你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzApplicationGatewayFirewallCustomRule
Creates a new custom rule for the application gateway firewall policy.
Syntax
New-AzApplicationGatewayFirewallCustomRule
-Name <String>
-Priority <Int32>
[-RateLimitDuration <String>]
[-RateLimitThreshold <Int32>]
-RuleType <String>
-MatchCondition <PSApplicationGatewayFirewallCondition[]>
[-GroupByUserSession <PSApplicationGatewayFirewallCustomRuleGroupByUserSession[]>]
-Action <String>
[-State <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The New-AzApplicationGatewayFirewallCustomRule creates a custom rule for firewall policy.
Examples
Example 1
New-AzApplicationGatewayFirewallCustomRule -Name example-rule -Priority 1 -RuleType MatchRule -MatchCondition $condtion -Action Allow
Name : example-rule
Priority : 1
RuleType : MatchRule
MatchConditions : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCondition}
Action : Allow
State : Enabled
MatchConditionsText : [
{
"MatchVariables": [
{
"VariableName": "RequestHeaders",
"Selector": "Malicious-Header"
}
],
"OperatorProperty": "Any",
"NegationConditon": false
}
]
The command creates a new custom rule with name of example-rule, priority 1 and the rule type will be MatchRule with condition defined in the condition variable, the action will the allow.
Example 2
New-AzApplicationGatewayFirewallCustomRule -Name example-rule -Priority 2 -RuleType MatchRule -MatchCondition $condition -Action Allow -State Disabled
Name : example-rule
Priority : 2
RuleType : MatchRule
MatchConditions : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCondition}
Action : Allow
State : Disabled
MatchConditionsText : [
{
"MatchVariables": [
{
"VariableName": "RequestHeaders",
"Selector": "Malicious-Header"
}
],
"OperatorProperty": "Any",
"NegationConditon": false
}
]
The command creates a new custom rule with name of example-rule, state as Disabled, priority 2 and the rule type will be MatchRule with condition defined in the condition variable, the action will the allow.
Example 3
New-AzApplicationGatewayFirewallCustomRule -Name RateLimitRule3 -Priority 3 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Allow -State Disabled
Name : RateLimitRule3
Priority : 3
RateLimitDuration : OneMin
RateLimitThreshold : 10
RuleType : RateLimitRule
MatchConditions : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCondition}
GroupByUserSession : {Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallCustomRuleGroupByUserSession}
Action : Allow
State : Disabled
MatchConditionsText : [
{
"MatchVariables": [
{
"VariableName": "RequestHeaders",
"Selector": "Malicious-Header"
}
],
"OperatorProperty": "Any",
"NegationConditon": false
}
]
GroupByUserSessionText : [
{
"groupByVariables": [
{
"variableName": "ClientAddr"
}
]
}
]
The command creates a new custom rule with name of RateLimitRule3, state as Disabled, priority 3, RateLimitDuration OneMin, RateLimitThreshold 10 and the rule type will be RateLimitRule with condition defined in the condition variable, the action will the allow, the GroupByUserSession defined in the GroupByUserSession condition variable.
Parameters
-Action
Type of Actions.
Type: | String |
Accepted values: | Allow, Block, Log |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GroupByUserSession
List of match conditions.
Type: | PSApplicationGatewayFirewallCustomRuleGroupByUserSession[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MatchCondition
List of match conditions.
Type: | PSApplicationGatewayFirewallCondition[] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
The Name of the Rule.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Priority
Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RateLimitDuration
Describes duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.
Type: | String |
Accepted values: | OneMin, FiveMins |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RateLimitThreshold
Describes rate limit threshold. Applies only when ruleType is RateLimitRule.Accepted range for this value is 1 - 5000.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RuleType
Describes type of rule.
Type: | String |
Accepted values: | MatchRule, RateLimitRule |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-State
State variable of the custom rule.
Type: | String |
Accepted values: | Disabled, Enabled |
Position: | Named |
Default value: | Enabled |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None