1. Packages
  2. Azure Classic
  3. API Docs
  4. frontdoor
  5. FirewallPolicy

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi


Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

    !> IMPORTANT This deploys an Azure Front Door (classic) resource which has been deprecated and will receive security updates only. Please migrate your existing Azure Front Door (classic) deployments to the new Azure Front Door (standard/premium) resources. For your convenience, the service team has exposed a Front Door Classic to Front Door Standard/Premium migration tool to allow you to migrate your existing Front Door Classic instances to the new Front Door Standard/Premium product tiers.

    Manages an Azure Front Door (classic) Web Application Firewall Policy instance.

    !> Be Aware: Azure is rolling out a breaking change on Friday 9th April 2021 which may cause issues with the CDN/FrontDoor resources. More information is available in this GitHub issue as the necessary changes are identified.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    const example = new azure.core.ResourceGroup("example", {
        name: "example-rg",
        location: "West Europe",
    const exampleFirewallPolicy = new azure.frontdoor.FirewallPolicy("example", {
        name: "examplefdwafpolicy",
        resourceGroupName: example.name,
        enabled: true,
        mode: "Prevention",
        redirectUrl: "https://www.contoso.com",
        customBlockResponseStatusCode: 403,
        customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        customRules: [
                name: "Rule1",
                enabled: true,
                priority: 1,
                rateLimitDurationInMinutes: 1,
                rateLimitThreshold: 10,
                type: "MatchRule",
                action: "Block",
                matchConditions: [{
                    matchVariable: "RemoteAddr",
                    operator: "IPMatch",
                    negationCondition: false,
                    matchValues: [
                name: "Rule2",
                enabled: true,
                priority: 2,
                rateLimitDurationInMinutes: 1,
                rateLimitThreshold: 10,
                type: "MatchRule",
                action: "Block",
                matchConditions: [
                        matchVariable: "RemoteAddr",
                        operator: "IPMatch",
                        negationCondition: false,
                        matchValues: [""],
                        matchVariable: "RequestHeader",
                        selector: "UserAgent",
                        operator: "Contains",
                        negationCondition: false,
                        matchValues: ["windows"],
                        transforms: [
        managedRules: [
                type: "DefaultRuleSet",
                version: "1.0",
                exclusions: [{
                    matchVariable: "QueryStringArgNames",
                    operator: "Equals",
                    selector: "not_suspicious",
                overrides: [
                        ruleGroupName: "PHP",
                        rules: [{
                            ruleId: "933100",
                            enabled: false,
                            action: "Block",
                        ruleGroupName: "SQLI",
                        exclusions: [{
                            matchVariable: "QueryStringArgNames",
                            operator: "Equals",
                            selector: "really_not_suspicious",
                        rules: [{
                            ruleId: "942200",
                            action: "Block",
                            exclusions: [{
                                matchVariable: "QueryStringArgNames",
                                operator: "Equals",
                                selector: "innocent",
                type: "Microsoft_BotManagerRuleSet",
                version: "1.0",
    import pulumi
    import pulumi_azure as azure
    example = azure.core.ResourceGroup("example",
        location="West Europe")
    example_firewall_policy = azure.frontdoor.FirewallPolicy("example",
    package main
    import (
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-rg"),
    			Location: pulumi.String("West Europe"),
    		if err != nil {
    			return err
    		_, err = frontdoor.NewFirewallPolicy(ctx, "example", &frontdoor.FirewallPolicyArgs{
    			Name:                          pulumi.String("examplefdwafpolicy"),
    			ResourceGroupName:             example.Name,
    			Enabled:                       pulumi.Bool(true),
    			Mode:                          pulumi.String("Prevention"),
    			RedirectUrl:                   pulumi.String("https://www.contoso.com"),
    			CustomBlockResponseStatusCode: pulumi.Int(403),
    			CustomBlockResponseBody:       pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
    			CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
    					Name:                       pulumi.String("Rule1"),
    					Enabled:                    pulumi.Bool(true),
    					Priority:                   pulumi.Int(1),
    					RateLimitDurationInMinutes: pulumi.Int(1),
    					RateLimitThreshold:         pulumi.Int(10),
    					Type:                       pulumi.String("MatchRule"),
    					Action:                     pulumi.String("Block"),
    					MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
    							MatchVariable:     pulumi.String("RemoteAddr"),
    							Operator:          pulumi.String("IPMatch"),
    							NegationCondition: pulumi.Bool(false),
    							MatchValues: pulumi.StringArray{
    					Name:                       pulumi.String("Rule2"),
    					Enabled:                    pulumi.Bool(true),
    					Priority:                   pulumi.Int(2),
    					RateLimitDurationInMinutes: pulumi.Int(1),
    					RateLimitThreshold:         pulumi.Int(10),
    					Type:                       pulumi.String("MatchRule"),
    					Action:                     pulumi.String("Block"),
    					MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
    							MatchVariable:     pulumi.String("RemoteAddr"),
    							Operator:          pulumi.String("IPMatch"),
    							NegationCondition: pulumi.Bool(false),
    							MatchValues: pulumi.StringArray{
    							MatchVariable:     pulumi.String("RequestHeader"),
    							Selector:          pulumi.String("UserAgent"),
    							Operator:          pulumi.String("Contains"),
    							NegationCondition: pulumi.Bool(false),
    							MatchValues: pulumi.StringArray{
    							Transforms: pulumi.StringArray{
    			ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
    					Type:    pulumi.String("DefaultRuleSet"),
    					Version: pulumi.String("1.0"),
    					Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
    							MatchVariable: pulumi.String("QueryStringArgNames"),
    							Operator:      pulumi.String("Equals"),
    							Selector:      pulumi.String("not_suspicious"),
    					Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
    							RuleGroupName: pulumi.String("PHP"),
    							Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
    									RuleId:  pulumi.String("933100"),
    									Enabled: pulumi.Bool(false),
    									Action:  pulumi.String("Block"),
    							RuleGroupName: pulumi.String("SQLI"),
    							Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
    									MatchVariable: pulumi.String("QueryStringArgNames"),
    									Operator:      pulumi.String("Equals"),
    									Selector:      pulumi.String("really_not_suspicious"),
    							Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
    									RuleId: pulumi.String("942200"),
    									Action: pulumi.String("Block"),
