network.azure.com/v1api20240101
APIVersion
| Value | Description |
|---|---|
| “2024-01-01” |
ApplicationSecurityGroup
Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-01-01/applicationSecurityGroup.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationSecurityGroups/{applicationSecurityGroupName}
Used by: ApplicationSecurityGroupList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | ApplicationSecurityGroup_Spec Optional |
|
| status | ApplicationSecurityGroup_STATUS Optional |
ApplicationSecurityGroup_Spec
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| location | Resource location. | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | ApplicationSecurityGroupOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| tags | Resource tags. | map[string]string Optional |
ApplicationSecurityGroup_STATUS
| Property | Description | Type |
|---|---|---|
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| etag | A unique read-only string that changes whenever the resource is updated. | string Optional |
| id | Resource ID. | string Optional |
| location | Resource location. | string Optional |
| name | Resource name. | string Optional |
| provisioningState | The provisioning state of the application security group resource. | ProvisioningState_STATUS Optional |
| resourceGuid | The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups. | string Optional |
| tags | Resource tags. | map[string]string Optional |
| type | Resource type. | string Optional |
ApplicationSecurityGroupList
Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-01-01/applicationSecurityGroup.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationSecurityGroups/{applicationSecurityGroupName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | ApplicationSecurityGroup[] Optional |
WebApplicationFirewallPolicy
Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-01-01/webapplicationfirewall.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}
Used by: WebApplicationFirewallPolicyList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | WebApplicationFirewallPolicy_Spec Optional |
|
| status | WebApplicationFirewallPolicy_STATUS Optional |
WebApplicationFirewallPolicy_Spec
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| customRules | The custom rules inside the policy. | WebApplicationFirewallCustomRule[] Optional |
| location | Resource location. | string Optional |
| managedRules | Describes the managedRules structure. | ManagedRulesDefinition Required |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | WebApplicationFirewallPolicyOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| policySettings | The PolicySettings for policy. | PolicySettings Optional |
| tags | Resource tags. | map[string]string Optional |
WebApplicationFirewallPolicy_STATUS
| Property | Description | Type |
|---|---|---|
| applicationGateways | A collection of references to application gateways. | ApplicationGateway_STATUS_ApplicationGatewayWebApplicationFirewallPolicy_SubResourceEmbedded[] Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| customRules | The custom rules inside the policy. | WebApplicationFirewallCustomRule_STATUS[] Optional |
| etag | A unique read-only string that changes whenever the resource is updated. | string Optional |
| httpListeners | A collection of references to application gateway http listeners. | SubResource_STATUS[] Optional |
| id | Resource ID. | string Optional |
| location | Resource location. | string Optional |
| managedRules | Describes the managedRules structure. | ManagedRulesDefinition_STATUS Optional |
| name | Resource name. | string Optional |
| pathBasedRules | A collection of references to application gateway path rules. | SubResource_STATUS[] Optional |
| policySettings | The PolicySettings for policy. | PolicySettings_STATUS Optional |
| provisioningState | The provisioning state of the web application firewall policy resource. | ProvisioningState_STATUS Optional |
| resourceState | Resource status of the policy. | WebApplicationFirewallPolicyPropertiesFormat_ResourceState_STATUS Optional |
| tags | Resource tags. | map[string]string Optional |
| type | Resource type. | string Optional |
WebApplicationFirewallPolicyList
Generator information: - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-01-01/webapplicationfirewall.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | WebApplicationFirewallPolicy[] Optional |
ApplicationSecurityGroup_Spec
Used by: ApplicationSecurityGroup.
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| location | Resource location. | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | ApplicationSecurityGroupOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| tags | Resource tags. | map[string]string Optional |
ApplicationSecurityGroup_STATUS
An application security group in a resource group.
Used by: ApplicationSecurityGroup.
| Property | Description | Type |
|---|---|---|
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| etag | A unique read-only string that changes whenever the resource is updated. | string Optional |
| id | Resource ID. | string Optional |
| location | Resource location. | string Optional |
| name | Resource name. | string Optional |
| provisioningState | The provisioning state of the application security group resource. | ProvisioningState_STATUS Optional |
| resourceGuid | The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups. | string Optional |
| tags | Resource tags. | map[string]string Optional |
| type | Resource type. | string Optional |
WebApplicationFirewallPolicy_Spec
Used by: WebApplicationFirewallPolicy.
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| customRules | The custom rules inside the policy. | WebApplicationFirewallCustomRule[] Optional |
| location | Resource location. | string Optional |
| managedRules | Describes the managedRules structure. | ManagedRulesDefinition Required |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | WebApplicationFirewallPolicyOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| policySettings | The PolicySettings for policy. | PolicySettings Optional |
| tags | Resource tags. | map[string]string Optional |
WebApplicationFirewallPolicy_STATUS
Used by: WebApplicationFirewallPolicy.
| Property | Description | Type |
|---|---|---|
| applicationGateways | A collection of references to application gateways. | ApplicationGateway_STATUS_ApplicationGatewayWebApplicationFirewallPolicy_SubResourceEmbedded[] Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| customRules | The custom rules inside the policy. | WebApplicationFirewallCustomRule_STATUS[] Optional |
| etag | A unique read-only string that changes whenever the resource is updated. | string Optional |
| httpListeners | A collection of references to application gateway http listeners. | SubResource_STATUS[] Optional |
| id | Resource ID. | string Optional |
| location | Resource location. | string Optional |
| managedRules | Describes the managedRules structure. | ManagedRulesDefinition_STATUS Optional |
| name | Resource name. | string Optional |
| pathBasedRules | A collection of references to application gateway path rules. | SubResource_STATUS[] Optional |
| policySettings | The PolicySettings for policy. | PolicySettings_STATUS Optional |
| provisioningState | The provisioning state of the web application firewall policy resource. | ProvisioningState_STATUS Optional |
| resourceState | Resource status of the policy. | WebApplicationFirewallPolicyPropertiesFormat_ResourceState_STATUS Optional |
| tags | Resource tags. | map[string]string Optional |
| type | Resource type. | string Optional |
ApplicationGateway_STATUS_ApplicationGatewayWebApplicationFirewallPolicy_SubResourceEmbedded
Application gateway resource.
Used by: WebApplicationFirewallPolicy_STATUS.
| Property | Description | Type |
|---|---|---|
| id | Resource ID. | string Optional |
ApplicationSecurityGroupOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: ApplicationSecurityGroup_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
ManagedRulesDefinition
Allow to exclude some variable satisfy the condition for the WAF check.
Used by: WebApplicationFirewallPolicy_Spec.
| Property | Description | Type |
|---|---|---|
| exclusions | The Exclusions that are applied on the policy. | OwaspCrsExclusionEntry[] Optional |
| managedRuleSets | The managed rule sets that are associated with the policy. | ManagedRuleSet[] Required |
ManagedRulesDefinition_STATUS
Allow to exclude some variable satisfy the condition for the WAF check.
Used by: WebApplicationFirewallPolicy_STATUS.
| Property | Description | Type |
|---|---|---|
| exclusions | The Exclusions that are applied on the policy. | OwaspCrsExclusionEntry_STATUS[] Optional |
| managedRuleSets | The managed rule sets that are associated with the policy. | ManagedRuleSet_STATUS[] Optional |
PolicySettings
Defines contents of a web application firewall global configuration.
