Policy
data class PolicyArgs(val customRules: Output<CustomRuleListArgs>? = null, val location: Output<String>? = null, val managedRules: Output<ManagedRuleSetListArgs>? = null, val policyName: Output<String>? = null, val policySettings: Output<PolicySettingsArgs>? = null, val rateLimitRules: Output<RateLimitRuleListArgs>? = null, val resourceGroupName: Output<String>? = null, val sku: Output<SkuArgs>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<PolicyArgs>
Defines web application firewall policy for Azure CDN. API Version: 2020-09-01.
Example Usage
Creates specific policy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policy = new AzureNative.Cdn.Policy("policy", new()
{
CustomRules = new AzureNative.Cdn.Inputs.CustomRuleListArgs
{
Rules = new[]
{
new AzureNative.Cdn.Inputs.CustomRuleArgs
{
Action = "Block",
EnabledState = "Enabled",
MatchConditions = new[]
{
new AzureNative.Cdn.Inputs.MatchConditionArgs
{
MatchValue = new[]
{
"CH",
},
MatchVariable = "RemoteAddr",
NegateCondition = false,
Operator = "GeoMatch",
Transforms = new[] {},
},
new AzureNative.Cdn.Inputs.MatchConditionArgs
{
MatchValue = new[]
{
"windows",
},
MatchVariable = "RequestHeader",
NegateCondition = false,
Operator = "Contains",
Selector = "UserAgent",
Transforms = new[] {},
},
new AzureNative.Cdn.Inputs.MatchConditionArgs
{
MatchValue = new[]
{
"<?php",
"?>",
},
MatchVariable = "QueryString",
NegateCondition = false,
Operator = "Contains",
Selector = "search",
Transforms = new[]
{
"UrlDecode",
"Lowercase",
},
},
},
Name = "CustomRule1",
Priority = 2,
},
},
},
Location = "WestUs",
ManagedRules = new AzureNative.Cdn.Inputs.ManagedRuleSetListArgs
{
ManagedRuleSets = new[]
{
new AzureNative.Cdn.Inputs.ManagedRuleSetArgs
{
RuleGroupOverrides = new[]
{
new AzureNative.Cdn.Inputs.ManagedRuleGroupOverrideArgs
{
RuleGroupName = "Group1",
Rules = new[]
{
new AzureNative.Cdn.Inputs.ManagedRuleOverrideArgs
{
Action = "Redirect",
EnabledState = "Enabled",
RuleId = "GROUP1-0001",
},
new AzureNative.Cdn.Inputs.ManagedRuleOverrideArgs
{
EnabledState = "Disabled",
RuleId = "GROUP1-0002",
},
},
},
},
RuleSetType = "DefaultRuleSet",
RuleSetVersion = "preview-1.0",
},
},
},
PolicyName = "MicrosoftCdnWafPolicy",
PolicySettings = new AzureNative.Cdn.Inputs.PolicySettingsArgs
{
DefaultCustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
DefaultCustomBlockResponseStatusCode = 200,
DefaultRedirectUrl = "http://www.bing.com",
},
RateLimitRules = new AzureNative.Cdn.Inputs.RateLimitRuleListArgs
{
Rules = new[]
{
new AzureNative.Cdn.Inputs.RateLimitRuleArgs
{
Action = "Block",
EnabledState = "Enabled",
MatchConditions = new[]
{
new AzureNative.Cdn.Inputs.MatchConditionArgs
{
MatchValue = new[]
{
"192.168.1.0/24",
"10.0.0.0/24",
},
MatchVariable = "RemoteAddr",
NegateCondition = false,
Operator = "IPMatch",
Transforms = new[] {},
},
},
Name = "RateLimitRule1",
Priority = 1,
RateLimitDurationInMinutes = 0,
RateLimitThreshold = 1000,
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Cdn.Inputs.SkuArgs
{
Name = "Standard_Microsoft",
},
});
});Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.cdn.Policy;
import com.pulumi.azurenative.cdn.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new Policy("policy", PolicyArgs.builder()
.customRules(Map.of("rules", Map.ofEntries(
Map.entry("action", "Block"),
Map.entry("enabledState", "Enabled"),
Map.entry("matchConditions",
Map.ofEntries(
Map.entry("matchValue", "CH"),
Map.entry("matchVariable", "RemoteAddr"),
Map.entry("negateCondition", false),
Map.entry("operator", "GeoMatch"),
Map.entry("transforms", )
),
Map.ofEntries(
Map.entry("matchValue", "windows"),
Map.entry("matchVariable", "RequestHeader"),
Map.entry("negateCondition", false),
Map.entry("operator", "Contains"),
Map.entry("selector", "UserAgent"),
Map.entry("transforms", )
),
Map.ofEntries(
Map.entry("matchValue",
"<?php",
"?>"),
Map.entry("matchVariable", "QueryString"),
Map.entry("negateCondition", false),
Map.entry("operator", "Contains"),
Map.entry("selector", "search"),
Map.entry("transforms",
"UrlDecode",
"Lowercase")
)),
Map.entry("name", "CustomRule1"),
Map.entry("priority", 2)
)))
.location("WestUs")
.managedRules(Map.of("managedRuleSets", Map.ofEntries(
Map.entry("ruleGroupOverrides", Map.ofEntries(
Map.entry("ruleGroupName", "Group1"),
Map.entry("rules",
Map.ofEntries(
Map.entry("action", "Redirect"),
Map.entry("enabledState", "Enabled"),
Map.entry("ruleId", "GROUP1-0001")
),
Map.ofEntries(
Map.entry("enabledState", "Disabled"),
Map.entry("ruleId", "GROUP1-0002")
))
)),
Map.entry("ruleSetType", "DefaultRuleSet"),
Map.entry("ruleSetVersion", "preview-1.0")
)))
.policyName("MicrosoftCdnWafPolicy")
.policySettings(Map.ofEntries(
Map.entry("defaultCustomBlockResponseBody", "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
Map.entry("defaultCustomBlockResponseStatusCode", 200),
Map.entry("defaultRedirectUrl", "http://www.bing.com")
))
.rateLimitRules(Map.of("rules", Map.ofEntries(
Map.entry("action", "Block"),
Map.entry("enabledState", "Enabled"),
Map.entry("matchConditions", Map.ofEntries(
Map.entry("matchValue",
"192.168.1.0/24",
"10.0.0.0/24"),
Map.entry("matchVariable", "RemoteAddr"),
Map.entry("negateCondition", false),
Map.entry("operator", "IPMatch"),
Map.entry("transforms", )
)),
Map.entry("name", "RateLimitRule1"),
Map.entry("priority", 1),
Map.entry("rateLimitDurationInMinutes", 0),
Map.entry("rateLimitThreshold", 1000)
)))
.resourceGroupName("rg1")
.sku(Map.of("name", "Standard_Microsoft"))
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:cdn:Policy MicrosoftCdnWafPolicy /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Cdn/CdnWebApplicationFirewallPolicies/MicrosoftCdnWafPolicyContent copied to clipboard
Constructors
Link copied to clipboard
constructor(customRules: Output<CustomRuleListArgs>? = null, location: Output<String>? = null, managedRules: Output<ManagedRuleSetListArgs>? = null, policyName: Output<String>? = null, policySettings: Output<PolicySettingsArgs>? = null, rateLimitRules: Output<RateLimitRuleListArgs>? = null, resourceGroupName: Output<String>? = null, sku: Output<SkuArgs>? = null, tags: Output<Map<String, String>>? = null)
Properties
Link copied to clipboard
Describes custom rules inside the policy.
Link copied to clipboard
Describes managed rules inside the policy.
Link copied to clipboard
The name of the CdnWebApplicationFirewallPolicy.
Link copied to clipboard
Describes policySettings for policy
Link copied to clipboard
Describes rate limit rules inside the policy.
Link copied to clipboard
Name of the Resource group within the Azure subscription.