    									Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
    											MatchVariable: pulumi.String("QueryStringArgNames"),
    											Operator:      pulumi.String("Equals"),
    											Selector:      pulumi.String("innocent"),
    					Type:    pulumi.String("Microsoft_BotManagerRuleSet"),
    					Version: pulumi.String("1.0"),
    		if err != nil {
    			return err
    		return nil
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    return await Deployment.RunAsync(() => 
        var example = new Azure.Core.ResourceGroup("example", new()
            Name = "example-rg",
            Location = "West Europe",
        var exampleFirewallPolicy = new Azure.FrontDoor.FirewallPolicy("example", new()
            Name = "examplefdwafpolicy",
            ResourceGroupName = example.Name,
            Enabled = true,
            Mode = "Prevention",
            RedirectUrl = "https://www.contoso.com",
            CustomBlockResponseStatusCode = 403,
            CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
            CustomRules = new[]
                new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
                    Name = "Rule1",
                    Enabled = true,
                    Priority = 1,
                    RateLimitDurationInMinutes = 1,
                    RateLimitThreshold = 10,
                    Type = "MatchRule",
                    Action = "Block",
                    MatchConditions = new[]
                        new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                            MatchVariable = "RemoteAddr",
                            Operator = "IPMatch",
                            NegationCondition = false,
                            MatchValues = new[]
                new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
                    Name = "Rule2",
                    Enabled = true,
                    Priority = 2,
                    RateLimitDurationInMinutes = 1,
                    RateLimitThreshold = 10,
                    Type = "MatchRule",
                    Action = "Block",
                    MatchConditions = new[]
                        new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                            MatchVariable = "RemoteAddr",
                            Operator = "IPMatch",
                            NegationCondition = false,
                            MatchValues = new[]
                        new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                            MatchVariable = "RequestHeader",
                            Selector = "UserAgent",
                            Operator = "Contains",
                            NegationCondition = false,
                            MatchValues = new[]
                            Transforms = new[]
            ManagedRules = new[]
                new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
                    Type = "DefaultRuleSet",
                    Version = "1.0",
                    Exclusions = new[]
                        new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
                            MatchVariable = "QueryStringArgNames",
                            Operator = "Equals",
                            Selector = "not_suspicious",
                    Overrides = new[]
                        new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
                            RuleGroupName = "PHP",
                            Rules = new[]
                                new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
                                    RuleId = "933100",
                                    Enabled = false,
                                    Action = "Block",
                        new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
                            RuleGroupName = "SQLI",
                            Exclusions = new[]
                                new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
                                    MatchVariable = "QueryStringArgNames",
                                    Operator = "Equals",
                                    Selector = "really_not_suspicious",
                            Rules = new[]
                                new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
                                    RuleId = "942200",
                                    Action = "Block",
                                    Exclusions = new[]
                                        new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                            MatchVariable = "QueryStringArgNames",
                                            Operator = "Equals",
                                            Selector = "innocent",
                new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
                    Type = "Microsoft_BotManagerRuleSet",
                    Version = "1.0",
    package generated_program;
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.frontdoor.FirewallPolicy;
    import com.pulumi.azure.frontdoor.FirewallPolicyArgs;
    import com.pulumi.azure.frontdoor.inputs.FirewallPolicyCustomRuleArgs;
    import com.pulumi.azure.frontdoor.inputs.FirewallPolicyManagedRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    public class App {
        public static void main(String[] args) {
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .location("West Europe")
            var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
        type: azure:core:ResourceGroup
          name: example-rg
          location: West Europe
        type: azure:frontdoor:FirewallPolicy
        name: example
          name: examplefdwafpolicy
          resourceGroupName: ${example.name}
          enabled: true
          mode: Prevention
          redirectUrl: https://www.contoso.com
          customBlockResponseStatusCode: 403
          customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
            - name: Rule1
              enabled: true
              priority: 1
              rateLimitDurationInMinutes: 1
              rateLimitThreshold: 10
              type: MatchRule
              action: Block
                - matchVariable: RemoteAddr
                  operator: IPMatch
                  negationCondition: false
            - name: Rule2
              enabled: true
              priority: 2
              rateLimitDurationInMinutes: 1
              rateLimitThreshold: 10
              type: MatchRule
              action: Block
                - matchVariable: RemoteAddr
                  operator: IPMatch
                  negationCondition: false
                - matchVariable: RequestHeader
                  selector: UserAgent
                  operator: Contains
                  negationCondition: false
                    - windows
                    - Lowercase
                    - Trim
            - type: DefaultRuleSet
              version: '1.0'
                - matchVariable: QueryStringArgNames
                  operator: Equals
                  selector: not_suspicious
                - ruleGroupName: PHP
                    - ruleId: '933100'
                      enabled: false
                      action: Block
                - ruleGroupName: SQLI
                    - matchVariable: QueryStringArgNames
                      operator: Equals
                      selector: really_not_suspicious
                    - ruleId: '942200'
                      action: Block
                        - matchVariable: QueryStringArgNames
                          operator: Equals
                          selector: innocent
            - type: Microsoft_BotManagerRuleSet
              version: '1.0'

    Create FirewallPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
    def FirewallPolicy(resource_name: str,
                       args: FirewallPolicyArgs,
                       opts: Optional[ResourceOptions] = None)
    def FirewallPolicy(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       resource_group_name: Optional[str] = None,
                       custom_block_response_body: Optional[str] = None,
                       custom_block_response_status_code: Optional[int] = None,
                       custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
                       enabled: Optional[bool] = None,
                       managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
                       mode: Optional[str] = None,
                       name: Optional[str] = None,
                       redirect_url: Optional[str] = None,
                       tags: Optional[Mapping[str, str]] = None)
    func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
    public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
    public FirewallPolicy(String name, FirewallPolicyArgs args)
    public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
    type: azure:frontdoor:FirewallPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.


    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallPolicyResource = new Azure.FrontDoor.FirewallPolicy("firewallPolicyResource", new()
        ResourceGroupName = "string",
        CustomBlockResponseBody = "string",
        CustomBlockResponseStatusCode = 0,
        CustomRules = new[]
            new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
                Action = "string",
                Name = "string",
                Type = "string",
                Enabled = false,
                MatchConditions = new[]
                    new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
                        MatchValues = new[]
                        MatchVariable = "string",
                        Operator = "string",
                        NegationCondition = false,
                        Selector = "string",
                        Transforms = new[]
                Priority = 0,
                RateLimitDurationInMinutes = 0,
                RateLimitThreshold = 0,
        Enabled = false,
        ManagedRules = new[]
            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
                Type = "string",
                Version = "string",
                Exclusions = new[]
                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
                        MatchVariable = "string",
                        Operator = "string",
                        Selector = "string",
                Overrides = new[]
                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
                        RuleGroupName = "string",
                        Exclusions = new[]
                            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
                                MatchVariable = "string",
                                Operator = "string",
                                Selector = "string",
                        Rules = new[]
                            new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
                                Action = "string",
                                RuleId = "string",
                                Enabled = false,
                                Exclusions = new[]
                                    new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
                                        MatchVariable = "string",
                                        Operator = "string",
                                        Selector = "string",
        Mode = "string",
        Name = "string",
        RedirectUrl = "string",
        Tags = 
            { "string", "string" },
    example, err := frontdoor.NewFirewallPolicy(ctx, "firewallPolicyResource", &frontdoor.FirewallPolicyArgs{
    	ResourceGroupName:             pulumi.String("string"),
    	CustomBlockResponseBody:       pulumi.String("string"),
    	CustomBlockResponseStatusCode: pulumi.Int(0),
    	CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
    			Action:  pulumi.String("string"),
    			Name:    pulumi.String("string"),
    			Type:    pulumi.String("string"),
    			Enabled: pulumi.Bool(false),
    			MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
    					MatchValues: pulumi.StringArray{
    					MatchVariable:     pulumi.String("string"),
    					Operator:          pulumi.String("string"),
    					NegationCondition: pulumi.Bool(false),
    					Selector:          pulumi.String("string"),
    					Transforms: pulumi.StringArray{
    			Priority:                   pulumi.Int(0),
    			RateLimitDurationInMinutes: pulumi.Int(0),
    			RateLimitThreshold:         pulumi.Int(0),
    	Enabled: pulumi.Bool(false),
    	ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
    			Type:    pulumi.String("string"),
    			Version: pulumi.String("string"),
    			Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
    					MatchVariable: pulumi.String("string"),
    					Operator:      pulumi.String("string"),
    					Selector:      pulumi.String("string"),
    			Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
    					RuleGroupName: pulumi.String("string"),
    					Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
    							MatchVariable: pulumi.String("string"),
    							Operator:      pulumi.String("string"),
    							Selector:      pulumi.String("string"),
    					Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
    							Action:  pulumi.String("string"),
    							RuleId:  pulumi.String("string"),
    							Enabled: pulumi.Bool(false),
    							Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
    									MatchVariable: pulumi.String("string"),
    									Operator:      pulumi.String("string"),
    									Selector:      pulumi.String("string"),
    	Mode:        pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	RedirectUrl: pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    var firewallPolicyResource = new FirewallPolicy("firewallPolicyResource", FirewallPolicyArgs.builder()
        .tags(Map.of("string", "string"))
    firewall_policy_resource = azure.frontdoor.FirewallPolicy("firewallPolicyResource",
            "string": "string",
    const firewallPolicyResource = new azure.frontdoor.FirewallPolicy("firewallPolicyResource", {
        resourceGroupName: "string",
        customBlockResponseBody: "string",
        customBlockResponseStatusCode: 0,
        customRules: [{
            action: "string",
            name: "string",
            type: "string",
            enabled: false,
            matchConditions: [{
                matchValues: ["string"],
                matchVariable: "string",
                operator: "string",
                negationCondition: false,
                selector: "string",
                transforms: ["string"],
            priority: 0,
            rateLimitDurationInMinutes: 0,
            rateLimitThreshold: 0,
        enabled: false,
        managedRules: [{
            type: "string",
            version: "string",
            exclusions: [{
                matchVariable: "string",
                operator: "string",
                selector: "string",
            overrides: [{
                ruleGroupName: "string",
                exclusions: [{
                    matchVariable: "string",
                    operator: "string",
                    selector: "string",
                rules: [{
                    action: "string",
                    ruleId: "string",
                    enabled: false,
                    exclusions: [{
                        matchVariable: "string",
                        operator: "string",
                        selector: "string",
        mode: "string",
        name: "string",
        redirectUrl: "string",
        tags: {
            string: "string",
    type: azure:frontdoor:FirewallPolicy
        customBlockResponseBody: string
        customBlockResponseStatusCode: 0
            - action: string
              enabled: false
                - matchValues:
                    - string
                  matchVariable: string
                  negationCondition: false
                  operator: string
                  selector: string
                    - string
              name: string
              priority: 0
              rateLimitDurationInMinutes: 0
              rateLimitThreshold: 0
              type: string
        enabled: false
            - exclusions:
                - matchVariable: string
                  operator: string
                  selector: string
                - exclusions:
                    - matchVariable: string
                      operator: string
                      selector: string
                  ruleGroupName: string
                    - action: string
                      enabled: false
                        - matchVariable: string
                          operator: string
                          selector: string
                      ruleId: string
              type: string
              version: string
        mode: string
        name: string
        redirectUrl: string
        resourceGroupName: string
            string: string

    FirewallPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.


    The FirewallPolicy resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules List<FirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the policy a enabled state or disabled state. Defaults to true.
    ManagedRules List<FirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    Mode string
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the Web Application Firewall Policy.
    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules []FirewallPolicyCustomRuleArgs
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the policy a enabled state or disabled state. Defaults to true.
    ManagedRules []FirewallPolicyManagedRuleArgs
    One or more managed_rule blocks as defined below.
    Mode string
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    Tags map[string]string
    A mapping of tags to assign to the Web Application Firewall Policy.
    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Integer
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<FirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the policy a enabled state or disabled state. Defaults to true.
    managedRules List<FirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    mode String
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    tags Map<String,String>
    A mapping of tags to assign to the Web Application Firewall Policy.
    resourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    customBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules FirewallPolicyCustomRule[]
    One or more custom_rule blocks as defined below.
    enabled boolean
    Is the policy a enabled state or disabled state. Defaults to true.
    managedRules FirewallPolicyManagedRule[]
    One or more managed_rule blocks as defined below.
    mode string
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name string
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    tags {[key: string]: string}
    A mapping of tags to assign to the Web Application Firewall Policy.
    resource_group_name str
    The name of the resource group. Changing this forces a new resource to be created.
    custom_block_response_body str
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    custom_block_response_status_code int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    custom_rules Sequence[FirewallPolicyCustomRuleArgs]
    One or more custom_rule blocks as defined below.
    enabled bool
    Is the policy a enabled state or disabled state. Defaults to true.
    managed_rules Sequence[FirewallPolicyManagedRuleArgs]
    One or more managed_rule blocks as defined below.
    mode str
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name str
    The name of the policy. Changing this forces a new resource to be created.
    redirect_url str
    If action type is redirect, this field represents redirect URL for the client.
    tags Mapping[str, str]
    A mapping of tags to assign to the Web Application Firewall Policy.
    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<Property Map>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the policy a enabled state or disabled state. Defaults to true.
    managedRules List<Property Map>
    One or more managed_rule blocks as defined below.
    mode String
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    tags Map<String>
    A mapping of tags to assign to the Web Application Firewall Policy.


    All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

    FrontendEndpointIds List<string>
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    Location string
    The Azure Region where this Front Door Firewall Policy exists.
    FrontendEndpointIds []string
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    Location string
    The Azure Region where this Front Door Firewall Policy exists.
    frontendEndpointIds List<String>
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    id String
    The provider-assigned unique ID for this managed resource.
    location String
    The Azure Region where this Front Door Firewall Policy exists.
    frontendEndpointIds string[]
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    id string
    The provider-assigned unique ID for this managed resource.
    location string
    The Azure Region where this Front Door Firewall Policy exists.
    frontend_endpoint_ids Sequence[str]
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    id str
    The provider-assigned unique ID for this managed resource.
    location str
    The Azure Region where this Front Door Firewall Policy exists.
    frontendEndpointIds List<String>
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    id String
    The provider-assigned unique ID for this managed resource.
    location String
    The Azure Region where this Front Door Firewall Policy exists.

    Look up Existing FirewallPolicy Resource

    Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            custom_block_response_body: Optional[str] = None,
            custom_block_response_status_code: Optional[int] = None,
            custom_rules: Optional[Sequence[FirewallPolicyCustomRuleArgs]] = None,
            enabled: Optional[bool] = None,
            frontend_endpoint_ids: Optional[Sequence[str]] = None,
            location: Optional[str] = None,
            managed_rules: Optional[Sequence[FirewallPolicyManagedRuleArgs]] = None,
            mode: Optional[str] = None,
            name: Optional[str] = None,
            redirect_url: Optional[str] = None,
            resource_group_name: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None) -> FirewallPolicy
    func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
    public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
    public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules List<FirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the policy a enabled state or disabled state. Defaults to true.
    FrontendEndpointIds List<string>
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    Location string
    The Azure Region where this Front Door Firewall Policy exists.
    ManagedRules List<FirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    Mode string
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the Web Application Firewall Policy.
    CustomBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    CustomBlockResponseStatusCode int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    CustomRules []FirewallPolicyCustomRuleArgs
    One or more custom_rule blocks as defined below.
    Enabled bool
    Is the policy a enabled state or disabled state. Defaults to true.
    FrontendEndpointIds []string
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    Location string
    The Azure Region where this Front Door Firewall Policy exists.
    ManagedRules []FirewallPolicyManagedRuleArgs
    One or more managed_rule blocks as defined below.
    Mode string
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    Name string
    The name of the policy. Changing this forces a new resource to be created.
    RedirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    ResourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    Tags map[string]string
    A mapping of tags to assign to the Web Application Firewall Policy.
    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Integer
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<FirewallPolicyCustomRule>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the policy a enabled state or disabled state. Defaults to true.
    frontendEndpointIds List<String>
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    location String
    The Azure Region where this Front Door Firewall Policy exists.
    managedRules List<FirewallPolicyManagedRule>
    One or more managed_rule blocks as defined below.
    mode String
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    tags Map<String,String>
    A mapping of tags to assign to the Web Application Firewall Policy.
    customBlockResponseBody string
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules FirewallPolicyCustomRule[]
    One or more custom_rule blocks as defined below.
    enabled boolean
    Is the policy a enabled state or disabled state. Defaults to true.
    frontendEndpointIds string[]
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    location string
    The Azure Region where this Front Door Firewall Policy exists.
    managedRules FirewallPolicyManagedRule[]
    One or more managed_rule blocks as defined below.
    mode string
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name string
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl string
    If action type is redirect, this field represents redirect URL for the client.
    resourceGroupName string
    The name of the resource group. Changing this forces a new resource to be created.
    tags {[key: string]: string}
    A mapping of tags to assign to the Web Application Firewall Policy.
    custom_block_response_body str
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    custom_block_response_status_code int
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    custom_rules Sequence[FirewallPolicyCustomRuleArgs]
    One or more custom_rule blocks as defined below.
    enabled bool
    Is the policy a enabled state or disabled state. Defaults to true.
    frontend_endpoint_ids Sequence[str]
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    location str
    The Azure Region where this Front Door Firewall Policy exists.
    managed_rules Sequence[FirewallPolicyManagedRuleArgs]
    One or more managed_rule blocks as defined below.
    mode str
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name str
    The name of the policy. Changing this forces a new resource to be created.
    redirect_url str
    If action type is redirect, this field represents redirect URL for the client.
    resource_group_name str
    The name of the resource group. Changing this forces a new resource to be created.
    tags Mapping[str, str]
    A mapping of tags to assign to the Web Application Firewall Policy.
    customBlockResponseBody String
    If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.
    customBlockResponseStatusCode Number
    If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.
    customRules List<Property Map>
    One or more custom_rule blocks as defined below.
    enabled Boolean
    Is the policy a enabled state or disabled state. Defaults to true.
    frontendEndpointIds List<String>
    The Frontend Endpoints associated with this Front Door Web Application Firewall policy.
    location String
    The Azure Region where this Front Door Firewall Policy exists.
    managedRules List<Property Map>
    One or more managed_rule blocks as defined below.
    mode String
    The firewall policy mode. Possible values are Detection, Prevention. Defaults to Prevention.
    name String
    The name of the policy. Changing this forces a new resource to be created.
    redirectUrl String
    If action type is redirect, this field represents redirect URL for the client.
    resourceGroupName String
    The name of the resource group. Changing this forces a new resource to be created.
    tags Map<String>
    A mapping of tags to assign to the Web Application Firewall Policy.

    Supporting Types

    FirewallPolicyCustomRule, FirewallPolicyCustomRuleArgs

    Action string
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    Name string
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    Type string
    The type of rule. Possible values are MatchRule or RateLimitRule.
    Enabled bool
    Is the rule is enabled or disabled? Defaults to true.
    MatchConditions List<FirewallPolicyCustomRuleMatchCondition>
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    Priority int
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    RateLimitDurationInMinutes int
    The rate limit duration in minutes. Defaults to 1.
    RateLimitThreshold int
    The rate limit threshold. Defaults to 10.
    Action string
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    Name string
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    Type string
    The type of rule. Possible values are MatchRule or RateLimitRule.
    Enabled bool
    Is the rule is enabled or disabled? Defaults to true.
    MatchConditions []FirewallPolicyCustomRuleMatchCondition
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    Priority int
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    RateLimitDurationInMinutes int
    The rate limit duration in minutes. Defaults to 1.
    RateLimitThreshold int
    The rate limit threshold. Defaults to 10.
    action String
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name String
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type String
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled Boolean
    Is the rule is enabled or disabled? Defaults to true.
    matchConditions List<FirewallPolicyCustomRuleMatchCondition>
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority Integer
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rateLimitDurationInMinutes Integer
    The rate limit duration in minutes. Defaults to 1.
    rateLimitThreshold Integer
    The rate limit threshold. Defaults to 10.
    action string
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name string
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type string
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled boolean
    Is the rule is enabled or disabled? Defaults to true.
    matchConditions FirewallPolicyCustomRuleMatchCondition[]
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority number
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rateLimitDurationInMinutes number
    The rate limit duration in minutes. Defaults to 1.
    rateLimitThreshold number
    The rate limit threshold. Defaults to 10.
    action str
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name str
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type str
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled bool
    Is the rule is enabled or disabled? Defaults to true.
    match_conditions Sequence[FirewallPolicyCustomRuleMatchCondition]
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority int
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rate_limit_duration_in_minutes int
    The rate limit duration in minutes. Defaults to 1.
    rate_limit_threshold int
    The rate limit threshold. Defaults to 10.
    action String
    The action to perform when the rule is matched. Possible values are Allow, Block, Log, or Redirect.
    name String
    Gets name of the resource that is unique within a policy. This name can be used to access the resource.
    type String
    The type of rule. Possible values are MatchRule or RateLimitRule.
    enabled Boolean
    Is the rule is enabled or disabled? Defaults to true.
    matchConditions List<Property Map>
    One or more match_condition block defined below. Can support up to 10 match_condition blocks.
    priority Number
    The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to 1.
    rateLimitDurationInMinutes Number
    The rate limit duration in minutes. Defaults to 1.
    rateLimitThreshold Number
    The rate limit threshold. Defaults to 10.

    FirewallPolicyCustomRuleMatchCondition, FirewallPolicyCustomRuleMatchConditionArgs

    MatchValues List<string>
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
    MatchVariable string
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    Operator string
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    NegationCondition bool
    Should the result of the condition be negated.
    Selector string
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    Transforms List<string>
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.
    MatchValues []string
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
    MatchVariable string
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    Operator string
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    NegationCondition bool
    Should the result of the condition be negated.
    Selector string
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    Transforms []string
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.
    matchValues List<String>
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
    matchVariable String
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator String
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negationCondition Boolean
    Should the result of the condition be negated.
    selector String
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms List<String>
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.
    matchValues string[]
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
    matchVariable string
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator string
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negationCondition boolean
    Should the result of the condition be negated.
    selector string
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms string[]
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.
    match_values Sequence[str]
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
    match_variable str
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator str
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negation_condition bool
    Should the result of the condition be negated.
    selector str
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms Sequence[str]
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.
    matchValues List<String>
    Up to 600 possible values to match. Limit is in total across all match_condition blocks and match_values arguments. String value itself can be up to 256 characters long.
    matchVariable String
    The request variable to compare with. Possible values are Cookies, PostArgs, QueryString, RemoteAddr, RequestBody, RequestHeader, RequestMethod, RequestUri, or SocketAddr.
    operator String
    Comparison type to use for matching with the variable value. Possible values are Any, BeginsWith, Contains, EndsWith, Equal, GeoMatch, GreaterThan, GreaterThanOrEqual, IPMatch, LessThan, LessThanOrEqual or RegEx.
    negationCondition Boolean
    Should the result of the condition be negated.
    selector String
    Match against a specific key if the match_variable is QueryString, PostArgs, RequestHeader or Cookies.
    transforms List<String>
    Up to 5 transforms to apply. Possible values are Lowercase, RemoveNulls, Trim, Uppercase, URLDecode orURLEncode.

    FirewallPolicyManagedRule, FirewallPolicyManagedRuleArgs

    Type string
    The name of the managed rule to use with this resource.
    Version string
    The version on the managed rule to use with this resource.
    Exclusions List<FirewallPolicyManagedRuleExclusion>
    One or more exclusion blocks as defined below.
    Overrides List<FirewallPolicyManagedRuleOverride>
    One or more override blocks as defined below.
    Type string
    The name of the managed rule to use with this resource.
    Version string
    The version on the managed rule to use with this resource.
    Exclusions []FirewallPolicyManagedRuleExclusion
    One or more exclusion blocks as defined below.
    Overrides []FirewallPolicyManagedRuleOverride
    One or more override blocks as defined below.
    type String
    The name of the managed rule to use with this resource.
    version String
    The version on the managed rule to use with this resource.
    exclusions List<FirewallPolicyManagedRuleExclusion>
    One or more exclusion blocks as defined below.
    overrides List<FirewallPolicyManagedRuleOverride>
    One or more override blocks as defined below.
    type string
    The name of the managed rule to use with this resource.
    version string
    The version on the managed rule to use with this resource.
    exclusions FirewallPolicyManagedRuleExclusion[]
    One or more exclusion blocks as defined below.
    overrides FirewallPolicyManagedRuleOverride[]
    One or more override blocks as defined below.
    type str
    The name of the managed rule to use with this resource.
    version str
    The version on the managed rule to use with this resource.
    exclusions Sequence[FirewallPolicyManagedRuleExclusion]
    One or more exclusion blocks as defined below.
    overrides Sequence[FirewallPolicyManagedRuleOverride]
    One or more override blocks as defined below.
    type String
    The name of the managed rule to use with this resource.
    version String
    The version on the managed rule to use with this resource.
    exclusions List<Property Map>
    One or more exclusion blocks as defined below.
    overrides List<Property Map>
    One or more override blocks as defined below.

