Share via


az network application-gateway waf-policy managed-rule exclusion rule-set

Define a managed rule set for exclusions.

Commands

Name Description Type Status
az network application-gateway waf-policy managed-rule exclusion rule-set add

Add a managed rule set to an exclusion.

Core GA
az network application-gateway waf-policy managed-rule exclusion rule-set list

List all managed rule sets of an exclusion.

Core GA
az network application-gateway waf-policy managed-rule exclusion rule-set remove

Remove managed rule set within an exclusion.

Core GA

az network application-gateway waf-policy managed-rule exclusion rule-set add

Add a managed rule set to an exclusion.

az network application-gateway waf-policy managed-rule exclusion rule-set add --match-operator {Contains, EndsWith, Equals, EqualsAny, StartsWith}
                                                                              --match-variable {RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues}
                                                                              --policy-name
                                                                              --resource-group
                                                                              --selector
                                                                              --type {Microsoft_BotManagerRuleSet, OWASP}
                                                                              --version {0.1, 1.0, 2.1, 2.2.9, 3.0, 3.1, 3.2}
                                                                              [--group-name]
                                                                              [--rule-ids]

Examples

Add a managed rule set to an exclusion.

az network application-gateway waf-policy managed-rule exclusion rule-set add -g MyResourceGroup --policy-name MyPolicy --match-variable RequestHeaderNames --match-operator StartsWith --selector Bing --type OWASP --version 3.2 --group-name MyRuleGroup --rule-ids 921140 921150

Required Parameters

--match-operator --selector-match-operator

When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

Accepted values: Contains, EndsWith, Equals, EqualsAny, StartsWith
--match-variable

The variable to be excluded.

Accepted values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues
--policy-name

The name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--selector

When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.

--type

The type of the web application firewall rule set.

Accepted values: Microsoft_BotManagerRuleSet, OWASP
--version

The version of the web application firewall rule set type. 0.1 and 1.0 are used for Microsoft_BotManagerRuleSet.

Accepted values: 0.1, 1.0, 2.1, 2.2.9, 3.0, 3.1, 3.2

Optional Parameters

--group-name

The managed rule group for exclusion.

--rule-ids

List of rules that will be disabled. If provided, --group-name must be provided too.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy managed-rule exclusion rule-set list

List all managed rule sets of an exclusion.

az network application-gateway waf-policy managed-rule exclusion rule-set list --policy-name
                                                                               --resource-group

Examples

List all managed rule sets of an exclusion.

az network application-gateway waf-policy managed-rule exclusion rule-set list -g MyResourceGroup --policy-name MyPolicy

Required Parameters

--policy-name

The name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy managed-rule exclusion rule-set remove

Remove managed rule set within an exclusion.

az network application-gateway waf-policy managed-rule exclusion rule-set remove --match-operator {Contains, EndsWith, Equals, EqualsAny, StartsWith}
                                                                                 --match-variable {RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues}
                                                                                 --policy-name
                                                                                 --resource-group
                                                                                 --selector
                                                                                 --type {Microsoft_BotManagerRuleSet, OWASP}
                                                                                 --version {0.1, 1.0, 2.1, 2.2.9, 3.0, 3.1, 3.2}
                                                                                 [--group-name]

Examples

Remove managed rule set within an exclusion.

az network application-gateway waf-policy managed-rule exclusion rule-set remove -g MyResourceGroup --policy-name MyPolicy --match-variable RequestHeaderNames --match-operator StartsWith --selector Bing --type OWASP --version 3.2 --group-name MyRuleGroup

Required Parameters

--match-operator --selector-match-operator

When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to.

Accepted values: Contains, EndsWith, Equals, EqualsAny, StartsWith
--match-variable

The variable to be excluded.

Accepted values: RequestArgKeys, RequestArgNames, RequestArgValues, RequestCookieKeys, RequestCookieNames, RequestCookieValues, RequestHeaderKeys, RequestHeaderNames, RequestHeaderValues
--policy-name

The name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--selector

When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to.

--type

The type of the web application firewall rule set.

Accepted values: Microsoft_BotManagerRuleSet, OWASP
--version

The version of the web application firewall rule set type. 0.1 and 1.0 are used for Microsoft_BotManagerRuleSet.

Accepted values: 0.1, 1.0, 2.1, 2.2.9, 3.0, 3.1, 3.2

Optional Parameters

--group-name

The managed rule group for exclusion.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.