az network application-gateway waf-policy managed-rule exclusion rule-set
Define a managed rule set for exclusions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network application-gateway waf-policy managed-rule exclusion rule-set add |
Add a managed rule set to an exclusion. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion rule-set list |
List all managed rule sets of an exclusion. |
Core | GA |
| az network application-gateway waf-policy managed-rule exclusion rule-set remove |
Remove managed rule set within an exclusion. |
Core | GA |
az network application-gateway waf-policy managed-rule exclusion rule-set add
Add a managed rule set to an exclusion.
az network application-gateway waf-policy managed-rule exclusion rule-set add --match-operator {Contains, EndsWith, Equals, EqualsAny, StartsWith}
--match-variable {RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues}
--policy-name
--resource-group
--selector
--type {Microsoft_BotManagerRuleSet, OWASP}
--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}
[--group-name]
[--rule-ids]Examples
Add a managed rule set to an exclusion.
az network application-gateway waf-policy managed-rule exclusion rule-set add -g MyResourceGroup --policy-name MyPolicy --match-variable RequestHeaderNames --match-operator StartsWith --selector Bing --type OWASP --version 3.2 --group-name MyRuleGroup --rule-ids 921140 921150Required Parameters
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.
The variable to be excluded.
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.
The type of the web application firewall rule set.
The version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
Optional Parameters
The managed rule group for exclusion.
List of rules that will be disabled. If provided, --group-name must be provided too.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule exclusion rule-set list
List all managed rule sets of an exclusion.
az network application-gateway waf-policy managed-rule exclusion rule-set list --policy-name
--resource-groupExamples
List all managed rule sets of an exclusion.
az network application-gateway waf-policy managed-rule exclusion rule-set list -g MyResourceGroup --policy-name MyPolicyRequired Parameters
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network application-gateway waf-policy managed-rule exclusion rule-set remove
Remove managed rule set within an exclusion.
az network application-gateway waf-policy managed-rule exclusion rule-set remove --match-operator {Contains, EndsWith, Equals, EqualsAny, StartsWith}
--match-variable {RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues}
--policy-name
--resource-group
--selector
--type {Microsoft_BotManagerRuleSet, OWASP}
--version {0.1, 1.0, 1.1, 2.1, 2.2.9, 3.0, 3.1, 3.2}
[--group-name]Examples
Remove managed rule set within an exclusion.
az network application-gateway waf-policy managed-rule exclusion rule-set remove -g MyResourceGroup --policy-name MyPolicy --match-variable RequestHeaderNames --match-operator StartsWith --selector Bing --type OWASP --version 3.2 --group-name MyRuleGroupRequired Parameters
When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.
The variable to be excluded.
The name of the web application firewall policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.
The type of the web application firewall rule set.
The version of the web application firewall rule set type. 0.1, 1.0, and 1.1 are used for Microsoft_BotManagerRuleSet.
Optional Parameters
The managed rule group for exclusion.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
