network.azure.com/v1api20240101

"2024-01-01"

"Allow"

"AnomalyScoring"

"Block"

"JSChallenge"

"Log"

"Allow"

"AnomalyScoring"

"Block"

"JSChallenge"

"Log"

"Allow"

"AnomalyScoring"

"Block"

"JSChallenge"

"Log"

"Allow"

"AnomalyScoring"

"Block"

"JSChallenge"

"Log"

ApplicationGateways: A collection of references to application gateways.

Conditions: The observed state of the resource

CustomRules: The custom rules inside the policy.

Etag: A unique read-only string that changes whenever the resource is updated.

HttpListeners: A collection of references to application gateway http listeners.

Id: Resource ID.

Location: Resource location.

ManagedRules: Describes the managedRules structure.

Name: Resource name.

PathBasedRules: A collection of references to application gateway path rules.

PolicySettings: The PolicySettings for policy.

ProvisioningState: The provisioning state of the web application firewall policy resource.

ResourceState: Resource status of the policy.

Tags: Resource tags.

Type: Resource type.

Etag: A unique read-only string that changes whenever the resource is updated.

Id: Resource ID.

Location: Resource location.

Name: Resource name.

Properties: Properties of the web application firewall policy.

Tags: Resource tags.

Type: Resource type.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

CustomRules: The custom rules inside the policy.

Location: Resource location.

ManagedRules: Describes the managedRules structure.

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource

PolicySettings: The PolicySettings for policy.

Tags: Resource tags.

Location: Resource location.

Properties: Properties of the web application firewall policy.

Tags: Resource tags.

Id: Resource ID.

Id: Resource ID.

ProvisioningState: The provisioning state of the application security group resource.

ResourceGuid: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.

Conditions: The observed state of the resource

Etag: A unique read-only string that changes whenever the resource is updated.

Id: Resource ID.

Location: Resource location.

Name: Resource name.

ProvisioningState: The provisioning state of the application security group resource.

ResourceGuid: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.

Tags: Resource tags.

Type: Resource type.

Etag: A unique read-only string that changes whenever the resource is updated.

Id: Resource ID.

Location: Resource location.

Name: Resource name.

Properties: Properties of the application security group.

Tags: Resource tags.

Type: Resource type.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

Location: Resource location.

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource

Tags: Resource tags.

Location: Resource location.

Tags: Resource tags.

RuleId: Identifier for the managed rule.

RuleGroupName: The managed rule group for exclusion.

Rules: List of rules that will be excluded. If none specified, all rules in the group will be excluded.

RuleGroupName: The managed rule group for exclusion.

Rules: List of rules that will be excluded. If none specified, all rules in the group will be excluded.

RuleGroupName: The managed rule group for exclusion.

Rules: List of rules that will be excluded. If none specified, all rules in the group will be excluded.

RuleGroupName: The managed rule group for exclusion.

Rules: List of rules that will be excluded. If none specified, all rules in the group will be excluded.

RuleGroups: Defines the rule groups to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleGroups: Defines the rule groups to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleGroups: Defines the rule groups to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleGroups: Defines the rule groups to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleId: Identifier for the managed rule.

RuleId: Identifier for the managed rule.

RuleId: Identifier for the managed rule.

GroupByVariables: List of group by clause variables.

GroupByVariables: List of group by clause variables.

GroupByVariables: List of group by clause variables.

GroupByVariables: List of group by clause variables.

VariableName: User Session clause variable.

VariableName: User Session clause variable.

VariableName: User Session clause variable.

VariableName: User Session clause variable.

"ClientAddr"

"GeoLocation"

"None"

"ClientAddr"

"GeoLocation"

"None"

"ClientAddr"

"GeoLocation"

"None"

"ClientAddr"

"GeoLocation"

"None"

RuleGroupName: The managed rule group to override.

Rules: List of rules that will be disabled. If none specified, all rules in the group will be disabled.

RuleGroupName: The managed rule group to override.

Rules: List of rules that will be disabled. If none specified, all rules in the group will be disabled.

RuleGroupName: The managed rule group to override.

Rules: List of rules that will be disabled. If none specified, all rules in the group will be disabled.

RuleGroupName: The managed rule group to override.

Rules: List of rules that will be disabled. If none specified, all rules in the group will be disabled.

Action: Describes the override action to be applied when rule matches.

RuleId: Identifier for the managed rule.

State: The state of the managed rule. Defaults to Disabled if not specified.

Action: Describes the override action to be applied when rule matches.

RuleId: Identifier for the managed rule.

State: The state of the managed rule. Defaults to Disabled if not specified.

Action: Describes the override action to be applied when rule matches.

RuleId: Identifier for the managed rule.

State: The state of the managed rule. Defaults to Disabled if not specified.

Action: Describes the override action to be applied when rule matches.

RuleId: Identifier for the managed rule.

State: The state of the managed rule. Defaults to Disabled if not specified.

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

RuleGroupOverrides: Defines the rule group overrides to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleGroupOverrides: Defines the rule group overrides to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleGroupOverrides: Defines the rule group overrides to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

RuleGroupOverrides: Defines the rule group overrides to apply to the rule set.

RuleSetType: Defines the rule set type to use.

RuleSetVersion: Defines the version of the rule set to use.

Exclusions: The Exclusions that are applied on the policy.

ManagedRuleSets: The managed rule sets that are associated with the policy.

Exclusions: The Exclusions that are applied on the policy.

ManagedRuleSets: The managed rule sets that are associated with the policy.

Exclusions: The Exclusions that are applied on the policy.

ManagedRuleSets: The managed rule sets that are associated with the policy.

Exclusions: The Exclusions that are applied on the policy.

ManagedRuleSets: The managed rule sets that are associated with the policy.

MatchValues: Match value.

MatchVariables: List of match variables.

NegationConditon: Whether this is negate condition or not.

Operator: The operator to be matched.

Transforms: List of transforms.

MatchValues: Match value.

MatchVariables: List of match variables.

NegationConditon: Whether this is negate condition or not.

Operator: The operator to be matched.

Transforms: List of transforms.

"Any"

"BeginsWith"

"Contains"

"EndsWith"

"Equal"

"GeoMatch"

"GreaterThan"

"GreaterThanOrEqual"

"IPMatch"

"LessThan"

"LessThanOrEqual"

"Regex"

"Any"

"BeginsWith"

"Contains"

"EndsWith"

"Equal"

"GeoMatch"

"GreaterThan"

"GreaterThanOrEqual"

"IPMatch"

"LessThan"

"LessThanOrEqual"

"Regex"

"Any"

"BeginsWith"

"Contains"

"EndsWith"

"Equal"

"GeoMatch"

"GreaterThan"

"GreaterThanOrEqual"

"IPMatch"

"LessThan"

"LessThanOrEqual"

"Regex"

"Any"

"BeginsWith"

"Contains"

"EndsWith"

"Equal"

"GeoMatch"

"GreaterThan"

"GreaterThanOrEqual"

"IPMatch"

"LessThan"

"LessThanOrEqual"

"Regex"

MatchValues: Match value.

MatchVariables: List of match variables.

NegationConditon: Whether this is negate condition or not.

Operator: The operator to be matched.

Transforms: List of transforms.

MatchValues: Match value.

MatchVariables: List of match variables.

NegationConditon: Whether this is negate condition or not.

Operator: The operator to be matched.

Transforms: List of transforms.

Selector: The selector of match variable.

VariableName: Match Variable.

Selector: The selector of match variable.

VariableName: Match Variable.

Selector: The selector of match variable.

VariableName: Match Variable.

Selector: The selector of match variable.

VariableName: Match Variable.

"PostArgs"

"QueryString"

"RemoteAddr"

"RequestBody"

"RequestCookies"

"RequestHeaders"

"RequestMethod"

"RequestUri"

"PostArgs"

"QueryString"

"RemoteAddr"

"RequestBody"

"RequestCookies"

"RequestHeaders"

"RequestMethod"

"RequestUri"

"PostArgs"

"QueryString"

"RemoteAddr"

"RequestBody"

"RequestCookies"

"RequestHeaders"

"RequestMethod"

"RequestUri"

"PostArgs"

"QueryString"

"RemoteAddr"

"RequestBody"

"RequestCookies"

"RequestHeaders"

"RequestMethod"

"RequestUri"

ExclusionManagedRuleSets: The managed rule sets that are associated with the exclusion.

MatchVariable: The variable to be excluded.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

ExclusionManagedRuleSets: The managed rule sets that are associated with the exclusion.

MatchVariable: The variable to be excluded.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

"RequestArgKeys"

"RequestArgNames"

"RequestArgValues"

"RequestCookieKeys"

"RequestCookieNames"

"RequestCookieValues"

"RequestHeaderKeys"

"RequestHeaderNames"

"RequestHeaderValues"

"RequestArgKeys"

"RequestArgNames"

"RequestArgValues"

"RequestCookieKeys"

"RequestCookieNames"

"RequestCookieValues"

"RequestHeaderKeys"

"RequestHeaderNames"

"RequestHeaderValues"

"RequestArgKeys"

"RequestArgNames"

"RequestArgValues"

"RequestCookieKeys"

"RequestCookieNames"

"RequestCookieValues"

"RequestHeaderKeys"

"RequestHeaderNames"

"RequestHeaderValues"

"RequestArgKeys"

"RequestArgNames"

"RequestArgValues"

"RequestCookieKeys"

"RequestCookieNames"

"RequestCookieValues"

"RequestHeaderKeys"

"RequestHeaderNames"

"RequestHeaderValues"

ExclusionManagedRuleSets: The managed rule sets that are associated with the exclusion.

MatchVariable: The variable to be excluded.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

ExclusionManagedRuleSets: The managed rule sets that are associated with the exclusion.

MatchVariable: The variable to be excluded.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

"Contains"

"EndsWith"

"Equals"

"EqualsAny"

"StartsWith"

"Contains"

"EndsWith"

"Equals"

"EqualsAny"

"StartsWith"

"Contains"

"EndsWith"

"Equals"

"EqualsAny"

"StartsWith"

"Contains"

"EndsWith"

"Equals"

"EqualsAny"

"StartsWith"

CustomBlockResponseBody: If the action type is block, customer can override the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode: If the action type is block, customer can override the response status code.

FileUploadEnforcement: Whether allow WAF to enforce file upload limits.

FileUploadLimitInMb: Maximum file upload size in Mb for WAF.

JsChallengeCookieExpirationInMins: Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.

LogScrubbing: To scrub sensitive log fields

MaxRequestBodySizeInKb: Maximum request body size in Kb for WAF.

Mode: The mode of the policy.

RequestBodyCheck: Whether to allow WAF to check request Body.

RequestBodyEnforcement: Whether allow WAF to enforce request body limits.

RequestBodyInspectLimitInKB: Max inspection limit in KB for request body inspection for WAF.

State: The state of the policy.

CustomBlockResponseBody: If the action type is block, customer can override the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode: If the action type is block, customer can override the response status code.

FileUploadEnforcement: Whether allow WAF to enforce file upload limits.

FileUploadLimitInMb: Maximum file upload size in Mb for WAF.

JsChallengeCookieExpirationInMins: Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.

LogScrubbing: To scrub sensitive log fields

MaxRequestBodySizeInKb: Maximum request body size in Kb for WAF.

Mode: The mode of the policy.

RequestBodyCheck: Whether to allow WAF to check request Body.

RequestBodyEnforcement: Whether allow WAF to enforce request body limits.

RequestBodyInspectLimitInKB: Max inspection limit in KB for request body inspection for WAF.

State: The state of the policy.

ScrubbingRules: The rules that are applied to the logs for scrubbing.

State: State of the log scrubbing config. Default value is Enabled.

ScrubbingRules: The rules that are applied to the logs for scrubbing.

State: State of the log scrubbing config. Default value is Enabled.

ScrubbingRules: The rules that are applied to the logs for scrubbing.

State: State of the log scrubbing config. Default value is Enabled.

ScrubbingRules: The rules that are applied to the logs for scrubbing.

State: State of the log scrubbing config. Default value is Enabled.

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Detection"

"Prevention"

"Detection"

"Prevention"

"Detection"

"Prevention"

"Detection"

"Prevention"

CustomBlockResponseBody: If the action type is block, customer can override the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode: If the action type is block, customer can override the response status code.

FileUploadEnforcement: Whether allow WAF to enforce file upload limits.

FileUploadLimitInMb: Maximum file upload size in Mb for WAF.

JsChallengeCookieExpirationInMins: Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.

LogScrubbing: To scrub sensitive log fields

MaxRequestBodySizeInKb: Maximum request body size in Kb for WAF.

Mode: The mode of the policy.

RequestBodyCheck: Whether to allow WAF to check request Body.

RequestBodyEnforcement: Whether allow WAF to enforce request body limits.

RequestBodyInspectLimitInKB: Max inspection limit in KB for request body inspection for WAF.

State: The state of the policy.

CustomBlockResponseBody: If the action type is block, customer can override the response body. The body must be specified in base64 encoding.

CustomBlockResponseStatusCode: If the action type is block, customer can override the response status code.

FileUploadEnforcement: Whether allow WAF to enforce file upload limits.

FileUploadLimitInMb: Maximum file upload size in Mb for WAF.

JsChallengeCookieExpirationInMins: Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.

LogScrubbing: To scrub sensitive log fields

MaxRequestBodySizeInKb: Maximum request body size in Kb for WAF.

Mode: The mode of the policy.

RequestBodyCheck: Whether to allow WAF to check request Body.

RequestBodyEnforcement: Whether allow WAF to enforce request body limits.

RequestBodyInspectLimitInKB: Max inspection limit in KB for request body inspection for WAF.

State: The state of the policy.

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Deleting"

"Failed"

"Succeeded"

"Updating"

"Deleting"

"Failed"

"Succeeded"

"Updating"

Id: Resource ID.

Id: Resource ID.