    FirewallPolicyManagedRuleExclusion, FirewallPolicyManagedRuleExclusionArgs

    MatchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    MatchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable String
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    match_variable str
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector str
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable String
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String
    Selector for the value in the match_variable attribute this exclusion applies to.

    FirewallPolicyManagedRuleOverride, FirewallPolicyManagedRuleOverrideArgs

    RuleGroupName string
    The managed rule group to override.
    Exclusions List<FirewallPolicyManagedRuleOverrideExclusion>
    One or more exclusion blocks as defined below.
    Rules List<FirewallPolicyManagedRuleOverrideRule>
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    RuleGroupName string
    The managed rule group to override.
    Exclusions []FirewallPolicyManagedRuleOverrideExclusion
    One or more exclusion blocks as defined below.
    Rules []FirewallPolicyManagedRuleOverrideRule
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    ruleGroupName String
    The managed rule group to override.
    exclusions List<FirewallPolicyManagedRuleOverrideExclusion>
    One or more exclusion blocks as defined below.
    rules List<FirewallPolicyManagedRuleOverrideRule>
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    ruleGroupName string
    The managed rule group to override.
    exclusions FirewallPolicyManagedRuleOverrideExclusion[]
    One or more exclusion blocks as defined below.
    rules FirewallPolicyManagedRuleOverrideRule[]
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    rule_group_name str
    The managed rule group to override.
    exclusions Sequence[FirewallPolicyManagedRuleOverrideExclusion]
    One or more exclusion blocks as defined below.
    rules Sequence[FirewallPolicyManagedRuleOverrideRule]
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.
    ruleGroupName String
    The managed rule group to override.
    exclusions List<Property Map>
    One or more exclusion blocks as defined below.
    rules List<Property Map>
    One or more rule blocks as defined below. If none are specified, all of the rules in the group will be disabled.

    FirewallPolicyManagedRuleOverrideExclusion, FirewallPolicyManagedRuleOverrideExclusionArgs

    MatchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    MatchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable String
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    match_variable str
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector str
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable String
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String
    Selector for the value in the match_variable attribute this exclusion applies to.

    FirewallPolicyManagedRuleOverrideRule, FirewallPolicyManagedRuleOverrideRuleArgs

    Action string
    The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
    RuleId string
    Identifier for the managed rule.
    Enabled bool
    Is the managed rule override enabled or disabled. Defaults to false
    Exclusions List<FirewallPolicyManagedRuleOverrideRuleExclusion>
    One or more exclusion blocks as defined below.
    Action string
    The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
    RuleId string
    Identifier for the managed rule.
    Enabled bool
    Is the managed rule override enabled or disabled. Defaults to false
    Exclusions []FirewallPolicyManagedRuleOverrideRuleExclusion
    One or more exclusion blocks as defined below.
    action String
    The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
    ruleId String
    Identifier for the managed rule.
    enabled Boolean
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions List<FirewallPolicyManagedRuleOverrideRuleExclusion>
    One or more exclusion blocks as defined below.
    action string
    The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
    ruleId string
    Identifier for the managed rule.
    enabled boolean
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions FirewallPolicyManagedRuleOverrideRuleExclusion[]
    One or more exclusion blocks as defined below.
    action str
    The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
    rule_id str
    Identifier for the managed rule.
    enabled bool
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions Sequence[FirewallPolicyManagedRuleOverrideRuleExclusion]
    One or more exclusion blocks as defined below.
    action String
    The action to be applied when the rule matches. Possible values are Allow, Block, Log, or Redirect.
    ruleId String
    Identifier for the managed rule.
    enabled Boolean
    Is the managed rule override enabled or disabled. Defaults to false
    exclusions List<Property Map>
    One or more exclusion blocks as defined below.

    FirewallPolicyManagedRuleOverrideRuleExclusion, FirewallPolicyManagedRuleOverrideRuleExclusionArgs

    MatchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    MatchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    Operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    Selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable String
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable string
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator string
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector string
    Selector for the value in the match_variable attribute this exclusion applies to.
    match_variable str
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator str
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector str
    Selector for the value in the match_variable attribute this exclusion applies to.
    matchVariable String
    The variable type to be excluded. Possible values are QueryStringArgNames, RequestBodyPostArgNames, RequestCookieNames, RequestHeaderNames.
    operator String
    Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: Equals, Contains, StartsWith, EndsWith, EqualsAny.
    selector String
    Selector for the value in the match_variable attribute this exclusion applies to.


    FrontDoor Web Application Firewall Policy can be imported using the resource id, e.g.

    $ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicy

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Azure Classic pulumi/pulumi-azure
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi