Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-03-01.xml (2,280 lines of code) (raw):
<?xml version='1.0' encoding='utf-8'?>
<CodeGen plane="mgmt-plane">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}" version="2025-03-01" swagger="mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0wMy0wMQ=="/>
<commandGroup name="network front-door waf-policy">
<command name="show" version="2025-03-01">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}" version="2025-03-01" swagger="mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0wMy0wMQ=="/>
<argGroup name="">
<arg type="string" var="$Path.policyName" options="policy-name name n" required="True" idPart="name">
<help short="The name of the Web Application Firewall Policy."/>
<format maxLength="128"/>
</arg>
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
</argGroup>
<operation operationId="Policies_Get">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}">
<request method="get">
<path>
<param type="string" name="policyName" arg="$Path.policyName" required="True">
<format maxLength="128"/>
</param>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format pattern="^[a-zA-Z0-9_\-\(\)\.]*[^\.]$" maxLength="80" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"/>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2025-03-01""/>
</const>
</query>
</request>
<response statusCode="200">
<body>
<json var="$Instance">
<schema type="object">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"/>
</prop>
<prop type="ResourceLocation" name="location"/>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="object" name="customRules">
<prop type="array<object>" name="rules">
<item type="object">
<prop type="string" name="action" required="True">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<object>" name="groupBy">
<item type="object">
<prop type="string" name="variableName" required="True">
<enum>
<item value=""GeoLocation""/>
<item value=""None""/>
<item value=""SocketAddr""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="matchConditions" required="True">
<item type="object">
<prop type="array<string>" name="matchValue" required="True">
<item type="string"/>
</prop>
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""Cookies""/>
<item value=""PostArgs""/>
<item value=""QueryString""/>
<item value=""RemoteAddr""/>
<item value=""RequestBody""/>
<item value=""RequestHeader""/>
<item value=""RequestMethod""/>
<item value=""RequestUri""/>
<item value=""SocketAddr""/>
</enum>
</prop>
<prop type="boolean" name="negateCondition"/>
<prop type="string" name="operator" required="True">
<enum>
<item value=""Any""/>
<item value=""BeginsWith""/>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equal""/>
<item value=""GeoMatch""/>
<item value=""GreaterThan""/>
<item value=""GreaterThanOrEqual""/>
<item value=""IPMatch""/>
<item value=""LessThan""/>
<item value=""LessThanOrEqual""/>
<item value=""RegEx""/>
</enum>
</prop>
<prop type="string" name="selector"/>
<prop type="array<string>" name="transforms">
<item type="string">
<enum>
<item value=""Lowercase""/>
<item value=""RemoveNulls""/>
<item value=""Trim""/>
<item value=""Uppercase""/>
<item value=""UrlDecode""/>
<item value=""UrlEncode""/>
</enum>
</item>
</prop>
</item>
</prop>
<prop type="string" name="name">
<format maxLength="128"/>
</prop>
<prop type="integer" name="priority" required="True"/>
<prop type="integer" name="rateLimitDurationInMinutes">
<format maximum="5" minimum="0"/>
</prop>
<prop type="integer" name="rateLimitThreshold">
<format minimum="0"/>
</prop>
<prop type="string" name="ruleType" required="True">
<enum>
<item value=""MatchRule""/>
<item value=""RateLimitRule""/>
</enum>
</prop>
</item>
</prop>
</prop>
<prop readOnly="True" type="array<object>" name="frontendEndpointLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
<prop type="object" name="managedRules">
<prop type="array<object>" name="managedRuleSets">
<item type="object">
<prop type="array<object>" name="exclusions">
<item type="object" cls="ManagedRuleExclusion_read">
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
</enum>
</prop>
<prop type="string" name="selector" required="True"/>
<prop type="string" name="selectorMatchOperator" required="True">
<enum>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equals""/>
<item value=""EqualsAny""/>
<item value=""StartsWith""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="ruleGroupOverrides">
<item type="object">
<prop type="array<@ManagedRuleExclusion_read>" name="exclusions">
<item type="@ManagedRuleExclusion_read"/>
</prop>
<prop type="string" name="ruleGroupName" required="True"/>
<prop type="array<object>" name="rules">
<item type="object">
<prop type="string" name="action">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<@ManagedRuleExclusion_read>" name="exclusions">
<item type="@ManagedRuleExclusion_read"/>
</prop>
<prop type="string" name="ruleId" required="True"/>
</item>
</prop>
</item>
</prop>
<prop type="string" name="ruleSetAction">
<enum>
<item value=""Block""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="ruleSetType" required="True"/>
<prop type="string" name="ruleSetVersion" required="True"/>
</item>
</prop>
</prop>
<prop type="object" name="policySettings">
<prop type="integer32" name="captchaExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="string" name="customBlockResponseBody">
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</prop>
<prop type="integer" name="customBlockResponseStatusCode"/>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="integer32" name="javascriptChallengeExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="object" name="logScrubbing" clientFlatten="True">
<prop type="array<object>" name="scrubbingRules">
<item type="object">
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
<item value=""RequestIPAddress""/>
<item value=""RequestUri""/>
</enum>
</prop>
<prop type="string" name="selector"/>
<prop type="string" name="selectorMatchOperator" required="True">
<enum>
<item value=""Equals""/>
<item value=""EqualsAny""/>
</enum>
</prop>
<prop type="string" name="state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</item>
</prop>
<prop type="string" name="state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop type="string" name="mode">
<enum>
<item value=""Detection""/>
<item value=""Prevention""/>
</enum>
</prop>
<prop type="string" name="redirectUrl"/>
<prop type="string" name="requestBodyCheck">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="provisioningState"/>
<prop readOnly="True" type="string" name="resourceState">
<enum>
<item value=""Creating""/>
<item value=""Deleting""/>
<item value=""Disabled""/>
<item value=""Disabling""/>
<item value=""Enabled""/>
<item value=""Enabling""/>
</enum>
</prop>
<prop readOnly="True" type="array<object>" name="routingRuleLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
<prop readOnly="True" type="array<object>" name="securityPolicyLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
</prop>
<prop type="object" name="sku">
<prop type="string" name="name">
<enum>
<item value=""Classic_AzureFrontDoor""/>
<item value=""Premium_AzureFrontDoor""/>
<item value=""Standard_AzureFrontDoor""/>
</enum>
</prop>
</prop>
<prop type="object" name="tags">
<additionalProp>
<item type="string"/>
</additionalProp>
</prop>
<prop readOnly="True" type="string" name="type"/>
</schema>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="object" ref="$Instance" clientFlatten="True"/>
</command>
<command name="delete" version="2025-03-01" confirmation="">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}" version="2025-03-01" swagger="mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0wMy0wMQ=="/>
<argGroup name="">
<arg type="string" var="$Path.policyName" options="policy-name name n" required="True" idPart="name">
<help short="The name of the Web Application Firewall Policy."/>
<format maxLength="128"/>
</arg>
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
</argGroup>
<operation operationId="Policies_Delete">
<longRunning finalStateVia="azure-async-operation"/>
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}">
<request method="delete">
<path>
<param type="string" name="policyName" arg="$Path.policyName" required="True">
<format maxLength="128"/>
</param>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format pattern="^[a-zA-Z0-9_\-\(\)\.]*[^\.]$" maxLength="80" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"/>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2025-03-01""/>
</const>
</query>
</request>
<response statusCode="200"/>
<response statusCode="202"/>
<response statusCode="204"/>
<response isError="True">
<body>
<json>
<schema type="@MgmtErrorFormat"/>
</json>
</body>
</response>
</http>
</operation>
</command>
<command name="create" version="2025-03-01">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}" version="2025-03-01" swagger="mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0wMy0wMQ=="/>
<argGroup name="">