"HtmlEntityDecode"

"Lowercase"

"RemoveNulls"

"Trim"

"Uppercase"

"UrlDecode"

"UrlEncode"

"HtmlEntityDecode"

"Lowercase"

"RemoveNulls"

"Trim"

"Uppercase"

"UrlDecode"

"UrlEncode"

"HtmlEntityDecode"

"Lowercase"

"RemoveNulls"

"Trim"

"Uppercase"

"UrlDecode"

"UrlEncode"

"HtmlEntityDecode"

"Lowercase"

"RemoveNulls"

"Trim"

"Uppercase"

"UrlDecode"

"UrlEncode"

Action: Type of Actions.

GroupByUserSession: List of user session identifier group by clauses.

MatchConditions: List of match conditions.

Name: The name of the resource that is unique within a policy. This name can be used to access the resource.

Priority: Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RateLimitDuration: Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

RateLimitThreshold: Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1

RuleType: The rule type.

State: Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

Action: Type of Actions.

GroupByUserSession: List of user session identifier group by clauses.

MatchConditions: List of match conditions.

Name: The name of the resource that is unique within a policy. This name can be used to access the resource.

Priority: Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RateLimitDuration: Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

RateLimitThreshold: Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1

RuleType: The rule type.

State: Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

"Allow"

"Block"

"JSChallenge"

"Log"

"Allow"

"Block"

"JSChallenge"

"Log"

"Allow"

"Block"

"JSChallenge"

"Log"

"Allow"

"Block"

"JSChallenge"

"Log"

"FiveMins"

"OneMin"

"FiveMins"

"OneMin"

"FiveMins"

"OneMin"

"FiveMins"

"OneMin"

"Invalid"

"MatchRule"

"RateLimitRule"

"Invalid"

"MatchRule"

"RateLimitRule"

"Invalid"

"MatchRule"

"RateLimitRule"

"Invalid"

"MatchRule"

"RateLimitRule"

Action: Type of Actions.

Etag: A unique read-only string that changes whenever the resource is updated.

GroupByUserSession: List of user session identifier group by clauses.

MatchConditions: List of match conditions.

Name: The name of the resource that is unique within a policy. This name can be used to access the resource.

Priority: Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RateLimitDuration: Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

RateLimitThreshold: Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1

RuleType: The rule type.

State: Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

Action: Type of Actions.

Etag: A unique read-only string that changes whenever the resource is updated.

GroupByUserSession: List of user session identifier group by clauses.

MatchConditions: List of match conditions.

Name: The name of the resource that is unique within a policy. This name can be used to access the resource.

Priority: Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RateLimitDuration: Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.

RateLimitThreshold: Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1

RuleType: The rule type.

State: Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

CustomRules: The custom rules inside the policy.

ManagedRules: Describes the managedRules structure.

PolicySettings: The PolicySettings for policy.

"Creating"

"Deleting"

"Disabled"

"Disabling"

"Enabled"

"Enabling"

"Creating"

"Deleting"

"Disabled"

"Disabling"

"Enabled"

"Enabling"

ApplicationGateways: A collection of references to application gateways.

CustomRules: The custom rules inside the policy.

HttpListeners: A collection of references to application gateway http listeners.

ManagedRules: Describes the managedRules structure.

PathBasedRules: A collection of references to application gateway path rules.

PolicySettings: The PolicySettings for policy.

ProvisioningState: The provisioning state of the web application firewall policy resource.

ResourceState: Resource status of the policy.

MatchVariable: The variable to be scrubbed from the logs.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.

State: Defines the state of log scrubbing rule. Default value is Enabled.

MatchVariable: The variable to be scrubbed from the logs.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.

State: Defines the state of log scrubbing rule. Default value is Enabled.

"RequestArgNames"

"RequestCookieNames"

"RequestHeaderNames"

"RequestIPAddress"

"RequestJSONArgNames"

"RequestPostArgNames"

"RequestArgNames"

"RequestCookieNames"

"RequestHeaderNames"

"RequestIPAddress"

"RequestJSONArgNames"

"RequestPostArgNames"

"RequestArgNames"

"RequestCookieNames"

"RequestHeaderNames"

"RequestIPAddress"

"RequestJSONArgNames"

"RequestPostArgNames"

"RequestArgNames"

"RequestCookieNames"

"RequestHeaderNames"

"RequestIPAddress"

"RequestJSONArgNames"

"RequestPostArgNames"

MatchVariable: The variable to be scrubbed from the logs.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.

State: Defines the state of log scrubbing rule. Default value is Enabled.

MatchVariable: The variable to be scrubbed from the logs.

Selector: When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to.

SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to.

State: Defines the state of log scrubbing rule. Default value is Enabled.

"Equals"

"EqualsAny"

"Equals"

"EqualsAny"

"Equals"

"EqualsAny"

"Equals"

"EqualsAny"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"