Used by: WebApplicationFirewallPolicy_Spec.
| Property | Description | Type |
|---|---|---|
| customBlockResponseBody | If the action type is block, customer can override the response body. The body must be specified in base64 encoding. | string Optional |
| customBlockResponseStatusCode | If the action type is block, customer can override the response status code. | int Optional |
| fileUploadEnforcement | Whether allow WAF to enforce file upload limits. | bool Optional |
| fileUploadLimitInMb | Maximum file upload size in Mb for WAF. | int Optional |
| jsChallengeCookieExpirationInMins | Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes. | int Optional |
| logScrubbing | To scrub sensitive log fields | PolicySettings_LogScrubbing Optional |
| maxRequestBodySizeInKb | Maximum request body size in Kb for WAF. | int Optional |
| mode | The mode of the policy. | PolicySettings_Mode Optional |
| requestBodyCheck | Whether to allow WAF to check request Body. | bool Optional |
| requestBodyEnforcement | Whether allow WAF to enforce request body limits. | bool Optional |
| requestBodyInspectLimitInKB | Max inspection limit in KB for request body inspection for WAF. | int Optional |
| state | The state of the policy. | PolicySettings_State Optional |
PolicySettings_STATUS
Defines contents of a web application firewall global configuration.
Used by: WebApplicationFirewallPolicy_STATUS.
| Property | Description | Type |
|---|---|---|
| customBlockResponseBody | If the action type is block, customer can override the response body. The body must be specified in base64 encoding. | string Optional |
| customBlockResponseStatusCode | If the action type is block, customer can override the response status code. | int Optional |
| fileUploadEnforcement | Whether allow WAF to enforce file upload limits. | bool Optional |
| fileUploadLimitInMb | Maximum file upload size in Mb for WAF. | int Optional |
| jsChallengeCookieExpirationInMins | Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes. | int Optional |
| logScrubbing | To scrub sensitive log fields | PolicySettings_LogScrubbing_STATUS Optional |
| maxRequestBodySizeInKb | Maximum request body size in Kb for WAF. | int Optional |
| mode | The mode of the policy. | PolicySettings_Mode_STATUS Optional |
| requestBodyCheck | Whether to allow WAF to check request Body. | bool Optional |
| requestBodyEnforcement | Whether allow WAF to enforce request body limits. | bool Optional |
| requestBodyInspectLimitInKB | Max inspection limit in KB for request body inspection for WAF. | int Optional |
| state | The state of the policy. | PolicySettings_State_STATUS Optional |
ProvisioningState_STATUS
The current provisioning state.
Used by: ApplicationSecurityGroup_STATUS, and WebApplicationFirewallPolicy_STATUS.
| Value | Description |
|---|---|
| “Deleting” | |
| “Failed” | |
| “Succeeded” | |
| “Updating” |
SubResource_STATUS
Reference to another subresource.
Used by: WebApplicationFirewallPolicy_STATUS, and WebApplicationFirewallPolicy_STATUS.
| Property | Description | Type |
|---|---|---|
| id | Resource ID. | string Optional |
WebApplicationFirewallCustomRule
Defines contents of a web application rule.
Used by: WebApplicationFirewallPolicy_Spec.
| Property | Description | Type |
|---|---|---|
| action | Type of Actions. | WebApplicationFirewallCustomRule_Action Required |
| groupByUserSession | List of user session identifier group by clauses. | GroupByUserSession[] Optional |
| matchConditions | List of match conditions. | MatchCondition[] Required |
| name | The name of the resource that is unique within a policy. This name can be used to access the resource. | string Optional |
| priority | Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. | int Required |
| rateLimitDuration | Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule. | WebApplicationFirewallCustomRule_RateLimitDuration Optional |
| rateLimitThreshold | Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1 | int Optional |
| ruleType | The rule type. | WebApplicationFirewallCustomRule_RuleType Required |
| state | Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified. | WebApplicationFirewallCustomRule_State Optional |
WebApplicationFirewallCustomRule_STATUS
Defines contents of a web application rule.
