New-AzApplicationGatewayWebApplicationFirewallConfiguration

Creates a WAF configuration for an application gateway.

Syntax

New-AzApplicationGatewayWebApplicationFirewallConfiguration
   -Enabled <Boolean>
   -FirewallMode <String>
   [-RuleSetType <String>]
   [-RuleSetVersion <String>]
   [-DisabledRuleGroup <PSApplicationGatewayFirewallDisabledRuleGroup[]>]
   [-RequestBodyCheck <Boolean>]
   [-MaxRequestBodySizeInKb <Int32>]
   [-FileUploadLimitInMb <Int32>]
   [-Exclusion <PSApplicationGatewayFirewallExclusion[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzApplicationGatewayWebApplicationFirewallConfiguration cmdlet creates a web application firewall (WAF) configuration for an Azure application gateway.

Examples

Example 1: Create a web application firewall configuration for an application gateway

$disabledRuleGroup1 = New-AzApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-942-APPLICATION-ATTACK-SQLI" -Rules 942130,942140
$disabledRuleGroup2 = New-AzApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-921-PROTOCOL-ATTACK"
$firewallConfig = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention" -RuleSetType "OWASP" -RuleSetVersion "3.0" -DisabledRuleGroups $disabledRuleGroup1,$disabledRuleGroup2

The first command creates a new disabled rule group configuration for the rule group named "REQUEST-942-APPLICATION-ATTACK-SQLI" with rule 942130 and rule 942140 being disabled. The second command creates another disabled rule group configuration for a rule group named "REQUEST-921-PROTOCOL-ATTACK". No rules are specifically passed and thus all rules of the rule group will be disabled. The last command then creates a WAF configuration with firewall rules disabled as configured in $disabledRuleGroup1 and $disabledRuleGroup2. The new WAF configuration is stored in the $firewallConfig variable.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisabledRuleGroup

The disabled rule groups.

Type:PSApplicationGatewayFirewallDisabledRuleGroup[]
Aliases:DisabledRuleGroups
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Enabled

Indicates whether the WAF is enabled.

Type:Boolean
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Exclusion

The exclusion lists.

Type:PSApplicationGatewayFirewallExclusion[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FileUploadLimitInMb

Max file upload limit in MB.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FirewallMode

Specifies the web application firewall mode. The acceptable values for this parameter are:

  • Detection
  • Prevention
Type:String
Accepted values:Detection, Prevention
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-MaxRequestBodySizeInKb

Max request body size in KB.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequestBodyCheck

Whether request body is checked or not.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RuleSetType

The type of the web application firewall rule set. The acceptable values for this parameter are:

  • OWASP
Type:String
Accepted values:OWASP
Position:Named
Default value:OWASP
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RuleSetVersion

The version of the rule set type.

Type:String
Position:Named
Default value:3.0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

PSApplicationGatewayWebApplicationFirewallConfiguration