az network application-gateway waf-policy managed-rule exclusion
Manage OWASP CRS exclusions that are applied on a WAF policy managed rules.
Commands
az network application-gateway waf-policy managed-rule exclusion add
Add an OWASP CRS exclusion rule to the WAF policy managed rules.
az network application-gateway waf-policy managed-rule exclusion add --match-operator {Contains, EndsWith, Equals, EqualsAny, StartsWith}
--match-variable {RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues}
--policy-name
--resource-group
--selector
[--index]
[--rule-sets]
Examples
Add an OWASP CRS exclusion rule to the WAF policy managed rules.
az network application-gateway waf-policy managed-rule exclusion add -g MyResourceGroup --policy-name MyWAF --match-variable "RequestHeaderNames" --selector-match-operator "StartsWith" --selector "Bing"
Required Parameters
When match-variable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.
Variable to be excluded.
Name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
When match-variable is a collection, operator used to specify which elements in the collection this exclusion applies to.
Optional Parameters
Index of exclusion. If no index is provided, the default behavior is append
.
The managed rule sets that are associated with the exclusion. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule exclusion list
List all OWASP CRS exclusion rules that are applied on a WAF policy managed rules.
az network application-gateway waf-policy managed-rule exclusion list --policy-name
--resource-group
Required Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule exclusion remove
Remove all OWASP CRS exclusion rules that are applied on a WAF policy managed rules.
az network application-gateway waf-policy managed-rule exclusion remove --policy-name
--resource-group
Required Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.