Used by: WebApplicationFirewallPolicy_STATUS.
| Property | Description | Type |
|---|---|---|
| action | Type of Actions. | WebApplicationFirewallCustomRule_Action_STATUS Optional |
| etag | A unique read-only string that changes whenever the resource is updated. | string Optional |
| groupByUserSession | List of user session identifier group by clauses. | GroupByUserSession_STATUS[] Optional |
| matchConditions | List of match conditions. | MatchCondition_STATUS[] Optional |
| name | The name of the resource that is unique within a policy. This name can be used to access the resource. | string Optional |
| priority | Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. | int Optional |
| rateLimitDuration | Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule. | WebApplicationFirewallCustomRule_RateLimitDuration_STATUS Optional |
| rateLimitThreshold | Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1 | int Optional |
| ruleType | The rule type. | WebApplicationFirewallCustomRule_RuleType_STATUS Optional |
| state | Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified. | WebApplicationFirewallCustomRule_State_STATUS Optional |
WebApplicationFirewallPolicyOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: WebApplicationFirewallPolicy_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
WebApplicationFirewallPolicyPropertiesFormat_ResourceState_STATUS
Used by: WebApplicationFirewallPolicy_STATUS.
| Value | Description |
|---|---|
| “Creating” | |
| “Deleting” | |
| “Disabled” | |
| “Disabling” | |
| “Enabled” | |
| “Enabling” |
GroupByUserSession
Define user session identifier group by clauses.
Used by: WebApplicationFirewallCustomRule.
| Property | Description | Type |
|---|---|---|
| groupByVariables | List of group by clause variables. | GroupByVariable[] Required |
GroupByUserSession_STATUS
Define user session identifier group by clauses.
Used by: WebApplicationFirewallCustomRule_STATUS.
| Property | Description | Type |
|---|---|---|
| groupByVariables | List of group by clause variables. | GroupByVariable_STATUS[] Optional |
ManagedRuleSet
Defines a managed rule set.
Used by: ManagedRulesDefinition.
| Property | Description | Type |
|---|---|---|
| ruleGroupOverrides | Defines the rule group overrides to apply to the rule set. | ManagedRuleGroupOverride[] Optional |
| ruleSetType | Defines the rule set type to use. | string Required |
| ruleSetVersion | Defines the version of the rule set to use. | string Required |
ManagedRuleSet_STATUS
Defines a managed rule set.
Used by: ManagedRulesDefinition_STATUS.
| Property | Description | Type |
|---|---|---|
| ruleGroupOverrides | Defines the rule group overrides to apply to the rule set. | ManagedRuleGroupOverride_STATUS[] Optional |
| ruleSetType | Defines the rule set type to use. | string Optional |
| ruleSetVersion | Defines the version of the rule set to use. | string Optional |
MatchCondition
Define match conditions.
Used by: WebApplicationFirewallCustomRule.
| Property | Description | Type |
|---|---|---|
| matchValues | Match value. | string[] Required |
| matchVariables | List of match variables. | MatchVariable[] Required |
| negationConditon | Whether this is negate condition or not. | bool Optional |
| operator | The operator to be matched. | MatchCondition_Operator Required |
| transforms | List of transforms. | Transform[] Optional |
MatchCondition_STATUS
Define match conditions.
Used by: WebApplicationFirewallCustomRule_STATUS.
| Property | Description | Type |
|---|---|---|
| matchValues | Match value. | string[] Optional |
| matchVariables | List of match variables. | MatchVariable_STATUS[] Optional |
| negationConditon | Whether this is negate condition or not. | bool Optional |
| operator | The operator to be matched. | MatchCondition_Operator_STATUS Optional |
| transforms | List of transforms. | Transform_STATUS[] Optional |
OwaspCrsExclusionEntry
Allow to exclude some variable satisfy the condition for the WAF check.
Used by: ManagedRulesDefinition.
| Property | Description | Type |
|---|---|---|
| exclusionManagedRuleSets | The managed rule sets that are associated with the exclusion. | ExclusionManagedRuleSet[] Optional |
| matchVariable | The variable to be excluded. | OwaspCrsExclusionEntry_MatchVariable Required |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. | string Required |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. | OwaspCrsExclusionEntry_SelectorMatchOperator Required |
OwaspCrsExclusionEntry_STATUS
Allow to exclude some variable satisfy the condition for the WAF check.
