az network front-door waf-policy
Note
This reference is part of the front-door extension for the Azure CLI (version 2.57.0 or higher). The extension will automatically install the first time you run an az network front-door waf-policy command. Learn more about extensions.
Manage WebApplication Firewall (WAF) policies.
Commands
Name | Description | Type | Status |
---|---|---|---|
az network front-door waf-policy create |
Create policy with specified rule set name within a resource group. |
Extension | GA |
az network front-door waf-policy delete |
Delete Policy. |
Extension | GA |
az network front-door waf-policy list |
List all of the protection policies within a resource group. |
Extension | GA |
az network front-door waf-policy managed-rule-definition |
Learn about available managed rule sets. |
Extension | GA |
az network front-door waf-policy managed-rule-definition list |
Show a detailed list of available managed rule sets. |
Extension | GA |
az network front-door waf-policy managed-rules |
Change and view managed rule sets associated with your WAF policy. |
Extension | GA |
az network front-door waf-policy managed-rules add |
Add a managed rule set to a WAF policy. |
Extension | GA |
az network front-door waf-policy managed-rules exclusion |
View and alter exclusions on a managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules exclusion add |
Add an exclusion on a managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules exclusion list |
List the exclusions on managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules exclusion remove |
Remove an exclusion on a managed rule set, rule group, or rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules list |
Show which managed rule sets are applied to a WAF policy. |
Extension | GA |
az network front-door waf-policy managed-rules override |
View and alter overrides on managed rules within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules override add |
Add an override on a managed rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules override list |
List the overrides on managed rules within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules override remove |
Remove an override on a managed rule within a managed rule set. |
Extension | GA |
az network front-door waf-policy managed-rules remove |
Remove a managed rule set from a WAF policy. |
Extension | GA |
az network front-door waf-policy rule |
Manage WAF policy custom rules. |
Extension | GA |
az network front-door waf-policy rule create |
Create a WAF policy custom rule. Use --defer and add a rule match-condition. |
Extension | GA |
az network front-door waf-policy rule delete |
Delete a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy rule list |
List WAF policy custom rules. |
Extension | GA |
az network front-door waf-policy rule match-condition |
Alter match-conditions associated with a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy rule match-condition add |
Add a match-condition to a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy rule match-condition list |
Show all match-conditions associated with a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy rule match-condition remove |
Remove a match-condition from a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy rule show |
Get the details of a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy rule update |
Alter the details of a WAF policy custom rule. |
Extension | GA |
az network front-door waf-policy show |
Get protection policy with specified name within a resource group. |
Extension | GA |
az network front-door waf-policy update |
Update policy with specified rule set name within a resource group. |
Extension | GA |
az network front-door waf-policy wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az network front-door waf-policy create
Create policy with specified rule set name within a resource group.
az network front-door waf-policy create --name
--resource-group
[--custom-block-response-body]
[--custom-block-response-status-code]
[--custom-rules]
[--disabled {0, 1, f, false, n, no, t, true, y, yes}]
[--etag]
[--javascript-challenge-expiration-in-minutes]
[--location]
[--log-scrubbing]
[--managed-rules]
[--mode {Detection, Prevention}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--redirect-url]
[--request-body-check {Disabled, Enabled}]
[--sku {Classic_AzureFrontDoor, Premium_AzureFrontDoor, Standard_AzureFrontDoor}]
[--tags]
Required Parameters
The name of the Web Application Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
If the action type is block, customer can override the response status code.
Describes custom rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Create in a disabled state.
Gets a unique read-only string that changes whenever the resource is updated.
Defines the JavaScript challenge cookie validity lifetime in minutes. Value must be an integer between 5 and 1440 with the default value being 30.
Resource location.
Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Describes managed rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Describes if it is in detection mode or prevention mode at policy level.
Do not wait for the long-running operation to finish.
If action type is redirect, this field represents redirect URL for the client.
Describes if policy managed rules will inspect the request body content.
Name of the pricing tier.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network front-door waf-policy delete
Delete Policy.
az network front-door waf-policy delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Web Application Firewall Policy.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network front-door waf-policy list
List all of the protection policies within a resource group.
az network front-door waf-policy list --resource-group
[--max-items]
[--next-token]
Required Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token
argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network front-door waf-policy show
Get protection policy with specified name within a resource group.
az network front-door waf-policy show [--ids]
[--name]
[--resource-group]
[--subscription]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Web Application Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network front-door waf-policy update
Update policy with specified rule set name within a resource group.
az network front-door waf-policy update [--add]
[--custom-block-response-body]
[--custom-block-response-status-code]
[--custom-rules]
[--disabled {0, 1, f, false, n, no, t, true, y, yes}]
[--etag]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--javascript-challenge-expiration-in-minutes]
[--location]
[--log-scrubbing]
[--managed-rules]
[--mode {Detection, Prevention}]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--redirect-url]
[--remove]
[--request-body-check {Disabled, Enabled}]
[--resource-group]
[--set]
[--sku {Classic_AzureFrontDoor, Premium_AzureFrontDoor, Standard_AzureFrontDoor}]
[--subscription]
[--tags]
Examples
update log scrubbing
az network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}"
az network front-door waf-policy update -g rg -n n1 --log-scrubbing scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:Equals}"
az network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:RequestBodyJsonArgNames,selector-match-operator:EqualsAny}],state:Enabled}" scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:EqualsAny}"
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
If the action type is block, customer can override the response status code.
Describes custom rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Create in a disabled state.
Gets a unique read-only string that changes whenever the resource is updated.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Defines the JavaScript challenge cookie validity lifetime in minutes. Value must be an integer between 5 and 1440 with the default value being 30.
Resource location.
Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Describes managed rules inside the policy. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Describes if it is in detection mode or prevention mode at policy level.
The name of the Web Application Firewall Policy.
Do not wait for the long-running operation to finish.
If action type is redirect, this field represents redirect URL for the client.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
Describes if policy managed rules will inspect the request body content.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Name of the pricing tier.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network front-door waf-policy wait
Place the CLI in a waiting state until a condition is met.
az network front-door waf-policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
The name of the Web Application Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI