Share via


az network application-gateway waf-policy policy-setting

Define contents of a web application firewall global configuration.

Commands

Name Description Type Status
az network application-gateway waf-policy policy-setting list

List properties of a web application firewall global configuration.

Core GA
az network application-gateway waf-policy policy-setting update

Update properties of a web application firewall global configuration.

Core GA

az network application-gateway waf-policy policy-setting list

List properties of a web application firewall global configuration.

az network application-gateway waf-policy policy-setting list --policy-name
                                                              --resource-group

Examples

List properties of a web application firewall global configuration.

az network application-gateway waf-policy policy-setting list --policy-name MyPolicy --resource-group MyResourceGroup

Required Parameters

--policy-name

The name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network application-gateway waf-policy policy-setting update

Update properties of a web application firewall global configuration.

az network application-gateway waf-policy policy-setting update --policy-name
                                                                --resource-group
                                                                [--add]
                                                                [--custom-body]
                                                                [--custom-status-code]
                                                                [--file-upload-enforce {0, 1, f, false, n, no, t, true, y, yes}]
                                                                [--file-upload-limit-in-mb]
                                                                [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                                [--js-cookie-exp-time]
                                                                [--log-scrubbing-state {Disabled, Enabled}]
                                                                [--max-request-body-size-in-kb]
                                                                [--mode {Detection, Prevention}]
                                                                [--remove]
                                                                [--request-body-check {0, 1, f, false, n, no, t, true, y, yes}]
                                                                [--request-body-enforce {0, 1, f, false, n, no, t, true, y, yes}]
                                                                [--request-body-inspect-limit-in-kb]
                                                                [--scrubbing-rule]
                                                                [--set]
                                                                [--state {Disabled, Enabled}]

Examples

Update properties of a web application firewall global configuration.

az network application-gateway waf-policy policy-setting update --mode Prevention --policy-name MyPolicy --resource-group MyResourceGroup --state Disabled

Update a web application firewall global configuration with scrubbing rules.

az network application-gateway waf-policy policy-setting update -g MyResourceGroup --policy-name MyPolicySetting --request-body-inspect-limit-in-kb 64 --file-upload-enforcement True --request-body-enforcement False --log-scrubbing-state Enabled --scrubbing-rules "[{state:Enabled,match-variable:RequestArgNames,selector-match-operator:Equals,selector:test},{state:Enabled,match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null}]"

Required Parameters

--policy-name

Name of the web application firewall policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--custom-body

If the action type is block, customer can override the response body. The body must be specified in base64 encoding.

--custom-status-code

If the action type is block, customer can override the response status code.

--file-upload-enforce --file-upload-enforcement

Whether allow WAF to enforce file upload limits.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--file-upload-limit-in-mb

Maximum file upload size in Mb for WAF.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--js-cookie-exp-time

Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.

--log-scrubbing-state

State of the log scrubbing config. Default value is Enabled.

Accepted values: Disabled, Enabled
--max-request-body-size-in-kb

Maximum request body size in Kb for WAF.

--mode

If it is in detection mode or prevention mode at policy level.

Accepted values: Detection, Prevention
--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--request-body-check

Specified to require WAF to check request body.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: False
--request-body-enforce --request-body-enforcement

Whether allow WAF to enforce request body limits.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--request-body-inspect-limit-in-kb --request-limit-in-kb

Max inspection limit in KB for request body inspection for WAF.

--scrubbing-rule --scrubbing-rules

The rules that are applied to the logs for scrubbing. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --scrubbing-rule.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--state

If the policy is in enabled state or disabled state.

Accepted values: Disabled, Enabled
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.