<arg type="string" var="$Path.policyName" options="policy-name name n" required="True" idPart="name">
<help short="The name of the Web Application Firewall Policy."/>
<format maxLength="128"/>
</arg>
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
</argGroup>
<argGroup name="Parameters">
<arg type="string" var="$parameters.etag" options="etag" group="Parameters">
<help short="Gets a unique read-only string that changes whenever the resource is updated."/>
</arg>
<arg type="ResourceLocation" var="$parameters.location" options="location l" group="Parameters">
<help short="Resource location."/>
</arg>
<arg type="object" var="$parameters.tags" options="tags" group="Parameters">
<help short="Resource tags."/>
<additionalProp>
<item type="string"/>
</additionalProp>
</arg>
</argGroup>
<argGroup name="PolicySettings">
<arg type="integer32" var="$parameters.properties.policySettings.captchaExpirationInMinutes" options="captcha-expiration-in-minutes" group="PolicySettings">
<help short="Defines the Captcha cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30."/>
<format maximum="1440" minimum="5"/>
</arg>
<arg type="string" var="$parameters.properties.policySettings.customBlockResponseBody" options="custom-block-response-body" group="PolicySettings">
<help short="If the action type is block, customer can override the response body. The body must be specified in base64 encoding."/>
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</arg>
<arg type="integer" var="$parameters.properties.policySettings.customBlockResponseStatusCode" options="custom-block-response-status-code" group="PolicySettings">
<help short="If the action type is block, customer can override the response status code."/>
</arg>
<arg type="string" var="$parameters.properties.policySettings.enabledState" options="enabled-state" group="PolicySettings">
<help short="Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
<arg type="integer32" var="$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes" options="javascript-challenge-expiration-in-minutes js-expiration" group="PolicySettings">
<help short="Defines the JavaScript challenge cookie validity lifetime in minutes. Value must be an integer between 5 and 1440 with the default value being 30."/>
<format maximum="1440" minimum="5"/>
</arg>
<arg type="object" var="$parameters.properties.policySettings.logScrubbing" options="log-scrubbing" group="PolicySettings">
<help short="Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null"/>
<arg type="array<object>" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules" options="scrubbing-rules">
<help short="List of log scrubbing rules applied to the Web Application Firewall logs."/>
<item type="object">
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable" options="match-variable" required="True">
<help short="The variable to be scrubbed from the logs."/>
<enum>
<item name="QueryStringArgNames" value=""QueryStringArgNames""/>
<item name="RequestBodyJsonArgNames" value=""RequestBodyJsonArgNames""/>
<item name="RequestBodyPostArgNames" value=""RequestBodyPostArgNames""/>
<item name="RequestCookieNames" value=""RequestCookieNames""/>
<item name="RequestHeaderNames" value=""RequestHeaderNames""/>
<item name="RequestIPAddress" value=""RequestIPAddress""/>
<item name="RequestUri" value=""RequestUri""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector" options="selector">
<help short="When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to."/>
</arg>
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator" options="selector-match-operator" required="True">
<help short="When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to."/>
<enum>
<item name="Equals" value=""Equals""/>
<item name="EqualsAny" value=""EqualsAny""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state" options="state">
<help short="Defines the state of a log scrubbing rule. Default value is enabled."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
</item>
</arg>
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.state" options="state">
<help short="State of the log scrubbing config. Default value is Enabled."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
</arg>
<arg type="string" var="$parameters.properties.policySettings.mode" options="mode" group="PolicySettings">
<help short="Describes if it is in detection mode or prevention mode at policy level."/>
<enum>
<item name="Detection" value=""Detection""/>
<item name="Prevention" value=""Prevention""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.policySettings.redirectUrl" options="redirect-url" group="PolicySettings">
<help short="If action type is redirect, this field represents redirect URL for the client."/>
</arg>
<arg type="string" var="$parameters.properties.policySettings.requestBodyCheck" options="request-body-check" group="PolicySettings">
<help short="Describes if policy managed rules will inspect the request body content."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
</argGroup>
<argGroup name="Properties">
<arg type="object" var="$parameters.properties.customRules" options="custom-rules" group="Properties">
<help short="Describes custom rules inside the policy."/>
<arg type="array<object>" var="$parameters.properties.customRules.rules" options="rules">
<help short="List of rules"/>
<item type="object">
<arg type="string" var="$parameters.properties.customRules.rules[].action" options="action" required="True">
<help short="Describes what action to be applied when rule matches."/>
<enum>
<item name="Allow" value=""Allow""/>
<item name="AnomalyScoring" value=""AnomalyScoring""/>
<item name="Block" value=""Block""/>
<item name="CAPTCHA" value=""CAPTCHA""/>
<item name="JSChallenge" value=""JSChallenge""/>
<item name="Log" value=""Log""/>
<item name="Redirect" value=""Redirect""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].enabledState" options="enabled-state">
<help short="Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
<arg type="array<object>" var="$parameters.properties.customRules.rules[].groupBy" options="group-by">
<help short="Describes the list of variables to group the rate limit requests"/>
<item type="object">
<arg type="string" var="$parameters.properties.customRules.rules[].groupBy[].variableName" options="variable-name" required="True">
<help short="Describes the supported variable for group by"/>
<enum>
<item name="GeoLocation" value=""GeoLocation""/>
<item name="None" value=""None""/>
<item name="SocketAddr" value=""SocketAddr""/>
</enum>
</arg>
</item>
</arg>
<arg type="array<object>" var="$parameters.properties.customRules.rules[].matchConditions" options="match-conditions" required="True">
<help short="List of match conditions."/>
<item type="object">
<arg type="array<string>" var="$parameters.properties.customRules.rules[].matchConditions[].matchValue" options="match-value" required="True">
<help short="List of possible match values."/>
<item type="string"/>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].matchConditions[].matchVariable" options="match-variable" required="True">
<help short="Request variable to compare with."/>
<enum>
<item name="Cookies" value=""Cookies""/>
<item name="PostArgs" value=""PostArgs""/>
<item name="QueryString" value=""QueryString""/>
<item name="RemoteAddr" value=""RemoteAddr""/>
<item name="RequestBody" value=""RequestBody""/>
<item name="RequestHeader" value=""RequestHeader""/>
<item name="RequestMethod" value=""RequestMethod""/>
<item name="RequestUri" value=""RequestUri""/>
<item name="SocketAddr" value=""SocketAddr""/>
</enum>
</arg>
<arg type="boolean" var="$parameters.properties.customRules.rules[].matchConditions[].negateCondition" options="negate-condition">
<help short="Describes if the result of this condition should be negated."/>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].matchConditions[].operator" options="operator" required="True">
<help short="Comparison type to use for matching with the variable value."/>
<enum>
<item name="Any" value=""Any""/>
<item name="BeginsWith" value=""BeginsWith""/>
<item name="Contains" value=""Contains""/>
<item name="EndsWith" value=""EndsWith""/>
<item name="Equal" value=""Equal""/>
<item name="GeoMatch" value=""GeoMatch""/>
<item name="GreaterThan" value=""GreaterThan""/>
<item name="GreaterThanOrEqual" value=""GreaterThanOrEqual""/>
<item name="IPMatch" value=""IPMatch""/>
<item name="LessThan" value=""LessThan""/>
<item name="LessThanOrEqual" value=""LessThanOrEqual""/>
<item name="RegEx" value=""RegEx""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].matchConditions[].selector" options="selector">
<help short="Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null."/>
</arg>
<arg type="array<string>" var="$parameters.properties.customRules.rules[].matchConditions[].transforms" options="transforms">
<help short="List of transforms."/>
<item type="string">
<enum>
<item name="Lowercase" value=""Lowercase""/>
<item name="RemoveNulls" value=""RemoveNulls""/>
<item name="Trim" value=""Trim""/>
<item name="Uppercase" value=""Uppercase""/>
<item name="UrlDecode" value=""UrlDecode""/>
<item name="UrlEncode" value=""UrlEncode""/>
</enum>
</item>
</arg>
</item>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].name" options="name">
<help short="Describes the name of the rule."/>
<format maxLength="128"/>
</arg>
<arg type="integer" var="$parameters.properties.customRules.rules[].priority" options="priority" required="True">
<help short="Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value."/>
</arg>
<arg type="integer" var="$parameters.properties.customRules.rules[].rateLimitDurationInMinutes" options="rate-limit-duration-in-minutes">
<help short="Time window for resetting the rate limit count. Default is 1 minute."/>
<format maximum="5" minimum="0"/>
</arg>
<arg type="integer" var="$parameters.properties.customRules.rules[].rateLimitThreshold" options="rate-limit-threshold">
<help short="Number of allowed requests per client within the time window."/>
<format minimum="0"/>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].ruleType" options="rule-type" required="True">
<help short="Describes type of rule."/>
<enum>
<item name="MatchRule" value=""MatchRule""/>
<item name="RateLimitRule" value=""RateLimitRule""/>
</enum>
</arg>
</item>
</arg>
</arg>
<arg type="object" var="$parameters.properties.managedRules" options="managed-rules" group="Properties">
<help short="Describes managed rules inside the policy."/>
<arg type="array<object>" var="$parameters.properties.managedRules.managedRuleSets" options="managed-rule-sets">
<help short="List of rule sets."/>
<item type="object">
<arg type="array<object>" var="$parameters.properties.managedRules.managedRuleSets[].exclusions" options="exclusions">
<help short="Describes the exclusions that are applied to all rules in the set."/>
<item type="object" cls="ManagedRuleExclusion_create">
<arg type="string" var="@ManagedRuleExclusion_create.matchVariable" options="match-variable" required="True">
<help short="The variable type to be excluded."/>
<enum>
<item name="QueryStringArgNames" value=""QueryStringArgNames""/>
<item name="RequestBodyJsonArgNames" value=""RequestBodyJsonArgNames""/>
<item name="RequestBodyPostArgNames" value=""RequestBodyPostArgNames""/>
<item name="RequestCookieNames" value=""RequestCookieNames""/>
<item name="RequestHeaderNames" value=""RequestHeaderNames""/>
</enum>
</arg>
<arg type="string" var="@ManagedRuleExclusion_create.selector" options="selector" required="True">
<help short="Selector value for which elements in the collection this exclusion applies to."/>
</arg>
<arg type="string" var="@ManagedRuleExclusion_create.selectorMatchOperator" options="selector-match-operator" required="True">
<help short="Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to."/>
<enum>
<item name="Contains" value=""Contains""/>
<item name="EndsWith" value=""EndsWith""/>
<item name="Equals" value=""Equals""/>
<item name="EqualsAny" value=""EqualsAny""/>
<item name="StartsWith" value=""StartsWith""/>
</enum>
</arg>
</item>
</arg>
<arg type="array<object>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides" options="rule-group-overrides">
<help short="Defines the rule group overrides to apply to the rule set."/>
<item type="object">
<arg type="array<@ManagedRuleExclusion_create>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions" options="exclusions">
<help short="Describes the exclusions that are applied to all rules in the group."/>
<item type="@ManagedRuleExclusion_create"/>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName" options="rule-group-name" required="True">
<help short="Describes the managed rule group to override."/>
</arg>
<arg type="array<object>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules" options="rules">
<help short="List of rules that will be disabled. If none specified, all rules in the group will be disabled."/>
<item type="object">
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action" options="action">
<help short="Describes the override action to be applied when rule matches."/>
<enum>
<item name="Allow" value=""Allow""/>
<item name="AnomalyScoring" value=""AnomalyScoring""/>
<item name="Block" value=""Block""/>
<item name="CAPTCHA" value=""CAPTCHA""/>
<item name="JSChallenge" value=""JSChallenge""/>
<item name="Log" value=""Log""/>
<item name="Redirect" value=""Redirect""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState" options="enabled-state">
<help short="Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
<arg type="array<@ManagedRuleExclusion_create>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions" options="exclusions">
<help short="Describes the exclusions that are applied to this specific rule."/>
<item type="@ManagedRuleExclusion_create"/>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId" options="rule-id" required="True">
<help short="Identifier for the managed rule."/>
</arg>
</item>
</arg>
</item>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleSetAction" options="rule-set-action">
<help short="Defines the rule set action."/>
<enum>
<item name="Block" value=""Block""/>
<item name="Log" value=""Log""/>
<item name="Redirect" value=""Redirect""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleSetType" options="rule-set-type" required="True">
<help short="Defines the rule set type to use."/>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion" options="rule-set-version" required="True">
<help short="Defines the version of the rule set to use."/>
</arg>
</item>
</arg>
</arg>
</argGroup>
<argGroup name="Sku">
<arg type="string" var="$parameters.sku.name" options="sku" group="Sku">
<help short="Name of the pricing tier."/>
<default value=""Premium_AzureFrontDoor""/>
<enum>
<item name="Classic_AzureFrontDoor" value=""Classic_AzureFrontDoor""/>
<item name="Premium_AzureFrontDoor" value=""Premium_AzureFrontDoor""/>
<item name="Standard_AzureFrontDoor" value=""Standard_AzureFrontDoor""/>
</enum>
</arg>
</argGroup>
<operation operationId="Policies_CreateOrUpdate">
<longRunning finalStateVia="azure-async-operation"/>
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}">
<request method="put">
<path>
<param type="string" name="policyName" arg="$Path.policyName" required="True">
<format maxLength="128"/>
</param>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format pattern="^[a-zA-Z0-9_\-\(\)\.]*[^\.]$" maxLength="80" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"/>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2025-03-01""/>
</const>
</query>
<body>
<json>
<schema type="object" name="parameters" required="True" clientFlatten="True">
<prop type="string" name="etag" arg="$parameters.etag"/>
<prop type="ResourceLocation" name="location" arg="$parameters.location"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="object" name="customRules" arg="$parameters.properties.customRules">
<prop type="array<object>" name="rules" arg="$parameters.properties.customRules.rules">
<item type="object">
<prop type="string" name="action" arg="$parameters.properties.customRules.rules[].action" required="True">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState" arg="$parameters.properties.customRules.rules[].enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<object>" name="groupBy" arg="$parameters.properties.customRules.rules[].groupBy">
<item type="object">
<prop type="string" name="variableName" arg="$parameters.properties.customRules.rules[].groupBy[].variableName" required="True">
<enum>
<item value=""GeoLocation""/>
<item value=""None""/>
<item value=""SocketAddr""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="matchConditions" arg="$parameters.properties.customRules.rules[].matchConditions" required="True">
<item type="object">
<prop type="array<string>" name="matchValue" arg="$parameters.properties.customRules.rules[].matchConditions[].matchValue" required="True">
<item type="string"/>
</prop>
<prop type="string" name="matchVariable" arg="$parameters.properties.customRules.rules[].matchConditions[].matchVariable" required="True">
<enum>
<item value=""Cookies""/>
<item value=""PostArgs""/>
<item value=""QueryString""/>
<item value=""RemoteAddr""/>
<item value=""RequestBody""/>
<item value=""RequestHeader""/>
<item value=""RequestMethod""/>
<item value=""RequestUri""/>
<item value=""SocketAddr""/>
</enum>
</prop>
<prop type="boolean" name="negateCondition" arg="$parameters.properties.customRules.rules[].matchConditions[].negateCondition"/>
<prop type="string" name="operator" arg="$parameters.properties.customRules.rules[].matchConditions[].operator" required="True">
<enum>
<item value=""Any""/>
<item value=""BeginsWith""/>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equal""/>
<item value=""GeoMatch""/>
<item value=""GreaterThan""/>
<item value=""GreaterThanOrEqual""/>
<item value=""IPMatch""/>
<item value=""LessThan""/>
<item value=""LessThanOrEqual""/>
<item value=""RegEx""/>
</enum>
</prop>
<prop type="string" name="selector" arg="$parameters.properties.customRules.rules[].matchConditions[].selector"/>
<prop type="array<string>" name="transforms" arg="$parameters.properties.customRules.rules[].matchConditions[].transforms">
<item type="string">
<enum>
<item value=""Lowercase""/>
<item value=""RemoveNulls""/>
<item value=""Trim""/>
<item value=""Uppercase""/>
<item value=""UrlDecode""/>
<item value=""UrlEncode""/>
</enum>
</item>
</prop>
</item>
</prop>
<prop type="string" name="name" arg="$parameters.properties.customRules.rules[].name">
<format maxLength="128"/>
</prop>
<prop type="integer" name="priority" arg="$parameters.properties.customRules.rules[].priority" required="True"/>
<prop type="integer" name="rateLimitDurationInMinutes" arg="$parameters.properties.customRules.rules[].rateLimitDurationInMinutes">
<format maximum="5" minimum="0"/>
</prop>
<prop type="integer" name="rateLimitThreshold" arg="$parameters.properties.customRules.rules[].rateLimitThreshold">
<format minimum="0"/>
</prop>
<prop type="string" name="ruleType" arg="$parameters.properties.customRules.rules[].ruleType" required="True">
<enum>
<item value=""MatchRule""/>
<item value=""RateLimitRule""/>
</enum>
</prop>
</item>
</prop>
</prop>
<prop type="object" name="managedRules" arg="$parameters.properties.managedRules">
<prop type="array<object>" name="managedRuleSets" arg="$parameters.properties.managedRules.managedRuleSets">
<item type="object">
<prop type="array<object>" name="exclusions" arg="$parameters.properties.managedRules.managedRuleSets[].exclusions">
<item type="object" cls="ManagedRuleExclusion_create">
<prop type="string" name="matchVariable" arg="@ManagedRuleExclusion_create.matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
</enum>
</prop>
<prop type="string" name="selector" arg="@ManagedRuleExclusion_create.selector" required="True"/>
<prop type="string" name="selectorMatchOperator" arg="@ManagedRuleExclusion_create.selectorMatchOperator" required="True">
<enum>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equals""/>
<item value=""EqualsAny""/>
<item value=""StartsWith""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="ruleGroupOverrides" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides">
<item type="object">
<prop type="array<@ManagedRuleExclusion_create>" name="exclusions" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions">
<item type="@ManagedRuleExclusion_create"/>
</prop>
<prop type="string" name="ruleGroupName" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName" required="True"/>
<prop type="array<object>" name="rules" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules">
<item type="object">
<prop type="string" name="action" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<@ManagedRuleExclusion_create>" name="exclusions" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions">
<item type="@ManagedRuleExclusion_create"/>
</prop>
<prop type="string" name="ruleId" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId" required="True"/>
</item>
</prop>
</item>
</prop>
<prop type="string" name="ruleSetAction" arg="$parameters.properties.managedRules.managedRuleSets[].ruleSetAction">
<enum>
<item value=""Block""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="ruleSetType" arg="$parameters.properties.managedRules.managedRuleSets[].ruleSetType" required="True"/>
<prop type="string" name="ruleSetVersion" arg="$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion" required="True"/>
</item>
</prop>
</prop>
<prop type="object" name="policySettings">
<prop type="integer32" name="captchaExpirationInMinutes" arg="$parameters.properties.policySettings.captchaExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="string" name="customBlockResponseBody" arg="$parameters.properties.policySettings.customBlockResponseBody">
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</prop>
<prop type="integer" name="customBlockResponseStatusCode" arg="$parameters.properties.policySettings.customBlockResponseStatusCode"/>
<prop type="string" name="enabledState" arg="$parameters.properties.policySettings.enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="integer32" name="javascriptChallengeExpirationInMinutes" arg="$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="object" name="logScrubbing" arg="$parameters.properties.policySettings.logScrubbing" clientFlatten="True">
<prop type="array<object>" name="scrubbingRules" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules">
<item type="object">
<prop type="string" name="matchVariable" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
<item value=""RequestIPAddress""/>
<item value=""RequestUri""/>
</enum>
</prop>
<prop type="string" name="selector" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector"/>
<prop type="string" name="selectorMatchOperator" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator" required="True">
<enum>
<item value=""Equals""/>
<item value=""EqualsAny""/>
</enum>
</prop>
<prop type="string" name="state" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</item>
</prop>
<prop type="string" name="state" arg="$parameters.properties.policySettings.logScrubbing.state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop type="string" name="mode" arg="$parameters.properties.policySettings.mode">
<enum>
<item value=""Detection""/>
<item value=""Prevention""/>
</enum>
</prop>
<prop type="string" name="redirectUrl" arg="$parameters.properties.policySettings.redirectUrl"/>
<prop type="string" name="requestBodyCheck" arg="$parameters.properties.policySettings.requestBodyCheck">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
</prop>
<prop type="object" name="sku">
<prop type="string" name="name" arg="$parameters.sku.name">
<enum>
<item value=""Classic_AzureFrontDoor""/>
<item value=""Premium_AzureFrontDoor""/>
<item value=""Standard_AzureFrontDoor""/>
</enum>
</prop>
</prop>
<prop type="object" name="tags" arg="$parameters.tags">
<additionalProp>
<item type="string"/>
</additionalProp>
</prop>
</schema>
</json>
</body>
</request>
<response statusCode="200 201">
<body>
<json var="$Instance">
<schema type="object" cls="WebApplicationFirewallPolicy_read">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"/>
</prop>
<prop type="ResourceLocation" name="location"/>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="object" name="customRules">
<prop type="array<object>" name="rules">
<item type="object">
<prop type="string" name="action" required="True">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<object>" name="groupBy">
<item type="object">
<prop type="string" name="variableName" required="True">
<enum>
<item value=""GeoLocation""/>
<item value=""None""/>
<item value=""SocketAddr""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="matchConditions" required="True">
<item type="object">
<prop type="array<string>" name="matchValue" required="True">
<item type="string"/>
</prop>
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""Cookies""/>
<item value=""PostArgs""/>
<item value=""QueryString""/>
<item value=""RemoteAddr""/>
<item value=""RequestBody""/>
<item value=""RequestHeader""/>
<item value=""RequestMethod""/>
<item value=""RequestUri""/>
<item value=""SocketAddr""/>
</enum>
</prop>
<prop type="boolean" name="negateCondition"/>
<prop type="string" name="operator" required="True">
<enum>
<item value=""Any""/>
<item value=""BeginsWith""/>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equal""/>
<item value=""GeoMatch""/>
<item value=""GreaterThan""/>
<item value=""GreaterThanOrEqual""/>
<item value=""IPMatch""/>
<item value=""LessThan""/>
<item value=""LessThanOrEqual""/>
<item value=""RegEx""/>
</enum>
</prop>
<prop type="string" name="selector"/>
<prop type="array<string>" name="transforms">
<item type="string">
<enum>
<item value=""Lowercase""/>
<item value=""RemoveNulls""/>
<item value=""Trim""/>
<item value=""Uppercase""/>
<item value=""UrlDecode""/>
<item value=""UrlEncode""/>
</enum>
</item>
</prop>
</item>
</prop>
<prop type="string" name="name">
<format maxLength="128"/>
</prop>
<prop type="integer" name="priority" required="True"/>
<prop type="integer" name="rateLimitDurationInMinutes">
<format maximum="5" minimum="0"/>
</prop>
<prop type="integer" name="rateLimitThreshold">
<format minimum="0"/>
</prop>
<prop type="string" name="ruleType" required="True">
<enum>
<item value=""MatchRule""/>
<item value=""RateLimitRule""/>
</enum>
</prop>
</item>
</prop>
</prop>
<prop readOnly="True" type="array<object>" name="frontendEndpointLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
<prop type="object" name="managedRules">
<prop type="array<object>" name="managedRuleSets">
<item type="object">
<prop type="array<object>" name="exclusions">
<item type="object" cls="ManagedRuleExclusion_read">
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
</enum>
</prop>
<prop type="string" name="selector" required="True"/>
<prop type="string" name="selectorMatchOperator" required="True">
<enum>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equals""/>
<item value=""EqualsAny""/>
<item value=""StartsWith""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="ruleGroupOverrides">
<item type="object">
<prop type="array<@ManagedRuleExclusion_read>" name="exclusions">
<item type="@ManagedRuleExclusion_read"/>
</prop>
<prop type="string" name="ruleGroupName" required="True"/>
<prop type="array<object>" name="rules">
<item type="object">
<prop type="string" name="action">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<@ManagedRuleExclusion_read>" name="exclusions">
<item type="@ManagedRuleExclusion_read"/>
</prop>
<prop type="string" name="ruleId" required="True"/>
</item>
</prop>
</item>
</prop>
<prop type="string" name="ruleSetAction">
<enum>
<item value=""Block""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="ruleSetType" required="True"/>
<prop type="string" name="ruleSetVersion" required="True"/>
</item>
</prop>
</prop>
<prop type="object" name="policySettings">
<prop type="integer32" name="captchaExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="string" name="customBlockResponseBody">
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</prop>
<prop type="integer" name="customBlockResponseStatusCode"/>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="integer32" name="javascriptChallengeExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="object" name="logScrubbing" clientFlatten="True">
<prop type="array<object>" name="scrubbingRules">
<item type="object">
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
<item value=""RequestIPAddress""/>
<item value=""RequestUri""/>
</enum>
</prop>
<prop type="string" name="selector"/>
<prop type="string" name="selectorMatchOperator" required="True">
<enum>
<item value=""Equals""/>
<item value=""EqualsAny""/>
</enum>
</prop>
<prop type="string" name="state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</item>
</prop>
<prop type="string" name="state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop type="string" name="mode">
<enum>
<item value=""Detection""/>
<item value=""Prevention""/>
</enum>
</prop>
<prop type="string" name="redirectUrl"/>
<prop type="string" name="requestBodyCheck">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="provisioningState"/>
<prop readOnly="True" type="string" name="resourceState">
<enum>
<item value=""Creating""/>
<item value=""Deleting""/>
<item value=""Disabled""/>
<item value=""Disabling""/>
<item value=""Enabled""/>
<item value=""Enabling""/>
</enum>
</prop>
<prop readOnly="True" type="array<object>" name="routingRuleLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
<prop readOnly="True" type="array<object>" name="securityPolicyLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
</prop>
<prop type="object" name="sku">
<prop type="string" name="name">
<enum>
<item value=""Classic_AzureFrontDoor""/>
<item value=""Premium_AzureFrontDoor""/>
<item value=""Standard_AzureFrontDoor""/>
</enum>
</prop>
</prop>
<prop type="object" name="tags">
<additionalProp>
<item type="string"/>
</additionalProp>
</prop>
<prop readOnly="True" type="string" name="type"/>
</schema>
</json>
</body>
</response>
<response statusCode="202">
<body>
<json var="$Instance">
<schema type="@WebApplicationFirewallPolicy_read"/>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="object" ref="$Instance" clientFlatten="True"/>
</command>
<command name="update" version="2025-03-01">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}" version="2025-03-01" swagger="mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0wMy0wMQ=="/>
<argGroup name="">
<arg type="string" var="$Path.policyName" options="policy-name name n" required="True" idPart="name">
<help short="The name of the Web Application Firewall Policy."/>
<format maxLength="128"/>
</arg>
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
</argGroup>
<argGroup name="Parameters">
<arg nullable="True" type="string" var="$parameters.etag" options="etag" group="Parameters">
<help short="Gets a unique read-only string that changes whenever the resource is updated."/>
</arg>
<arg nullable="True" type="ResourceLocation" var="$parameters.location" options="location l" group="Parameters">
<help short="Resource location."/>
</arg>
<arg nullable="True" type="object" var="$parameters.tags" options="tags" group="Parameters">
<help short="Resource tags."/>
<additionalProp>
<item nullable="True" type="string"/>
</additionalProp>
</arg>
</argGroup>
<argGroup name="PolicySettings">
<arg nullable="True" type="integer32" var="$parameters.properties.policySettings.captchaExpirationInMinutes" options="captcha-expiration-in-minutes" group="PolicySettings">
<help short="Defines the Captcha cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30."/>
<format maximum="1440" minimum="5"/>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.customBlockResponseBody" options="custom-block-response-body" group="PolicySettings">
<help short="If the action type is block, customer can override the response body. The body must be specified in base64 encoding."/>
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</arg>
<arg nullable="True" type="integer" var="$parameters.properties.policySettings.customBlockResponseStatusCode" options="custom-block-response-status-code" group="PolicySettings">
<help short="If the action type is block, customer can override the response status code."/>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.enabledState" options="enabled-state" group="PolicySettings">
<help short="Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
<arg nullable="True" type="integer32" var="$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes" options="javascript-challenge-expiration-in-minutes js-expiration" group="PolicySettings">
<help short="Defines the JavaScript challenge cookie validity lifetime in minutes. Value must be an integer between 5 and 1440 with the default value being 30."/>
<format maximum="1440" minimum="5"/>
</arg>
<arg nullable="True" type="object" var="$parameters.properties.policySettings.logScrubbing" options="log-scrubbing" group="PolicySettings">
<help short="Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null"/>
<arg nullable="True" type="array<object>" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules" options="scrubbing-rules">
<help short="List of log scrubbing rules applied to the Web Application Firewall logs."/>
<item nullable="True" type="object">
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable" options="match-variable">
<help short="The variable to be scrubbed from the logs."/>
<enum>
<item name="QueryStringArgNames" value=""QueryStringArgNames""/>
<item name="RequestBodyJsonArgNames" value=""RequestBodyJsonArgNames""/>
<item name="RequestBodyPostArgNames" value=""RequestBodyPostArgNames""/>
<item name="RequestCookieNames" value=""RequestCookieNames""/>
<item name="RequestHeaderNames" value=""RequestHeaderNames""/>
<item name="RequestIPAddress" value=""RequestIPAddress""/>
<item name="RequestUri" value=""RequestUri""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector" options="selector">
<help short="When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to."/>
</arg>
<arg type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator" options="selector-match-operator">
<help short="When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to."/>
<enum>
<item name="Equals" value=""Equals""/>
<item name="EqualsAny" value=""EqualsAny""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state" options="state">
<help short="Defines the state of a log scrubbing rule. Default value is enabled."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
</item>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.logScrubbing.state" options="state">
<help short="State of the log scrubbing config. Default value is Enabled."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.mode" options="mode" group="PolicySettings">
<help short="Describes if it is in detection mode or prevention mode at policy level."/>
<enum>
<item name="Detection" value=""Detection""/>
<item name="Prevention" value=""Prevention""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.redirectUrl" options="redirect-url" group="PolicySettings">
<help short="If action type is redirect, this field represents redirect URL for the client."/>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.policySettings.requestBodyCheck" options="request-body-check" group="PolicySettings">
<help short="Describes if policy managed rules will inspect the request body content."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
</argGroup>
<argGroup name="Properties">
<arg nullable="True" type="object" var="$parameters.properties.customRules" options="custom-rules" group="Properties">
<help short="Describes custom rules inside the policy."/>
<arg nullable="True" type="array<object>" var="$parameters.properties.customRules.rules" options="rules">
<help short="List of rules"/>
<item nullable="True" type="object">
<arg type="string" var="$parameters.properties.customRules.rules[].action" options="action">
<help short="Describes what action to be applied when rule matches."/>
<enum>
<item name="Allow" value=""Allow""/>
<item name="AnomalyScoring" value=""AnomalyScoring""/>
<item name="Block" value=""Block""/>
<item name="CAPTCHA" value=""CAPTCHA""/>
<item name="JSChallenge" value=""JSChallenge""/>
<item name="Log" value=""Log""/>
<item name="Redirect" value=""Redirect""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.customRules.rules[].enabledState" options="enabled-state">
<help short="Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
<arg nullable="True" type="array<object>" var="$parameters.properties.customRules.rules[].groupBy" options="group-by">
<help short="Describes the list of variables to group the rate limit requests"/>
<item nullable="True" type="object">
<arg type="string" var="$parameters.properties.customRules.rules[].groupBy[].variableName" options="variable-name">
<help short="Describes the supported variable for group by"/>
<enum>
<item name="GeoLocation" value=""GeoLocation""/>
<item name="None" value=""None""/>
<item name="SocketAddr" value=""SocketAddr""/>
</enum>
</arg>
</item>
</arg>
<arg type="array<object>" var="$parameters.properties.customRules.rules[].matchConditions" options="match-conditions">
<help short="List of match conditions."/>
<item nullable="True" type="object">
<arg type="array<string>" var="$parameters.properties.customRules.rules[].matchConditions[].matchValue" options="match-value">
<help short="List of possible match values."/>
<item nullable="True" type="string"/>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].matchConditions[].matchVariable" options="match-variable">
<help short="Request variable to compare with."/>
<enum>
<item name="Cookies" value=""Cookies""/>
<item name="PostArgs" value=""PostArgs""/>
<item name="QueryString" value=""QueryString""/>
<item name="RemoteAddr" value=""RemoteAddr""/>
<item name="RequestBody" value=""RequestBody""/>
<item name="RequestHeader" value=""RequestHeader""/>
<item name="RequestMethod" value=""RequestMethod""/>
<item name="RequestUri" value=""RequestUri""/>
<item name="SocketAddr" value=""SocketAddr""/>
</enum>
</arg>
<arg nullable="True" type="boolean" var="$parameters.properties.customRules.rules[].matchConditions[].negateCondition" options="negate-condition">
<help short="Describes if the result of this condition should be negated."/>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].matchConditions[].operator" options="operator">
<help short="Comparison type to use for matching with the variable value."/>
<enum>
<item name="Any" value=""Any""/>
<item name="BeginsWith" value=""BeginsWith""/>
<item name="Contains" value=""Contains""/>
<item name="EndsWith" value=""EndsWith""/>
<item name="Equal" value=""Equal""/>
<item name="GeoMatch" value=""GeoMatch""/>
<item name="GreaterThan" value=""GreaterThan""/>
<item name="GreaterThanOrEqual" value=""GreaterThanOrEqual""/>
<item name="IPMatch" value=""IPMatch""/>
<item name="LessThan" value=""LessThan""/>
<item name="LessThanOrEqual" value=""LessThanOrEqual""/>
<item name="RegEx" value=""RegEx""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.customRules.rules[].matchConditions[].selector" options="selector">
<help short="Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null."/>
</arg>
<arg nullable="True" type="array<string>" var="$parameters.properties.customRules.rules[].matchConditions[].transforms" options="transforms">
<help short="List of transforms."/>
<item nullable="True" type="string">
<enum>
<item name="Lowercase" value=""Lowercase""/>
<item name="RemoveNulls" value=""RemoveNulls""/>
<item name="Trim" value=""Trim""/>
<item name="Uppercase" value=""Uppercase""/>
<item name="UrlDecode" value=""UrlDecode""/>
<item name="UrlEncode" value=""UrlEncode""/>
</enum>
</item>
</arg>
</item>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.customRules.rules[].name" options="name">
<help short="Describes the name of the rule."/>
<format maxLength="128"/>
</arg>
<arg type="integer" var="$parameters.properties.customRules.rules[].priority" options="priority">
<help short="Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value."/>
</arg>
<arg nullable="True" type="integer" var="$parameters.properties.customRules.rules[].rateLimitDurationInMinutes" options="rate-limit-duration-in-minutes">
<help short="Time window for resetting the rate limit count. Default is 1 minute."/>
<format maximum="5" minimum="0"/>
</arg>
<arg nullable="True" type="integer" var="$parameters.properties.customRules.rules[].rateLimitThreshold" options="rate-limit-threshold">
<help short="Number of allowed requests per client within the time window."/>
<format minimum="0"/>
</arg>
<arg type="string" var="$parameters.properties.customRules.rules[].ruleType" options="rule-type">
<help short="Describes type of rule."/>
<enum>
<item name="MatchRule" value=""MatchRule""/>
<item name="RateLimitRule" value=""RateLimitRule""/>
</enum>
</arg>
</item>
</arg>
</arg>
<arg nullable="True" type="object" var="$parameters.properties.managedRules" options="managed-rules" group="Properties">
<help short="Describes managed rules inside the policy."/>
<arg nullable="True" type="array<object>" var="$parameters.properties.managedRules.managedRuleSets" options="managed-rule-sets">
<help short="List of rule sets."/>
<item nullable="True" type="object">
<arg nullable="True" type="array<object>" var="$parameters.properties.managedRules.managedRuleSets[].exclusions" options="exclusions">
<help short="Describes the exclusions that are applied to all rules in the set."/>
<item nullable="True" type="object" cls="ManagedRuleExclusion_update">
<arg type="string" var="@ManagedRuleExclusion_update.matchVariable" options="match-variable">
<help short="The variable type to be excluded."/>
<enum>
<item name="QueryStringArgNames" value=""QueryStringArgNames""/>
<item name="RequestBodyJsonArgNames" value=""RequestBodyJsonArgNames""/>
<item name="RequestBodyPostArgNames" value=""RequestBodyPostArgNames""/>
<item name="RequestCookieNames" value=""RequestCookieNames""/>
<item name="RequestHeaderNames" value=""RequestHeaderNames""/>
</enum>
</arg>
<arg type="string" var="@ManagedRuleExclusion_update.selector" options="selector">
<help short="Selector value for which elements in the collection this exclusion applies to."/>
</arg>
<arg type="string" var="@ManagedRuleExclusion_update.selectorMatchOperator" options="selector-match-operator">
<help short="Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to."/>
<enum>
<item name="Contains" value=""Contains""/>
<item name="EndsWith" value=""EndsWith""/>
<item name="Equals" value=""Equals""/>
<item name="EqualsAny" value=""EqualsAny""/>
<item name="StartsWith" value=""StartsWith""/>
</enum>
</arg>
</item>
</arg>
<arg nullable="True" type="array<object>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides" options="rule-group-overrides">
<help short="Defines the rule group overrides to apply to the rule set."/>
<item nullable="True" type="object">
<arg nullable="True" type="array<@ManagedRuleExclusion_update>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions" options="exclusions">
<help short="Describes the exclusions that are applied to all rules in the group."/>
<item nullable="True" type="@ManagedRuleExclusion_update"/>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName" options="rule-group-name">
<help short="Describes the managed rule group to override."/>
</arg>
<arg nullable="True" type="array<object>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules" options="rules">
<help short="List of rules that will be disabled. If none specified, all rules in the group will be disabled."/>
<item nullable="True" type="object">
<arg nullable="True" type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action" options="action">
<help short="Describes the override action to be applied when rule matches."/>
<enum>
<item name="Allow" value=""Allow""/>
<item name="AnomalyScoring" value=""AnomalyScoring""/>
<item name="Block" value=""Block""/>
<item name="CAPTCHA" value=""CAPTCHA""/>
<item name="JSChallenge" value=""JSChallenge""/>
<item name="Log" value=""Log""/>
<item name="Redirect" value=""Redirect""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState" options="enabled-state">
<help short="Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified."/>
<enum>
<item name="Disabled" value=""Disabled""/>
<item name="Enabled" value=""Enabled""/>
</enum>
</arg>
<arg nullable="True" type="array<@ManagedRuleExclusion_update>" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions" options="exclusions">
<help short="Describes the exclusions that are applied to this specific rule."/>
<item nullable="True" type="@ManagedRuleExclusion_update"/>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId" options="rule-id">
<help short="Identifier for the managed rule."/>
</arg>
</item>
</arg>
</item>
</arg>
<arg nullable="True" type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleSetAction" options="rule-set-action">
<help short="Defines the rule set action."/>
<enum>
<item name="Block" value=""Block""/>
<item name="Log" value=""Log""/>
<item name="Redirect" value=""Redirect""/>
</enum>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleSetType" options="rule-set-type">
<help short="Defines the rule set type to use."/>
</arg>
<arg type="string" var="$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion" options="rule-set-version">
<help short="Defines the version of the rule set to use."/>
</arg>
</item>
</arg>
</arg>
</argGroup>
<argGroup name="Sku">
<arg nullable="True" type="string" var="$parameters.sku.name" options="sku" group="Sku">
<help short="Name of the pricing tier."/>
<enum>
<item name="Classic_AzureFrontDoor" value=""Classic_AzureFrontDoor""/>
<item name="Premium_AzureFrontDoor" value=""Premium_AzureFrontDoor""/>
<item name="Standard_AzureFrontDoor" value=""Standard_AzureFrontDoor""/>
</enum>
</arg>
</argGroup>
<operation operationId="Policies_Get">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}">
<request method="get">
<path>
<param type="string" name="policyName" arg="$Path.policyName" required="True">
<format maxLength="128"/>
</param>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format pattern="^[a-zA-Z0-9_\-\(\)\.]*[^\.]$" maxLength="80" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"/>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2025-03-01""/>
</const>
</query>
</request>
<response statusCode="200">
<body>
<json var="$Instance">
<schema type="object" cls="WebApplicationFirewallPolicy_read">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"/>
</prop>
<prop type="ResourceLocation" name="location"/>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="object" name="customRules">
<prop type="array<object>" name="rules">
<item type="object">
<prop type="string" name="action" required="True">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<object>" name="groupBy">
<item type="object">
<prop type="string" name="variableName" required="True">
<enum>
<item value=""GeoLocation""/>
<item value=""None""/>
<item value=""SocketAddr""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="matchConditions" required="True">
<item type="object">
<prop type="array<string>" name="matchValue" required="True">
<item type="string"/>
</prop>
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""Cookies""/>
<item value=""PostArgs""/>
<item value=""QueryString""/>
<item value=""RemoteAddr""/>
<item value=""RequestBody""/>
<item value=""RequestHeader""/>
<item value=""RequestMethod""/>
<item value=""RequestUri""/>
<item value=""SocketAddr""/>
</enum>
</prop>
<prop type="boolean" name="negateCondition"/>
<prop type="string" name="operator" required="True">
<enum>
<item value=""Any""/>
<item value=""BeginsWith""/>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equal""/>
<item value=""GeoMatch""/>
<item value=""GreaterThan""/>
<item value=""GreaterThanOrEqual""/>
<item value=""IPMatch""/>
<item value=""LessThan""/>
<item value=""LessThanOrEqual""/>
<item value=""RegEx""/>
</enum>
</prop>
<prop type="string" name="selector"/>
<prop type="array<string>" name="transforms">
<item type="string">
<enum>
<item value=""Lowercase""/>
<item value=""RemoveNulls""/>
<item value=""Trim""/>
<item value=""Uppercase""/>
<item value=""UrlDecode""/>
<item value=""UrlEncode""/>
</enum>
</item>
</prop>
</item>
</prop>
<prop type="string" name="name">
<format maxLength="128"/>
</prop>
<prop type="integer" name="priority" required="True"/>
<prop type="integer" name="rateLimitDurationInMinutes">
<format maximum="5" minimum="0"/>
</prop>
<prop type="integer" name="rateLimitThreshold">
<format minimum="0"/>
</prop>
<prop type="string" name="ruleType" required="True">
<enum>
<item value=""MatchRule""/>
<item value=""RateLimitRule""/>
</enum>
</prop>
</item>
</prop>
</prop>
<prop readOnly="True" type="array<object>" name="frontendEndpointLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
<prop type="object" name="managedRules">
<prop type="array<object>" name="managedRuleSets">
<item type="object">
<prop type="array<object>" name="exclusions">
<item type="object" cls="ManagedRuleExclusion_read">
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
</enum>
</prop>
<prop type="string" name="selector" required="True"/>
<prop type="string" name="selectorMatchOperator" required="True">
<enum>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equals""/>
<item value=""EqualsAny""/>
<item value=""StartsWith""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="ruleGroupOverrides">
<item type="object">
<prop type="array<@ManagedRuleExclusion_read>" name="exclusions">
<item type="@ManagedRuleExclusion_read"/>
</prop>
<prop type="string" name="ruleGroupName" required="True"/>
<prop type="array<object>" name="rules">
<item type="object">
<prop type="string" name="action">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<@ManagedRuleExclusion_read>" name="exclusions">
<item type="@ManagedRuleExclusion_read"/>
</prop>
<prop type="string" name="ruleId" required="True"/>
</item>
</prop>
</item>
</prop>
<prop type="string" name="ruleSetAction">
<enum>
<item value=""Block""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="ruleSetType" required="True"/>
<prop type="string" name="ruleSetVersion" required="True"/>
</item>
</prop>
</prop>
<prop type="object" name="policySettings">
<prop type="integer32" name="captchaExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="string" name="customBlockResponseBody">
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</prop>
<prop type="integer" name="customBlockResponseStatusCode"/>
<prop type="string" name="enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="integer32" name="javascriptChallengeExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="object" name="logScrubbing" clientFlatten="True">
<prop type="array<object>" name="scrubbingRules">
<item type="object">
<prop type="string" name="matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
<item value=""RequestIPAddress""/>
<item value=""RequestUri""/>
</enum>
</prop>
<prop type="string" name="selector"/>
<prop type="string" name="selectorMatchOperator" required="True">
<enum>
<item value=""Equals""/>
<item value=""EqualsAny""/>
</enum>
</prop>
<prop type="string" name="state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</item>
</prop>
<prop type="string" name="state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop type="string" name="mode">
<enum>
<item value=""Detection""/>
<item value=""Prevention""/>
</enum>
</prop>
<prop type="string" name="redirectUrl"/>
<prop type="string" name="requestBodyCheck">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="provisioningState"/>
<prop readOnly="True" type="string" name="resourceState">
<enum>
<item value=""Creating""/>
<item value=""Deleting""/>
<item value=""Disabled""/>
<item value=""Disabling""/>
<item value=""Enabled""/>
<item value=""Enabling""/>
</enum>
</prop>
<prop readOnly="True" type="array<object>" name="routingRuleLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
<prop readOnly="True" type="array<object>" name="securityPolicyLinks">
<item readOnly="True" type="object">
<prop type="string" name="id"/>
</item>
</prop>
</prop>
<prop type="object" name="sku">
<prop type="string" name="name">
<enum>
<item value=""Classic_AzureFrontDoor""/>
<item value=""Premium_AzureFrontDoor""/>
<item value=""Standard_AzureFrontDoor""/>
</enum>
</prop>
</prop>
<prop type="object" name="tags">
<additionalProp>
<item type="string"/>
</additionalProp>
</prop>
<prop readOnly="True" type="string" name="type"/>
</schema>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<operation>
<instanceUpdate ref="$Instance">
<json>
<schema type="object" name="parameters" required="True" clientFlatten="True">
<prop type="string" name="etag" arg="$parameters.etag"/>
<prop type="ResourceLocation" name="location" arg="$parameters.location"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="object" name="customRules" arg="$parameters.properties.customRules">
<prop type="array<object>" name="rules" arg="$parameters.properties.customRules.rules">
<item type="object">
<prop type="string" name="action" arg="$parameters.properties.customRules.rules[].action" required="True">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState" arg="$parameters.properties.customRules.rules[].enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<object>" name="groupBy" arg="$parameters.properties.customRules.rules[].groupBy">
<item type="object">
<prop type="string" name="variableName" arg="$parameters.properties.customRules.rules[].groupBy[].variableName" required="True">
<enum>
<item value=""GeoLocation""/>
<item value=""None""/>
<item value=""SocketAddr""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="matchConditions" arg="$parameters.properties.customRules.rules[].matchConditions" required="True">
<item type="object">
<prop type="array<string>" name="matchValue" arg="$parameters.properties.customRules.rules[].matchConditions[].matchValue" required="True">
<item type="string"/>
</prop>
<prop type="string" name="matchVariable" arg="$parameters.properties.customRules.rules[].matchConditions[].matchVariable" required="True">
<enum>
<item value=""Cookies""/>
<item value=""PostArgs""/>
<item value=""QueryString""/>
<item value=""RemoteAddr""/>
<item value=""RequestBody""/>
<item value=""RequestHeader""/>
<item value=""RequestMethod""/>
<item value=""RequestUri""/>
<item value=""SocketAddr""/>
</enum>
</prop>
<prop type="boolean" name="negateCondition" arg="$parameters.properties.customRules.rules[].matchConditions[].negateCondition"/>
<prop type="string" name="operator" arg="$parameters.properties.customRules.rules[].matchConditions[].operator" required="True">
<enum>
<item value=""Any""/>
<item value=""BeginsWith""/>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equal""/>
<item value=""GeoMatch""/>
<item value=""GreaterThan""/>
<item value=""GreaterThanOrEqual""/>
<item value=""IPMatch""/>
<item value=""LessThan""/>
<item value=""LessThanOrEqual""/>
<item value=""RegEx""/>
</enum>
</prop>
<prop type="string" name="selector" arg="$parameters.properties.customRules.rules[].matchConditions[].selector"/>
<prop type="array<string>" name="transforms" arg="$parameters.properties.customRules.rules[].matchConditions[].transforms">
<item type="string">
<enum>
<item value=""Lowercase""/>
<item value=""RemoveNulls""/>
<item value=""Trim""/>
<item value=""Uppercase""/>
<item value=""UrlDecode""/>
<item value=""UrlEncode""/>
</enum>
</item>
</prop>
</item>
</prop>
<prop type="string" name="name" arg="$parameters.properties.customRules.rules[].name">
<format maxLength="128"/>
</prop>
<prop type="integer" name="priority" arg="$parameters.properties.customRules.rules[].priority" required="True"/>
<prop type="integer" name="rateLimitDurationInMinutes" arg="$parameters.properties.customRules.rules[].rateLimitDurationInMinutes">
<format maximum="5" minimum="0"/>
</prop>
<prop type="integer" name="rateLimitThreshold" arg="$parameters.properties.customRules.rules[].rateLimitThreshold">
<format minimum="0"/>
</prop>
<prop type="string" name="ruleType" arg="$parameters.properties.customRules.rules[].ruleType" required="True">
<enum>
<item value=""MatchRule""/>
<item value=""RateLimitRule""/>
</enum>
</prop>
</item>
</prop>
</prop>
<prop type="object" name="managedRules" arg="$parameters.properties.managedRules">
<prop type="array<object>" name="managedRuleSets" arg="$parameters.properties.managedRules.managedRuleSets">
<item type="object">
<prop type="array<object>" name="exclusions" arg="$parameters.properties.managedRules.managedRuleSets[].exclusions">
<item type="object" cls="ManagedRuleExclusion_update">
<prop type="string" name="matchVariable" arg="@ManagedRuleExclusion_update.matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
</enum>
</prop>
<prop type="string" name="selector" arg="@ManagedRuleExclusion_update.selector" required="True"/>
<prop type="string" name="selectorMatchOperator" arg="@ManagedRuleExclusion_update.selectorMatchOperator" required="True">
<enum>
<item value=""Contains""/>
<item value=""EndsWith""/>
<item value=""Equals""/>
<item value=""EqualsAny""/>
<item value=""StartsWith""/>
</enum>
</prop>
</item>
</prop>
<prop type="array<object>" name="ruleGroupOverrides" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides">
<item type="object">
<prop type="array<@ManagedRuleExclusion_update>" name="exclusions" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions">
<item type="@ManagedRuleExclusion_update"/>
</prop>
<prop type="string" name="ruleGroupName" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName" required="True"/>
<prop type="array<object>" name="rules" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules">
<item type="object">
<prop type="string" name="action" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action">
<enum>
<item value=""Allow""/>
<item value=""AnomalyScoring""/>
<item value=""Block""/>
<item value=""CAPTCHA""/>
<item value=""JSChallenge""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="enabledState" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="array<@ManagedRuleExclusion_update>" name="exclusions" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions">
<item type="@ManagedRuleExclusion_update"/>
</prop>
<prop type="string" name="ruleId" arg="$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId" required="True"/>
</item>
</prop>
</item>
</prop>
<prop type="string" name="ruleSetAction" arg="$parameters.properties.managedRules.managedRuleSets[].ruleSetAction">
<enum>
<item value=""Block""/>
<item value=""Log""/>
<item value=""Redirect""/>
</enum>
</prop>
<prop type="string" name="ruleSetType" arg="$parameters.properties.managedRules.managedRuleSets[].ruleSetType" required="True"/>
<prop type="string" name="ruleSetVersion" arg="$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion" required="True"/>
</item>
</prop>
</prop>
<prop type="object" name="policySettings">
<prop type="integer32" name="captchaExpirationInMinutes" arg="$parameters.properties.policySettings.captchaExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="string" name="customBlockResponseBody" arg="$parameters.properties.policySettings.customBlockResponseBody">
<format pattern="^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"/>
</prop>
<prop type="integer" name="customBlockResponseStatusCode" arg="$parameters.properties.policySettings.customBlockResponseStatusCode"/>
<prop type="string" name="enabledState" arg="$parameters.properties.policySettings.enabledState">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
<prop type="integer32" name="javascriptChallengeExpirationInMinutes" arg="$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes">
<format maximum="1440" minimum="5"/>
</prop>
<prop type="object" name="logScrubbing" arg="$parameters.properties.policySettings.logScrubbing" clientFlatten="True">
<prop type="array<object>" name="scrubbingRules" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules">
<item type="object">
<prop type="string" name="matchVariable" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable" required="True">
<enum>
<item value=""QueryStringArgNames""/>
<item value=""RequestBodyJsonArgNames""/>
<item value=""RequestBodyPostArgNames""/>
<item value=""RequestCookieNames""/>
<item value=""RequestHeaderNames""/>
<item value=""RequestIPAddress""/>
<item value=""RequestUri""/>
</enum>
</prop>
<prop type="string" name="selector" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector"/>
<prop type="string" name="selectorMatchOperator" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator" required="True">
<enum>
<item value=""Equals""/>
<item value=""EqualsAny""/>
</enum>
</prop>
<prop type="string" name="state" arg="$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</item>
</prop>
<prop type="string" name="state" arg="$parameters.properties.policySettings.logScrubbing.state">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
<prop type="string" name="mode" arg="$parameters.properties.policySettings.mode">
<enum>
<item value=""Detection""/>
<item value=""Prevention""/>
</enum>
</prop>
<prop type="string" name="redirectUrl" arg="$parameters.properties.policySettings.redirectUrl"/>
<prop type="string" name="requestBodyCheck" arg="$parameters.properties.policySettings.requestBodyCheck">
<enum>
<item value=""Disabled""/>
<item value=""Enabled""/>
</enum>
</prop>
</prop>
</prop>
<prop type="object" name="sku">
<prop type="string" name="name" arg="$parameters.sku.name">
<enum>
<item value=""Classic_AzureFrontDoor""/>
<item value=""Premium_AzureFrontDoor""/>
<item value=""Standard_AzureFrontDoor""/>
</enum>
</prop>
</prop>
<prop type="object" name="tags" arg="$parameters.tags">
<additionalProp>
<item type="string"/>
</additionalProp>
</prop>
</schema>
</json>
</instanceUpdate>
</operation>
<operation operationId="Policies_CreateOrUpdate">
<longRunning finalStateVia="azure-async-operation"/>
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}">
<request method="put">
<path>
<param type="string" name="policyName" arg="$Path.policyName" required="True">
<format maxLength="128"/>
</param>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format pattern="^[a-zA-Z0-9_\-\(\)\.]*[^\.]$" maxLength="80" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"/>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2025-03-01""/>
</const>
</query>
<body>
<json ref="$Instance"/>
</body>
</request>
<response statusCode="200 201">
<body>
<json var="$Instance">
<schema type="@WebApplicationFirewallPolicy_read"/>
</json>
</body>
</response>
<response statusCode="202">
<body>
<json var="$Instance">
<schema type="@WebApplicationFirewallPolicy_read"/>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="object" ref="$Instance" clientFlatten="True"/>
</command>
</commandGroup>
</CodeGen>