Tutorial: Configure your rules engine

This tutorial shows how to create a Rules engine configuration and your first rule in both Azure portal and CLI.

In this tutorial, you learn how to:

  • Configure Rules Engine using the portal.
  • Configure Rules Engine using Azure CLI.

Prerequisites

Configure Rules Engine in Azure portal

  1. Within your Azure Front Door (classic) resource, select Rule Engine configuration from under Settings on the left side menu pane. Select + Add, give your configuration a name, and start creating your first Rules Engine configuration.

    Screenshot of the rules engine configuration from the Azure Front Door overview page.

  2. Enter a name for your first rule. Then select + Add condition or + Add action to define your rule.

    Note

    • To delete a condition or action from a rule, use the trash can icon on the right-hand side of the specific condition or action.
    • To create a rule that applies to all incoming traffic, do not specify any conditions.
    • To stop evaluating rules once the first match condition is met, check Stop evaluating remaining rule. If this is checked and all of the match conditions of a particular rule are met, then the remaining rules in the configuration will not be executed.
    • All paths in the rules engine configuration are case sensitive.
    • Header names should adhere to RFC 7230.

    Screenshot of the rules engine configuration page with a single rule.

  3. Determine the priority of the rules within your configuration by using the Move up, Move down, and Move to top buttons. The priority is in ascending order, meaning the rule first listed is the most important rule.

    Tip

    If you want to verify when the changes are propagated to Azure Front Door (classic), you can create a custom response header in the rule using the the following example. You can add a response header _X-<RuleName>-Version_ and change the value each time the rule is updated.

    Screenshot of custom version header rule. After the changes are updated, you can go to the URL to confirm the rule version being invoked: Screenshot of custom header version output.

  4. Once you create one or more rules, select Save. This action creates your rules engine configuration.

  5. Once you create a rules engine configuration, you can associate the configuration with a routing rule. A single configuration can be applied to multiple routing rules, but a routing rule can only have one rules engine configuration. To associate the configuration, go to the Azure Front Door (classic) designer and select a Route. Then select the Rules engine configuration to associate with the routing rule.

    Screenshot of rules engine configuration associate from the routing rule page.

Configure Rules Engine in Azure CLI

  1. Install the Azure CLI and add the "front-door" extension:

    az extension add --name front-door
    

    Sign in and switch to your subscription:

    az account set --subscription <name_or_Id>
    
  2. Create a Rules Engine with one rule, including a header-based action and a match condition:

    az network front-door rules-engine rule create -f {front_door} -g {resource_group} --rules-engine-name {rules_engine} --name {rule1} --priority 1 --action-type RequestHeader --header-action Overwrite --header-name Rewrite --header-value True --match-variable RequestFilenameExtension --operator Contains --match-values jpg png --transforms Lowercase
    
  3. List all the rules:

    az network front-door rules-engine rule list -f {front_door} -g {rg} --name {rules_engine}
    
  4. Add a forwarding route override action:

    az network front-door rules-engine rule action add -f {front_door} -g {rg} --rules-engine-name {rules_engine} --name {rule1} --action-type ForwardRouteOverride --backend-pool {backend_pool_name} --caching Disabled
    
  5. List all the actions in a rule:

    az network front-door rules-engine rule action list -f {front_door} -g {rg} -r {rules_engine} --name {rule1}
    
  6. Link a rules engine configuration to a routing rule:

    az network front-door routing-rule update -g {rg} -f {front_door} -n {routing_rule_name} --rules-engine {rules_engine}
    
  7. Unlink the rules engine:

    az network front-door routing-rule update -g {rg} -f {front_door} -n {routing_rule_name} --remove rulesEngine
    

For more information, see the full list of Azure Front Door (classic) Rules engine commands.

Clean up resources

To remove the Rules Engine configuration from your Front Door (classic):

  1. Disassociate any routing rules from the rule engine configuration by selecting the three dots next to the rule engine name and selecting Associate routing rule:

    Screenshot of the associate routing rules from the menu.

  2. Uncheck all routing rules associated with this Rule Engine configuration and select Save:

    Routing rule association

  3. Delete the Rule Engine configuration from your Front Door:

    Delete Rule Engine configuration

Next steps

In this tutorial, you learned how to:

  • Create a Rule engine configuration
  • Associate a configuration to a routing rule.

To learn how to add security headers with Rule engine, continue to the next tutorial.