diambil saat ambang skor kumpulan aturan terkelola terpenuhi.

Nama	Jenis	Deskripsi
Block	string
Log	string
Redirect	string

ManagedRuleSetList

Menentukan daftar seperangkat aturan terkelola untuk kebijakan.

Nama	Jenis	Deskripsi
managedRuleSets	ManagedRuleSet[]	Daftar seperangkat aturan.

MatchCondition

Tentukan kondisi kecocokan.

Nama	Jenis	Deskripsi
matchValue	string[]	Daftar kemungkinan nilai kecocokan.
matchVariable	MatchVariable	Minta variabel untuk dibandingkan dengan.
negateCondition	boolean	Menjelaskan apakah hasil kondisi ini harus dinegasikan.
operator	Operator	Jenis perbandingan yang digunakan untuk pencocokan dengan nilai variabel.
selector	string	Cocokkan dengan kunci tertentu dari variabel QueryString, PostArgs, RequestHeader, atau Cookies. Defaultnya adalah null.
transforms	TransformType[]	Daftar transformasi.

MatchVariable

Minta variabel untuk dibandingkan dengan.

Nama	Jenis	Deskripsi
Cookies	string
PostArgs	string
QueryString	string
RemoteAddr	string
RequestBody	string
RequestHeader	string
RequestMethod	string
RequestUri	string
SocketAddr	string

Operator

Jenis perbandingan yang digunakan untuk pencocokan dengan nilai variabel.

Nama	Jenis	Deskripsi
Any	string
BeginsWith	string
Contains	string
EndsWith	string
Equal	string
GeoMatch	string
GreaterThan	string
GreaterThanOrEqual	string
IPMatch	string
LessThan	string
LessThanOrEqual	string
RegEx	string

PolicyEnabledState

Menjelaskan apakah kebijakan dalam status diaktifkan atau dinonaktifkan. Default ke Diaktifkan jika tidak ditentukan.

Nama	Jenis	Deskripsi
Disabled	string
Enabled	string

PolicyMode

Menjelaskan apakah dalam mode deteksi atau mode pencegahan pada tingkat kebijakan.

Nama	Jenis	Deskripsi
Detection	string
Prevention	string

PolicyRequestBodyCheck

Menjelaskan apakah aturan terkelola kebijakan akan memeriksa konten isi permintaan.

Nama	Jenis	Deskripsi
Disabled	string
Enabled	string

PolicyResourceState

Status sumber daya kebijakan.

Nama	Jenis	Deskripsi
Creating	string
Deleting	string
Disabled	string
Disabling	string
Enabled	string
Enabling	string

PolicySettings

Menentukan pengaturan konfigurasi WebApplicationFirewallPolicy tingkat atas.

Nama	Jenis	Deskripsi
customBlockResponseBody	string	Jika jenis tindakan diblokir, pelanggan dapat mengambil alih isi respons. Isi harus ditentukan dalam pengodean base64.
customBlockResponseStatusCode	integer	Jika jenis tindakan diblokir, pelanggan dapat mengambil alih kode status respons.
enabledState	PolicyEnabledState	Menjelaskan apakah kebijakan dalam status diaktifkan atau dinonaktifkan. Default ke Diaktifkan jika tidak ditentukan.
javascriptChallengeExpirationInMinutes	integer	Menentukan masa pakai validitas cookie tantangan JavaScript dalam hitungan menit. Pengaturan ini hanya berlaku untuk Premium_AzureFrontDoor. Nilai harus berupa bilangan bulat antara 5 dan 1440 dengan nilai defaultnya adalah 30.
logScrubbing.scrubbingRules	WebApplicationFirewallScrubbingRules[]	Daftar aturan scrubbing log yang diterapkan ke log Web Application Firewall.
logScrubbing.state	WebApplicationFirewallScrubbingState	Status konfigurasi scrubbing log. Nilai default Diaktifkan.
mode	PolicyMode	Menjelaskan apakah dalam mode deteksi atau mode pencegahan pada tingkat kebijakan.
redirectUrl	string	Jika jenis tindakan dialihkan, bidang ini mewakili URL pengalihan untuk klien.
requestBodyCheck	PolicyRequestBodyCheck	Menjelaskan apakah aturan terkelola kebijakan akan memeriksa konten isi permintaan.

RoutingRuleLink

Menentukan ID Sumber Daya untuk Aturan Perutean.

Nama	Jenis	Deskripsi
id	string	ID Sumber Daya.

RuleType

Menjelaskan jenis aturan.

Nama	Jenis	Deskripsi
MatchRule	string
RateLimitRule	string

scrubbingRuleEntryMatchVariable

Variabel yang akan digosok dari log.

Nama	Jenis	Deskripsi
QueryStringArgNames	string
RequestBodyJsonArgNames	string
RequestBodyPostArgNames	string
RequestCookieNames	string
RequestHeaderNames	string
RequestIPAddress	string
RequestUri	string

SecurityPolicyLink

Menentukan ID Sumber Daya untuk Kebijakan Keamanan.

Nama	Jenis	Deskripsi
id	string	ID Sumber Daya.

Sku

Tingkat harga kebijakan firewall aplikasi web.

Nama	Jenis	Deskripsi
name	SkuName	Nama tingkat harga.

SkuName

Nama tingkat harga.

Nama	Jenis	Deskripsi
Classic_AzureFrontDoor	string
Premium_AzureFrontDoor	string
Standard_AzureFrontDoor	string

TransformType

Menjelaskan transformasi apa yang diterapkan sebelum pencocokan.

Nama	Jenis	Deskripsi
Lowercase	string
RemoveNulls	string
Trim	string
Uppercase	string
UrlDecode	string
UrlEncode	string

VariableName

Menjelaskan variabel yang didukung untuk grup menurut

Nama	Jenis	Deskripsi
GeoLocation	string
None	string
SocketAddr	string

WebApplicationFirewallPolicy

Menentukan kebijakan firewall aplikasi web.

Nama	Jenis	Deskripsi
etag	string	Mendapatkan string baca-saja unik yang berubah setiap kali sumber daya diperbarui.
id	string	ID Sumber Daya.
location	string	Lokasi sumber daya.
name	string	Nama sumber daya.
properties.customRules	CustomRuleList	Menjelaskan aturan kustom di dalam kebijakan.
properties.frontendEndpointLinks	FrontendEndpointLink[]	Menjelaskan Titik Akhir Frontend yang terkait dengan kebijakan Web Application Firewall ini.
properties.managedRules	ManagedRuleSetList	Menjelaskan aturan terkelola di dalam kebijakan.
properties.policySettings	PolicySettings	Menjelaskan pengaturan untuk kebijakan.
properties.provisioningState	string	Status penyediaan kebijakan.
properties.resourceState	PolicyResourceState	Status sumber daya kebijakan.
properties.routingRuleLinks	RoutingRuleLink[]	Menjelaskan Aturan Perutean yang terkait dengan kebijakan Web Application Firewall ini.
properties.securityPolicyLinks	SecurityPolicyLink[]	Menjelaskan Kebijakan Keamanan yang terkait dengan kebijakan Web Application Firewall ini.
sku	Sku	Tingkat harga kebijakan firewall aplikasi web. Default ke Classic_AzureFrontDoor jika tidak ditentukan.
tags	object	Tag sumber daya.
type	string	Jenis sumber daya

WebApplicationFirewallScrubbingRules

Menentukan konten aturan scrubbing log.

Nama	Jenis	Deskripsi
matchVariable	scrubbingRuleEntryMatchVariable	Variabel yang akan digosok dari log.
selector	string	Ketika matchVariable adalah koleksi, operator yang digunakan untuk menentukan elemen mana dalam koleksi tempat aturan ini berlaku.
selectorMatchOperator	scrubbingRuleEntryMatchOperator	Ketika matchVariable adalah koleksi, operasikan pada pemilih untuk menentukan elemen mana dalam koleksi tempat aturan ini berlaku.
state	scrubbingRuleEntryState	Menentukan status aturan scrubbing log. Nilai default diaktifkan.

WebApplicationFirewallScrubbingState

Status konfigurasi scrubbing log. Nilai default Diaktifkan.

Nama	Jenis	Deskripsi
Disabled	string
Enabled	string

Bagikan melalui

Policies - Create Or Update

Parameter URI

Isi Permintaan

Respons

Keamanan

azure_auth

Cakupan

Contoh

Creates specific policy

Permintaan sampel

Respon sampel

Definisi

scrubbingRuleEntryMatchOperator

scrubbingRuleEntryState

ActionType

CustomRule

CustomRuleEnabledState

CustomRuleList

ErrorResponse

FrontendEndpointLink

GroupByVariable

ManagedRuleEnabledState

ManagedRuleExclusion

ManagedRuleExclusionMatchVariable

ManagedRuleExclusionSelectorMatchOperator

ManagedRuleGroupOverride

ManagedRuleOverride

ManagedRuleSet

ManagedRuleSetActionType

ManagedRuleSetList

MatchCondition

MatchVariable

Operator

PolicyEnabledState

PolicyMode

PolicyRequestBodyCheck

PolicyResourceState

PolicySettings

RoutingRuleLink

RuleType

scrubbingRuleEntryMatchVariable

SecurityPolicyLink

Sku

SkuName

TransformType

VariableName

WebApplicationFirewallPolicy

WebApplicationFirewallScrubbingRules

WebApplicationFirewallScrubbingState

Sumber Daya Tambahan: