az network application-gateway waf-policy managed-rule rule-set
Manage managed rule set of managed rules of a WAF policy.
Commands
Name | Description | Type | Status |
---|---|---|---|
az network application-gateway waf-policy managed-rule rule-set add |
Add managed rule set to the WAF policy managed rules. For rule set and rules, please visit: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set list |
List all managed rule set. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set remove |
Remove a managed rule set by rule set group name if rule_group_name is specified. Otherwise, remove all rule set. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set update |
Manage rules of a WAF policy. If --group-name and --rules are provided, override existing rules. If --group-name is provided, clear all rules under a certain rule group. If neither of them are provided, update rule set and clear all rules under itself. For rule set and rules, please visit: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules. |
Core | GA |
az network application-gateway waf-policy managed-rule rule-set add
Add managed rule set to the WAF policy managed rules. For rule set and rules, please visit: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.
az network application-gateway waf-policy managed-rule rule-set add --policy-name
--resource-group
--type {Microsoft_BotManagerRuleSet, OWASP}
--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}
[--group-name]
[--rule]
Examples
Disable an attack protection rule
az network application-gateway waf-policy managed-rule rule-set add --policy-name MyPolicy -g MyResourceGroup --type OWASP --version 3.1 --group-name REQUEST-921-PROTOCOL-ATTACK --rule rule-id=921110
Add managed rule set to the WAF policy managed rules (autogenerated)
az network application-gateway waf-policy managed-rule rule-set add --policy-name MyPolicy --resource-group MyResourceGroup --type Microsoft_BotManagerRuleSet --version 0.1
Required Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The type of the web application firewall rule set.
The version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
Optional Parameters
The name of the web application firewall rule set group.
The rule that will be disabled. If none specified, all rules in the group will be disabled. If provided, --group-name must be provided too.
Usage: --rule rule-id=MyID state=MyState action=MyAction sensitivity=MySensitivity
Allowed values for sensitivity: High, Medium, Low, None
Multiple rules can be specified by using more than one --rule
argument.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule rule-set list
List all managed rule set.
az network application-gateway waf-policy managed-rule rule-set list --policy-name
--resource-group
Examples
List all managed rule set. (autogenerated)
az network application-gateway waf-policy managed-rule rule-set list --policy-name MyPolicy --resource-group MyResourceGroup
Required Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule rule-set remove
Remove a managed rule set by rule set group name if rule_group_name is specified. Otherwise, remove all rule set.
az network application-gateway waf-policy managed-rule rule-set remove --policy-name
--resource-group
--type {Microsoft_BotManagerRuleSet, OWASP}
--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}
[--group-name]
Examples
Remove a managed rule set by rule set group name if rule_group_name is specified. Otherwise, remove all rule set.
az network application-gateway waf-policy managed-rule rule-set remove --policy-name MyPolicy --resource-group MyResourceGroup --type OWASP --version 3.1
Required Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The type of the web application firewall rule set.
The version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
Optional Parameters
The name of the web application firewall rule set group.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule rule-set update
Manage rules of a WAF policy. If --group-name and --rules are provided, override existing rules. If --group-name is provided, clear all rules under a certain rule group. If neither of them are provided, update rule set and clear all rules under itself. For rule set and rules, please visit: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.
az network application-gateway waf-policy managed-rule rule-set update --policy-name
--resource-group
--type {Microsoft_BotManagerRuleSet, OWASP}
--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}
[--group-name]
[--rule]
Examples
Override rules under rule group EQUEST-921-PROTOCOL-ATTACK
az network application-gateway waf-policy managed-rule rule-set update --policy-name MyPolicy -g MyResourceGroup --type OWASP --version 3.1 --group-name REQUEST-921-PROTOCOL-ATTACK --rule rule-id=921130 --rule rule-id=921160
Update the OWASP protocol version from 3.1 to 3.0 which will clear the old rules
az network application-gateway waf-policy managed-rule rule-set update --policy-name MyPolicy -g MyResourceGroup --type OWASP --version 3.0
Required Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The type of the web application firewall rule set.
The version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
Optional Parameters
The name of the web application firewall rule set group.
The rule that will be disabled. If none specified, all rules in the group will be disabled. If provided, --group-name must be provided too.
Usage: --rule rule-id=MyID state=MyState action=MyAction sensitivity=MySensitivity
Allowed values for sensitivity: High, Medium, Low, None
Multiple rules can be specified by using more than one --rule
argument.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.