Used by: ManagedRulesDefinition_STATUS.
| Property | Description | Type |
|---|---|---|
| exclusionManagedRuleSets | The managed rule sets that are associated with the exclusion. | ExclusionManagedRuleSet_STATUS[] Optional |
| matchVariable | The variable to be excluded. | OwaspCrsExclusionEntry_MatchVariable_STATUS Optional |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to. | string Optional |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to. | OwaspCrsExclusionEntry_SelectorMatchOperator_STATUS Optional |
PolicySettings_LogScrubbing
Used by: PolicySettings.
| Property | Description | Type |
|---|---|---|
| scrubbingRules | The rules that are applied to the logs for scrubbing. | WebApplicationFirewallScrubbingRules[] Optional |
| state | State of the log scrubbing config. Default value is Enabled. | PolicySettings_LogScrubbing_State Optional |
PolicySettings_LogScrubbing_STATUS
Used by: PolicySettings_STATUS.
| Property | Description | Type |
|---|---|---|
| scrubbingRules | The rules that are applied to the logs for scrubbing. | WebApplicationFirewallScrubbingRules_STATUS[] Optional |
| state | State of the log scrubbing config. Default value is Enabled. | PolicySettings_LogScrubbing_State_STATUS Optional |
PolicySettings_Mode
Used by: PolicySettings.
| Value | Description |
|---|---|
| “Detection” | |
| “Prevention” |
PolicySettings_Mode_STATUS
Used by: PolicySettings_STATUS.
| Value | Description |
|---|---|
| “Detection” | |
| “Prevention” |
PolicySettings_State
Used by: PolicySettings.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
PolicySettings_State_STATUS
Used by: PolicySettings_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
WebApplicationFirewallCustomRule_Action
Used by: WebApplicationFirewallCustomRule.
| Value | Description |
|---|---|
| “Allow” | |
| “Block” | |
| “JSChallenge” | |
| “Log” |
WebApplicationFirewallCustomRule_Action_STATUS
Used by: WebApplicationFirewallCustomRule_STATUS.
| Value | Description |
|---|---|
| “Allow” | |
| “Block” | |
| “JSChallenge” | |
| “Log” |
WebApplicationFirewallCustomRule_RateLimitDuration
Used by: WebApplicationFirewallCustomRule.
| Value | Description |
|---|---|
| “FiveMins” | |
| “OneMin” |
WebApplicationFirewallCustomRule_RateLimitDuration_STATUS
Used by: WebApplicationFirewallCustomRule_STATUS.
| Value | Description |
|---|---|
| “FiveMins” | |
| “OneMin” |
WebApplicationFirewallCustomRule_RuleType
Used by: WebApplicationFirewallCustomRule.
| Value | Description |
|---|---|
| “Invalid” | |
| “MatchRule” | |
| “RateLimitRule” |
WebApplicationFirewallCustomRule_RuleType_STATUS
Used by: WebApplicationFirewallCustomRule_STATUS.
| Value | Description |
|---|---|
| “Invalid” | |
| “MatchRule” | |
| “RateLimitRule” |
WebApplicationFirewallCustomRule_State
Used by: WebApplicationFirewallCustomRule.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
WebApplicationFirewallCustomRule_State_STATUS
Used by: WebApplicationFirewallCustomRule_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
ExclusionManagedRuleSet
Defines a managed rule set for Exclusions.
Used by: OwaspCrsExclusionEntry.
| Property | Description | Type |
|---|---|---|
| ruleGroups | Defines the rule groups to apply to the rule set. | ExclusionManagedRuleGroup[] Optional |
| ruleSetType | Defines the rule set type to use. | string Required |
| ruleSetVersion | Defines the version of the rule set to use. | string Required |
ExclusionManagedRuleSet_STATUS
Defines a managed rule set for Exclusions.
