az network application-gateway waf-policy custom-rule
Manage application gateway web application firewall (WAF) policy custom rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network application-gateway waf-policy custom-rule create |
Create an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule delete |
Delete an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule list |
List application gateway WAF policy custom rules. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition |
Manage match conditions in an application gateway web application firewall (WAF) policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition add |
Add a match condition to an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition list |
List application gateway WAF policy custom rule match conditions. |
Core | GA |
| az network application-gateway waf-policy custom-rule match-condition remove |
Remove a match condition from an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule show |
Get the details of an application gateway WAF policy custom rule. |
Core | GA |
| az network application-gateway waf-policy custom-rule update |
Update an application gateway WAF policy custom rule. |
Core | GA |
az network application-gateway waf-policy custom-rule create
Create an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule create --action {Allow, Block, JSChallenge, Log}
--name
--policy-name
--priority
--resource-group
--rule-type {Invalid, MatchRule, RateLimitRule}
[--group-by-user-session]
[--match-conditions]
[--rate-limit-duration {FiveMins, OneMin}]
[--rate-limit-threshold]
[--state {Disabled, Enabled}]Examples
Create an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule create --action Allow --name MyWafPolicyRule --policy-name MyPolicy --priority 500 --resource-group MyResourceGroup --rule-type MatchRuleCreate an application gateway WAF policy custom rule with user session identifier.
az network application-gateway waf-policy custom-rule create -g MyResourceGroup --policy-name MyPolicy -n MyRule --priority 3 --action Block --rule-type RateLimitRule --rate-limit-duration FiveMins --rate-limit-threshold 15 --group-by-user-session "[{group-by-variables:[{variable-name:GeoLocation}]}]"Required Parameters
Action to take.
| Property | Value |
|---|---|
| Accepted values: | Allow, Block, JSChallenge, Log |
Name of the WAF policy rule.
Name of the application gateway WAF policy.
Rule priority. Lower values are evaluated prior to higher values.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Type of rule.
| Property | Value |
|---|---|
| Accepted values: | Invalid, MatchRule, RateLimitRule |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
List of user session identifier group by clauses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
List of match conditions. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Default value: | [] |
Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | FiveMins, OneMin |
Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Describe if the custom rule is in enabled or disabled state.
| Property | Value |
|---|---|
| Default value: | Enabled |
| Accepted values: | Disabled, Enabled |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy custom-rule delete
Delete an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule delete --name
--policy-name
--resource-groupExamples
Delete an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule delete --name MyWafPolicyRule --policy-name MyPolicy --resource-group MyResourceGroup --subscription MySubscriptionRequired Parameters
Name of the WAF policy rule.
Name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy custom-rule list
List application gateway WAF policy custom rules.
az network application-gateway waf-policy custom-rule list --policy-name
--resource-groupExamples
List application gateway WAF policy custom rules.
az network application-gateway waf-policy custom-rule list --policy-name MyPolicy --resource-group MyResourceGroupRequired Parameters
Name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy custom-rule show
Get the details of an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule show --name
--policy-name
--resource-groupExamples
Get the details of an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule show --name MyWAFPolicyRule --policy-name MyPolicy --resource-group MyResourceGroupRequired Parameters
Name of the WAF policy rule.
Name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network application-gateway waf-policy custom-rule update
Update an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule update --name
--policy-name
--resource-group
[--action {Allow, Block, JSChallenge, Log}]
[--add]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--group-by-user-session]
[--match-conditions]
[--priority]
[--rate-limit-duration {FiveMins, OneMin}]
[--rate-limit-threshold]
[--remove]
[--rule-type {Invalid, MatchRule, RateLimitRule}]
[--set]
[--state {Disabled, Enabled}]Examples
Update an application gateway WAF policy custom rule.
az network application-gateway waf-policy custom-rule update --action Allow --name MyWAFPolicyRule --policy-name MyPolicy --priority 500 --resource-group MyResourceGroup --rule-type MatchRuleUpdate an application gateway WAF policy custom rule with user session identifier.
az network application-gateway waf-policy custom-rule create -g MyResourceGroup --policy-name MyPolicy -n MyRule --rate-limit-duration OneMin --rate-limit-threshold 10 --group-by-user-session "[{group-by-variables:[{variable-name:ClientAddr}]}]"Required Parameters
Name of the WAF policy rule.
Name of the application gateway WAF policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Action to take.
| Property | Value |
|---|---|
| Accepted values: | Allow, Block, JSChallenge, Log |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
List of user session identifier group by clauses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
List of match conditions. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Rule priority. Lower values are evaluated prior to higher values.
Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | FiveMins, OneMin |
Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Type of rule.
| Property | Value |
|---|---|
| Accepted values: | Invalid, MatchRule, RateLimitRule |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Describe if the custom rule is in enabled or disabled state.
| Property | Value |
|---|---|
| Accepted values: | Disabled, Enabled |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
