az network application-gateway waf-policy managed-rule exception

Manage exceptions to allow a request to skip the managed rules when the condition is satisfied.

Commands

Name	Description	Type	Status
az network application-gateway waf-policy managed-rule exception add	Allows traffic that met configured criteria to skip the configured managed rules.	Core	GA
az network application-gateway waf-policy managed-rule exception list	List all managed rule exceptions that are applied on a WAF policy managed rules.	Core	GA
az network application-gateway waf-policy managed-rule exception remove	Remove all managed rule exceptions that are applied on a WAF policy managed rules.	Core	GA

az network application-gateway waf-policy managed-rule exception add

Edit

Allows traffic that met configured criteria to skip the configured managed rules.

az network application-gateway waf-policy managed-rule exception add --match-variable {RemoteAddr, RequestHeader, RequestURI}
                                                                     --policy-name
                                                                     --resource-group
                                                                     --value-match-operator --value-operator {Contains, EndsWith, Equals, IPMatch, StartsWith}
                                                                     [--index]
                                                                     [--rule-sets]
                                                                     [--selector]
                                                                     [--selector-match-operator --selector-operator {Contains, EndsWith, Equals, StartsWith}]
                                                                     [--values]

Examples

Add and exception rule to the WAF policy managed rules.

az network application-gateway waf-policy managed-rule exception add -g myResourceGroup --policy-name myWAF --match-variable "RequestURI" --value-operator Contains --values "health" "default.aspx" "account/images" --rule-sets [0].rule-set-type=OWASP [0].rule-set-version=3.2

Required Parameters

--match-variable

The variable on which we evaluate the exception condition.

Accepted values: RemoteAddr, RequestHeader, RequestURI

--policy-name

The name of the application gateway WAF policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--value-match-operator --value-operator

Operates on the allowed values for the matchVariable.

Accepted values: Contains, EndsWith, Equals, IPMatch, StartsWith

Optional Parameters

--index

Index of exception. If no index is provided, the default behaviour is append.

--rule-sets

The managed rule sets that are associated with the exception. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--selector

When the matchVariable points to a key-value pair (e.g, RequestHeader), this identifies the key.

--selector-match-operator --selector-operator

When the matchVariable points to a key-value pair (e.g, RequestHeader), this operates on the selector.

Accepted values: Contains, EndsWith, Equals, StartsWith

--values

Allowed values for the matchVariable Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.