Used by: OwaspCrsExclusionEntry_STATUS.
| Property | Description | Type |
|---|---|---|
| ruleGroups | Defines the rule groups to apply to the rule set. | ExclusionManagedRuleGroup_STATUS[] Optional |
| ruleSetType | Defines the rule set type to use. | string Optional |
| ruleSetVersion | Defines the version of the rule set to use. | string Optional |
GroupByVariable
Define user session group by clause variables.
Used by: GroupByUserSession.
| Property | Description | Type |
|---|---|---|
| variableName | User Session clause variable. | GroupByVariable_VariableName Required |
GroupByVariable_STATUS
Define user session group by clause variables.
Used by: GroupByUserSession_STATUS.
| Property | Description | Type |
|---|---|---|
| variableName | User Session clause variable. | GroupByVariable_VariableName_STATUS Optional |
ManagedRuleGroupOverride
Defines a managed rule group override setting.
Used by: ManagedRuleSet.
| Property | Description | Type |
|---|---|---|
| ruleGroupName | The managed rule group to override. | string Required |
| rules | List of rules that will be disabled. If none specified, all rules in the group will be disabled. | ManagedRuleOverride[] Optional |
ManagedRuleGroupOverride_STATUS
Defines a managed rule group override setting.
Used by: ManagedRuleSet_STATUS.
| Property | Description | Type |
|---|---|---|
| ruleGroupName | The managed rule group to override. | string Optional |
| rules | List of rules that will be disabled. If none specified, all rules in the group will be disabled. | ManagedRuleOverride_STATUS[] Optional |
MatchCondition_Operator
Used by: MatchCondition.
| Value | Description |
|---|---|
| “Any” | |
| “BeginsWith” | |
| “Contains” | |
| “EndsWith” | |
| “Equal” | |
| “GeoMatch” | |
| “GreaterThan” | |
| “GreaterThanOrEqual” | |
| “IPMatch” | |
| “LessThan” | |
| “LessThanOrEqual” | |
| “Regex” |
MatchCondition_Operator_STATUS
Used by: MatchCondition_STATUS.
| Value | Description |
|---|---|
| “Any” | |
| “BeginsWith” | |
| “Contains” | |
| “EndsWith” | |
| “Equal” | |
| “GeoMatch” | |
| “GreaterThan” | |
| “GreaterThanOrEqual” | |
| “IPMatch” | |
| “LessThan” | |
| “LessThanOrEqual” | |
| “Regex” |
MatchVariable
Define match variables.
Used by: MatchCondition.
| Property | Description | Type |
|---|---|---|
| selector | The selector of match variable. | string Optional |
| variableName | Match Variable. | MatchVariable_VariableName Required |
MatchVariable_STATUS
Define match variables.
Used by: MatchCondition_STATUS.
| Property | Description | Type |
|---|---|---|
| selector | The selector of match variable. | string Optional |
| variableName | Match Variable. | MatchVariable_VariableName_STATUS Optional |
OwaspCrsExclusionEntry_MatchVariable
Used by: OwaspCrsExclusionEntry.
| Value | Description |
|---|---|
| “RequestArgKeys” | |
| “RequestArgNames” | |
| “RequestArgValues” | |
| “RequestCookieKeys” | |
| “RequestCookieNames” | |
| “RequestCookieValues” | |
| “RequestHeaderKeys” | |
| “RequestHeaderNames” | |
| “RequestHeaderValues” |
OwaspCrsExclusionEntry_MatchVariable_STATUS
Used by: OwaspCrsExclusionEntry_STATUS.
| Value | Description |
|---|---|
| “RequestArgKeys” | |
| “RequestArgNames” | |
| “RequestArgValues” | |
| “RequestCookieKeys” | |
| “RequestCookieNames” | |
| “RequestCookieValues” | |
| “RequestHeaderKeys” | |
| “RequestHeaderNames” | |
| “RequestHeaderValues” |
OwaspCrsExclusionEntry_SelectorMatchOperator
Used by: OwaspCrsExclusionEntry.
| Value | Description |
|---|---|
| “Contains” | |
| “EndsWith” | |
| “Equals” | |
| “EqualsAny” | |
| “StartsWith” |
OwaspCrsExclusionEntry_SelectorMatchOperator_STATUS
Used by: OwaspCrsExclusionEntry_STATUS.
| Value | Description |
|---|---|
| “Contains” | |
| “EndsWith” | |
| “Equals” | |
| “EqualsAny” | |
| “StartsWith” |
PolicySettings_LogScrubbing_State
Used by: PolicySettings_LogScrubbing.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
PolicySettings_LogScrubbing_State_STATUS
Used by: PolicySettings_LogScrubbing_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
Transform
Transforms applied before matching.
Used by: MatchCondition.
| Value | Description |
|---|---|
| “HtmlEntityDecode” | |
| “Lowercase” | |
| “RemoveNulls” | |
| “Trim” | |
| “Uppercase” | |
| “UrlDecode” | |
| “UrlEncode” |
Transform_STATUS
Transforms applied before matching.
Used by: MatchCondition_STATUS.
| Value | Description |
|---|---|
| “HtmlEntityDecode” | |
| “Lowercase” | |
| “RemoveNulls” | |
| “Trim” | |
| “Uppercase” | |
| “UrlDecode” | |
| “UrlEncode” |
WebApplicationFirewallScrubbingRules
Allow certain variables to be scrubbed on WAF logs
Used by: PolicySettings_LogScrubbing.
| Property | Description | Type |
|---|---|---|
| matchVariable | The variable to be scrubbed from the logs. | WebApplicationFirewallScrubbingRules_MatchVariable Required |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. | string Optional |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. | WebApplicationFirewallScrubbingRules_SelectorMatchOperator Required |
| state | Defines the state of log scrubbing rule. Default value is Enabled. | WebApplicationFirewallScrubbingRules_State Optional |
WebApplicationFirewallScrubbingRules_STATUS
Allow certain variables to be scrubbed on WAF logs
Used by: PolicySettings_LogScrubbing_STATUS.
| Property | Description | Type |
|---|---|---|
| matchVariable | The variable to be scrubbed from the logs. | WebApplicationFirewallScrubbingRules_MatchVariable_STATUS Optional |
| selector | When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. | string Optional |
| selectorMatchOperator | When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to. | WebApplicationFirewallScrubbingRules_SelectorMatchOperator_STATUS Optional |
| state | Defines the state of log scrubbing rule. Default value is Enabled. | WebApplicationFirewallScrubbingRules_State_STATUS Optional |
ExclusionManagedRuleGroup
Defines a managed rule group to use for exclusion.
Used by: ExclusionManagedRuleSet.
| Property | Description | Type |
|---|---|---|
| ruleGroupName | The managed rule group for exclusion. | string Required |
| rules | List of rules that will be excluded. If none specified, all rules in the group will be excluded. | ExclusionManagedRule[] Optional |
ExclusionManagedRuleGroup_STATUS
Defines a managed rule group to use for exclusion.
Used by: ExclusionManagedRuleSet_STATUS.
| Property | Description | Type |
|---|---|---|
| ruleGroupName | The managed rule group for exclusion. | string Optional |
| rules | List of rules that will be excluded. If none specified, all rules in the group will be excluded. | ExclusionManagedRule_STATUS[] Optional |
GroupByVariable_VariableName
Used by: GroupByVariable.
| Value | Description |
|---|---|
| “ClientAddr” | |
| “GeoLocation” | |
| “None” |
GroupByVariable_VariableName_STATUS
Used by: GroupByVariable_STATUS.
| Value | Description |
|---|---|
| “ClientAddr” | |
| “GeoLocation” | |
| “None” |
ManagedRuleOverride
Defines a managed rule group override setting.
Used by: ManagedRuleGroupOverride.
| Property | Description | Type |
|---|---|---|
| action | Describes the override action to be applied when rule matches. | ActionType Optional |
| ruleId | Identifier for the managed rule. | string Required |
| state | The state of the managed rule. Defaults to Disabled if not specified. | ManagedRuleOverride_State Optional |
ManagedRuleOverride_STATUS
Defines a managed rule group override setting.
Used by: ManagedRuleGroupOverride_STATUS.
| Property | Description | Type |
|---|---|---|
| action | Describes the override action to be applied when rule matches. | ActionType_STATUS Optional |
| ruleId | Identifier for the managed rule. | string Optional |
| state | The state of the managed rule. Defaults to Disabled if not specified. | ManagedRuleOverride_State_STATUS Optional |
MatchVariable_VariableName
Used by: MatchVariable.
| Value | Description |
|---|---|
| “PostArgs” | |
| “QueryString” | |
| “RemoteAddr” | |
| “RequestBody” | |
| “RequestCookies” | |
| “RequestHeaders” | |
| “RequestMethod” | |
| “RequestUri” |
MatchVariable_VariableName_STATUS
Used by: MatchVariable_STATUS.
| Value | Description |
|---|---|
| “PostArgs” | |
| “QueryString” | |
| “RemoteAddr” | |
| “RequestBody” | |
| “RequestCookies” | |
| “RequestHeaders” | |
| “RequestMethod” | |
| “RequestUri” |
WebApplicationFirewallScrubbingRules_MatchVariable
Used by: WebApplicationFirewallScrubbingRules.
| Value | Description |
|---|---|
| “RequestArgNames” | |
| “RequestCookieNames” | |
| “RequestHeaderNames” | |
| “RequestIPAddress” | |
| “RequestJSONArgNames” | |
| “RequestPostArgNames” |
WebApplicationFirewallScrubbingRules_MatchVariable_STATUS
Used by: WebApplicationFirewallScrubbingRules_STATUS.
| Value | Description |
|---|---|
| “RequestArgNames” | |
| “RequestCookieNames” | |
| “RequestHeaderNames” | |
| “RequestIPAddress” | |
| “RequestJSONArgNames” | |
| “RequestPostArgNames” |
WebApplicationFirewallScrubbingRules_SelectorMatchOperator
Used by: WebApplicationFirewallScrubbingRules.
| Value | Description |
|---|---|
| “Equals” | |
| “EqualsAny” |
WebApplicationFirewallScrubbingRules_SelectorMatchOperator_STATUS
Used by: WebApplicationFirewallScrubbingRules_STATUS.
| Value | Description |
|---|---|
| “Equals” | |
| “EqualsAny” |
WebApplicationFirewallScrubbingRules_State
Used by: WebApplicationFirewallScrubbingRules.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
WebApplicationFirewallScrubbingRules_State_STATUS
Used by: WebApplicationFirewallScrubbingRules_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
ActionType
Defines the action to take on rule match.
Used by: ManagedRuleOverride.
| Value | Description |
|---|---|
| “Allow” | |
| “AnomalyScoring” | |
| “Block” | |
| “JSChallenge” | |
| “Log” |
ActionType_STATUS
Defines the action to take on rule match.
Used by: ManagedRuleOverride_STATUS.
| Value | Description |
|---|---|
| “Allow” | |
| “AnomalyScoring” | |
| “Block” | |
| “JSChallenge” | |
| “Log” |
ExclusionManagedRule
Defines a managed rule to use for exclusion.
Used by: ExclusionManagedRuleGroup.
| Property | Description | Type |
|---|---|---|
| ruleId | Identifier for the managed rule. | string Required |
ExclusionManagedRule_STATUS
Defines a managed rule to use for exclusion.
Used by: ExclusionManagedRuleGroup_STATUS.
| Property | Description | Type |
|---|---|---|
| ruleId | Identifier for the managed rule. | string Optional |
ManagedRuleOverride_State
Used by: ManagedRuleOverride.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
ManagedRuleOverride_State_STATUS
Used by: ManagedRuleOverride_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |