pulumi-azure-kotlin/com.pulumi.azure.cdn.kotlin/FrontdoorFirewallPolicy

FrontdoorFirewallPolicy

class FrontdoorFirewallPolicy : KotlinCustomResource

Manages a Front Door (standard/premium) Firewall Policy instance.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.cdn.FrontdoorProfile;
import com.pulumi.azure.cdn.FrontdoorProfileArgs;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .skuName("Premium_AzureFrontDoor")
            .build());
        var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .skuName(exampleFrontdoorProfile.skuName())
            .enabled(true)
            .mode("Prevention")
            .redirectUrl("https://www.contoso.com")
            .customBlockResponseStatusCode(403)
            .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
            .customRules(
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("Rule1")
                    .enabled(true)
                    .priority(1)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                        .matchVariable("RemoteAddr")
                        .operator("IPMatch")
                        .negationCondition(false)
                        .matchValues(
                            "10.0.1.0/24",
                            "10.0.0.0/24")
                        .build())
                    .build(),
                FrontdoorFirewallPolicyCustomRuleArgs.builder()
                    .name("Rule2")
                    .enabled(true)
                    .priority(2)
                    .rateLimitDurationInMinutes(1)
                    .rateLimitThreshold(10)
                    .type("MatchRule")
                    .action("Block")
                    .matchConditions(
                        FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RemoteAddr")
                            .operator("IPMatch")
                            .negationCondition(false)
                            .matchValues("192.168.1.0/24")
                            .build(),
                        FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
                            .matchVariable("RequestHeader")
                            .selector("UserAgent")
                            .operator("Contains")
                            .negationCondition(false)
                            .matchValues("windows")
                            .transforms(
                                "Lowercase",
                                "Trim")
                            .build())
                    .build())
            .managedRules(
                FrontdoorFirewallPolicyManagedRuleArgs.builder()
                    .type("DefaultRuleSet")
                    .version("1.0")
                    .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
                        .matchVariable("QueryStringArgNames")
                        .operator("Equals")
                        .selector("not_suspicious")
                        .build())
                    .overrides(
                        FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("PHP")
                            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("933100")
                                .enabled(false)
                                .action("Block")
                                .build())
                            .build(),
                        FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
                            .ruleGroupName("SQLI")
                            .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
                                .matchVariable("QueryStringArgNames")
                                .operator("Equals")
                                .selector("really_not_suspicious")
                                .build())
                            .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
                                .ruleId("942200")
                                .action("Block")
                                .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
                                    .matchVariable("QueryStringArgNames")
                                    .operator("Equals")
                                    .selector("innocent")
                                    .build())
                                .build())
                            .build())
                    .build(),
                FrontdoorFirewallPolicyManagedRuleArgs.builder()
                    .type("Microsoft_BotManagerRuleSet")
                    .version("1.0")
                    .action("Log")
                    .build())
            .build());
    }
}

Import

Front Door Firewall Policies can be imported using the resource id, e.g.

$ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1

Properties

customBlockResponseBody

val customBlockResponseBody: Output<String>?

If a custom_rule block's action type is block, this is the response body. The body must be specified in base64 encoding.

customBlockResponseStatusCode

val customBlockResponseStatusCode: Output<Int>?

If a custom_rule block's action type is block, this is the response status code. Possible values are 200, 403, 405, 406, or 429.

customRules

val customRules: Output<List<FrontdoorFirewallPolicyCustomRule>>?

One or more custom_rule blocks as defined below.

enabled

val enabled: Output<Boolean>?

Is the Front Door Firewall Policy enabled? Defaults to true.

frontendEndpointIds

val frontendEndpointIds: Output<List<String>>

The Front Door Profiles frontend endpoints associated with this Front Door Firewall Policy.

val id: Output<String>

managedRules

val managedRules: Output<List<FrontdoorFirewallPolicyManagedRule>>?

One or more managed_rule blocks as defined below.

mode

val mode: Output<String>

The Front Door Firewall Policy mode. Possible values are Detection, Prevention.

name

val name: Output<String>

The name of the policy. Changing this forces a new resource to be created.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

redirectUrl

val redirectUrl: Output<String>?

If action type is redirect, this field represents redirect URL for the client.

resourceGroupName

val resourceGroupName: Output<String>

The name of the resource group. Changing this forces a new resource to be created.

skuName

val skuName: Output<String>

The sku's pricing tier for this Front Door Firewall Policy. Possible values include Standard_AzureFrontDoor or Premium_AzureFrontDoor. Changing this forces a new resource to be created.