Firewall
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.frontdoor.FirewallPolicy;
import com.pulumi.azure.frontdoor.FirewallPolicyArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyCustomRuleArgs;
import com.pulumi.azure.frontdoor.inputs.FirewallPolicyManagedRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.enabled(true)
.mode("Prevention")
.redirectUrl("https://www.contoso.com")
.customBlockResponseStatusCode(403)
.customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
.customRules(
FirewallPolicyCustomRuleArgs.builder()
.name("Rule1")
.enabled(true)
.priority(1)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"192.168.1.0/24",
"10.0.0.0/24")
.build())
.build(),
FirewallPolicyCustomRuleArgs.builder()
.name("Rule2")
.enabled(true)
.priority(2)
.rateLimitDurationInMinutes(1)
.rateLimitThreshold(10)
.type("MatchRule")
.action("Block")
.matchConditions(
FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RemoteAddr")
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
FirewallPolicyCustomRuleMatchConditionArgs.builder()
.matchVariable("RequestHeader")
.selector("UserAgent")
.operator("Contains")
.negationCondition(false)
.matchValues("windows")
.transforms(
"Lowercase",
"Trim")
.build())
.build())
.managedRules(
FirewallPolicyManagedRuleArgs.builder()
.type("DefaultRuleSet")
.version("1.0")
.exclusions(FirewallPolicyManagedRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("not_suspicious")
.build())
.overrides(
FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("PHP")
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("933100")
.enabled(false)
.action("Block")
.build())
.build(),
FirewallPolicyManagedRuleOverrideArgs.builder()
.ruleGroupName("SQLI")
.exclusions(FirewallPolicyManagedRuleOverrideExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("really_not_suspicious")
.build())
.rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
.ruleId("942200")
.action("Block")
.exclusions(FirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
.matchVariable("QueryStringArgNames")
.operator("Equals")
.selector("innocent")
.build())
.build())
.build())
.build(),
FirewallPolicyManagedRuleArgs.builder()
.type("Microsoft_BotManagerRuleSet")
.version("1.0")
.build())
.build());
}
}Content copied to clipboard
Import
FrontDoor Web Application Firewall Policy can be imported using the resource id, e.g.
$ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicyContent copied to clipboard