Policy Args
data class PolicyArgs(val customRules: Output<List<PolicyCustomRuleArgs>>? = null, val location: Output<String>? = null, val managedRules: Output<PolicyManagedRulesArgs>? = null, val name: Output<String>? = null, val policySettings: Output<PolicyPolicySettingsArgs>? = null, val resourceGroupName: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<PolicyArgs>
Manages a Azure Web Application Firewall Policy instance.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.waf.Policy;
import com.pulumi.azure.waf.PolicyArgs;
import com.pulumi.azure.waf.inputs.PolicyCustomRuleArgs;
import com.pulumi.azure.waf.inputs.PolicyPolicySettingsArgs;
import com.pulumi.azure.waf.inputs.PolicyManagedRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.customRules(
PolicyCustomRuleArgs.builder()
.name("Rule1")
.priority(1)
.ruleType("MatchRule")
.matchConditions(PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("RemoteAddr")
.build())
.operator("IPMatch")
.negationCondition(false)
.matchValues(
"192.168.1.0/24",
"10.0.0.0/24")
.build())
.action("Block")
.build(),
PolicyCustomRuleArgs.builder()
.name("Rule2")
.priority(2)
.ruleType("MatchRule")
.matchConditions(
PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("RemoteAddr")
.build())
.operator("IPMatch")
.negationCondition(false)
.matchValues("192.168.1.0/24")
.build(),
PolicyCustomRuleMatchConditionArgs.builder()
.matchVariables(PolicyCustomRuleMatchConditionMatchVariableArgs.builder()
.variableName("RequestHeaders")
.selector("UserAgent")
.build())
.operator("Contains")
.negationCondition(false)
.matchValues("Windows")
.build())
.action("Block")
.build())
.policySettings(PolicyPolicySettingsArgs.builder()
.enabled(true)
.mode("Prevention")
.requestBodyCheck(true)
.fileUploadLimitInMb(100)
.maxRequestBodySizeInKb(128)
.build())
.managedRules(PolicyManagedRulesArgs.builder()
.exclusions(
PolicyManagedRulesExclusionArgs.builder()
.matchVariable("RequestHeaderNames")
.selector("x-company-secret-header")
.selectorMatchOperator("Equals")
.build(),
PolicyManagedRulesExclusionArgs.builder()
.matchVariable("RequestCookieNames")
.selector("too-tasty")
.selectorMatchOperator("EndsWith")
.build())
.managedRuleSets(PolicyManagedRulesManagedRuleSetArgs.builder()
.type("OWASP")
.version("3.2")
.ruleGroupOverrides(PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs.builder()
.ruleGroupName("REQUEST-920-PROTOCOL-ENFORCEMENT")
.rules(
PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
.id("920300")
.enabled(true)
.action("Log")
.build(),
PolicyManagedRulesManagedRuleSetRuleGroupOverrideRuleArgs.builder()
.id("920440")
.enabled(true)
.action("Block")
.build())
.build())
.build())
.build())
.build());
}
}
Content copied to clipboard
Import
Web Application Firewall Policy can be imported using the resource id
, e.g.
$ pulumi import azure:waf/policy:Policy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/example-wafpolicy
Content copied to clipboard
Constructors
Link copied to clipboard
fun PolicyArgs(customRules: Output<List<PolicyCustomRuleArgs>>? = null, location: Output<String>? = null, managedRules: Output<PolicyManagedRulesArgs>? = null, name: Output<String>? = null, policySettings: Output<PolicyPolicySettingsArgs>? = null, resourceGroupName: Output<String>? = null, tags: Output<Map<String, String>>? = null)