From 36d290cdb900164f8b80b25d4d95dcd26ca00efa Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Mon, 19 Jan 2026 15:17:20 +1100 Subject: [PATCH 1/2] add sub command --- .../managed-rule-definition/_list.md | 16 +++ .../managed-rule-definition/readme.md | 8 ++ .../network/front-door/waf-policy/readme.md | 5 + .../2025-10-01.json | 1 + .../2025-10-01.xml | 98 +++++++++++++++++++ 5 files changed, 128 insertions(+) create mode 100644 Commands/network/front-door/waf-policy/managed-rule-definition/_list.md create mode 100644 Commands/network/front-door/waf-policy/managed-rule-definition/readme.md create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.json create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.xml diff --git a/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md b/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md new file mode 100644 index 000000000..b4cb70af3 --- /dev/null +++ b/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md @@ -0,0 +1,16 @@ +# [Command] _network front-door waf-policy managed-rule-definition list_ + +List all available managed rule sets. + +## Versions + +### [2025-10-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.xml) **Stable** + + + +#### examples + +- List Policies ManagedRuleSets in a Resource Group + ```bash + network front-door waf-policy managed-rule-definition list + ``` diff --git a/Commands/network/front-door/waf-policy/managed-rule-definition/readme.md b/Commands/network/front-door/waf-policy/managed-rule-definition/readme.md new file mode 100644 index 000000000..c1f97a6f1 --- /dev/null +++ b/Commands/network/front-door/waf-policy/managed-rule-definition/readme.md @@ -0,0 +1,8 @@ +# [Group] _network front-door waf-policy managed-rule-definition_ + +Manage Managed Rule Definition + +## Commands + +- [list](/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md) +: List all available managed rule sets. diff --git a/Commands/network/front-door/waf-policy/readme.md b/Commands/network/front-door/waf-policy/readme.md index 86f8cd551..1d5c28189 100644 --- a/Commands/network/front-door/waf-policy/readme.md +++ b/Commands/network/front-door/waf-policy/readme.md @@ -2,6 +2,11 @@ Manage WebApplication Firewall (WAF) policies. +## Subgroups + +- [managed-rule-definition](/Commands/network/front-door/waf-policy/managed-rule-definition/readme.md) +: Manage Managed Rule Definition + ## Commands - [create](/Commands/network/front-door/waf-policy/_create.md) diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.json b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.json new file mode 100644 index 000000000..1d9fdc7a4 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.json @@ -0,0 +1 @@ +{"plane": "mgmt-plane", "resources": [{"id": "/subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets", "version": "2025-10-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvRnJvbnREb29yV2ViQXBwbGljYXRpb25GaXJld2FsbE1hbmFnZWRSdWxlU2V0cw==/V/MjAyNS0xMC0wMQ=="}], "commandGroups": [{"name": "network front-door waf-policy managed-rule-definition", "commands": [{"name": "list", "version": "2025-10-01", "resources": [{"id": "/subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets", "version": "2025-10-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvRnJvbnREb29yV2ViQXBwbGljYXRpb25GaXJld2FsbE1hbmFnZWRSdWxlU2V0cw==/V/MjAyNS0xMC0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}], "operations": [{"operationId": "ManagedRuleSets_List", "http": {"path": "/subscriptions/{subscriptionId}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-10-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "nextLink"}, {"readOnly": true, "type": "array", "name": "value", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "id"}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "array", "name": "ruleGroups", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "description"}, {"readOnly": true, "type": "string", "name": "ruleGroupName"}, {"readOnly": true, "type": "array", "name": "rules", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "defaultAction", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"readOnly": true, "type": "string", "name": "defaultSensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}, {"readOnly": true, "type": "string", "name": "defaultState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"readOnly": true, "type": "string", "name": "description"}, {"readOnly": true, "type": "string", "name": "ruleId"}]}}]}}, {"readOnly": true, "type": "string", "name": "ruleSetId"}, {"readOnly": true, "type": "string", "name": "ruleSetType"}, {"readOnly": true, "type": "string", "name": "ruleSetVersion"}], "clientFlatten": true}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}]}}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "array", "ref": "$Instance.value", "clientFlatten": true, "nextLink": "$Instance.nextLink"}], "confirmation": ""}]}]} \ No newline at end of file diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.xml b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.xml new file mode 100644 index 000000000..64b131be5 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.xml @@ -0,0 +1,98 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 941a695351c6e403e0164ecad02355af4d1b3f6e Mon Sep 17 00:00:00 2001 From: JingnanXu Date: Wed, 21 Jan 2026 14:16:36 +1100 Subject: [PATCH 2/2] add 1101 --- .../network/front-door/waf-policy/_create.md | 11 + .../network/front-door/waf-policy/_delete.md | 11 + .../network/front-door/waf-policy/_list.md | 11 + .../network/front-door/waf-policy/_show.md | 11 + .../network/front-door/waf-policy/_update.md | 18 + .../managed-rule-definition/_list.md | 11 + .../2025-11-01.json | 1 + .../2025-11-01.xml | 98 + .../2025-11-01.json | 1 + .../2025-11-01.xml | 397 +++ .../2025-11-01.json | 1 + .../2025-11-01.xml | 2733 +++++++++++++++++ 12 files changed, 3304 insertions(+) create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.json create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.xml create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.json create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.xml create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.json create mode 100644 Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml diff --git a/Commands/network/front-door/waf-policy/_create.md b/Commands/network/front-door/waf-policy/_create.md index 34f8c4cc8..e6d3302ca 100644 --- a/Commands/network/front-door/waf-policy/_create.md +++ b/Commands/network/front-door/waf-policy/_create.md @@ -22,3 +22,14 @@ Create policy with specified rule set name within a resource group. ```bash network front-door waf-policy create --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor ``` + +### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable** + + + +#### examples + +- Creates specific policy + ```bash + network front-door waf-policy create --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor + ``` diff --git a/Commands/network/front-door/waf-policy/_delete.md b/Commands/network/front-door/waf-policy/_delete.md index 887b3c5a3..26be5414c 100644 --- a/Commands/network/front-door/waf-policy/_delete.md +++ b/Commands/network/front-door/waf-policy/_delete.md @@ -22,3 +22,14 @@ Delete Policy ```bash network front-door waf-policy delete --resource-group rg1 --policy-name Policy1 ``` + +### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable** + + + +#### examples + +- Delete protection policy + ```bash + network front-door waf-policy delete --resource-group rg1 --policy-name Policy1 + ``` diff --git a/Commands/network/front-door/waf-policy/_list.md b/Commands/network/front-door/waf-policy/_list.md index 0ae7e081d..cd839cff3 100644 --- a/Commands/network/front-door/waf-policy/_list.md +++ b/Commands/network/front-door/waf-policy/_list.md @@ -22,3 +22,14 @@ List all of the protection policies within a resource group. ```bash network front-door waf-policy list --resource-group rg1 ``` + +### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.xml) **Stable** + + + +#### examples + +- Get all Policies in a Resource Group + ```bash + network front-door waf-policy list --resource-group rg1 + ``` diff --git a/Commands/network/front-door/waf-policy/_show.md b/Commands/network/front-door/waf-policy/_show.md index 26a3e46a9..00f952b9e 100644 --- a/Commands/network/front-door/waf-policy/_show.md +++ b/Commands/network/front-door/waf-policy/_show.md @@ -22,3 +22,14 @@ Get protection policy with specified name within a resource group. ```bash network front-door waf-policy show --resource-group rg1 --policy-name Policy1 ``` + +### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable** + + + +#### examples + +- Get Policy + ```bash + network front-door waf-policy show --resource-group rg1 --policy-name Policy1 + ``` diff --git a/Commands/network/front-door/waf-policy/_update.md b/Commands/network/front-door/waf-policy/_update.md index 82e2dd4c2..46a92fc4e 100644 --- a/Commands/network/front-door/waf-policy/_update.md +++ b/Commands/network/front-door/waf-policy/_update.md @@ -47,3 +47,21 @@ Update policy with specified rule set name within a resource group. ```bash network front-door waf-policy update --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor ``` + +### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable** + + + +#### examples + +- update log scrubbing + ```bash + network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}" + network front-door waf-policy update -g rg -n n1 --log-scrubbing scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:Equals}" + network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:RequestBodyJsonArgNames,selector-match-operator:EqualsAny}],state:Enabled}" scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:EqualsAny}" + ``` + +- Update specific policy + ```bash + network front-door waf-policy update --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor + ``` diff --git a/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md b/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md index b4cb70af3..f6884e508 100644 --- a/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md +++ b/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md @@ -14,3 +14,14 @@ List all available managed rule sets. ```bash network front-door waf-policy managed-rule-definition list ``` + +### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.xml) **Stable** + + + +#### examples + +- List Policies ManagedRuleSets in a Resource Group + ```bash + network front-door waf-policy managed-rule-definition list + ``` diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.json b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.json new file mode 100644 index 000000000..1ee4ec95c --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.json @@ -0,0 +1 @@ +{"plane": "mgmt-plane", "resources": [{"id": "/subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvRnJvbnREb29yV2ViQXBwbGljYXRpb25GaXJld2FsbE1hbmFnZWRSdWxlU2V0cw==/V/MjAyNS0xMS0wMQ=="}], "commandGroups": [{"name": "network front-door waf-policy managed-rule-definition", "commands": [{"name": "list", "version": "2025-11-01", "resources": [{"id": "/subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvRnJvbnREb29yV2ViQXBwbGljYXRpb25GaXJld2FsbE1hbmFnZWRSdWxlU2V0cw==/V/MjAyNS0xMS0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}], "operations": [{"operationId": "ManagedRuleSets_List", "http": {"path": "/subscriptions/{subscriptionId}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "nextLink"}, {"readOnly": true, "type": "array", "name": "value", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "id"}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "array", "name": "ruleGroups", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "description"}, {"readOnly": true, "type": "string", "name": "ruleGroupName"}, {"readOnly": true, "type": "array", "name": "rules", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "defaultAction", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"readOnly": true, "type": "string", "name": "defaultSensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}, {"readOnly": true, "type": "string", "name": "defaultState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"readOnly": true, "type": "string", "name": "description"}, {"readOnly": true, "type": "string", "name": "ruleId"}]}}]}}, {"readOnly": true, "type": "string", "name": "ruleSetId"}, {"readOnly": true, "type": "string", "name": "ruleSetType"}, {"readOnly": true, "type": "string", "name": "ruleSetVersion"}], "clientFlatten": true}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}]}}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "array", "ref": "$Instance.value", "clientFlatten": true, "nextLink": "$Instance.nextLink"}], "confirmation": ""}]}]} \ No newline at end of file diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.xml b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.xml new file mode 100644 index 000000000..de3706d47 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.xml @@ -0,0 +1,98 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.json b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.json new file mode 100644 index 000000000..e2e3e4a23 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.json @@ -0,0 +1 @@ +{"plane": "mgmt-plane", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9mcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXM=/V/MjAyNS0xMS0wMQ=="}], "commandGroups": [{"name": "network front-door waf-policy", "commands": [{"name": "list", "version": "2025-11-01", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9mcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXM=/V/MjAyNS0xMS0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "ResourceGroupName", "var": "$Path.resourceGroupName", "options": ["g", "resource-group"], "required": true, "idPart": "resource_group"}, {"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}], "operations": [{"operationId": "Policies_List", "http": {"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "resourceGroupName", "arg": "$Path.resourceGroupName", "required": true, "format": {"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", "maxLength": 80, "minLength": 1}}, {"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "nextLink"}, {"readOnly": true, "type": "array", "name": "value", "item": {"type": "object", "props": [{"type": "string", "name": "etag"}, {"readOnly": true, "type": "ResourceId", "name": "id", "format": {"template": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"}}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"type": "object", "name": "customRules", "props": [{"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "required": true, "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array", "name": "groupBy", "item": {"type": "object", "props": [{"type": "string", "name": "variableName", "required": true, "enum": {"items": [{"value": "GeoLocation"}, {"value": "None"}, {"value": "SocketAddr"}]}}]}}, {"type": "array", "name": "matchConditions", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "matchValue", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "Cookies"}, {"value": "JA4"}, {"value": "PostArgs"}, {"value": "QueryString"}, {"value": "RemoteAddr"}, {"value": "RequestBody"}, {"value": "RequestHeader"}, {"value": "RequestMethod"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "boolean", "name": "negateCondition"}, {"type": "string", "name": "operator", "required": true, "enum": {"items": [{"value": "Any"}, {"value": "AsnMatch"}, {"value": "BeginsWith"}, {"value": "ClientFingerprint"}, {"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equal"}, {"value": "GeoMatch"}, {"value": "GreaterThan"}, {"value": "GreaterThanOrEqual"}, {"value": "IPMatch"}, {"value": "LessThan"}, {"value": "LessThanOrEqual"}, {"value": "RegEx"}, {"value": "ServiceTagMatch"}]}}, {"type": "string", "name": "selector"}, {"type": "array", "name": "transforms", "item": {"type": "string", "enum": {"items": [{"value": "Lowercase"}, {"value": "RemoveNulls"}, {"value": "Trim"}, {"value": "Uppercase"}, {"value": "UrlDecode"}, {"value": "UrlEncode"}]}}}]}}, {"type": "string", "name": "name", "format": {"maxLength": 128}}, {"type": "integer", "name": "priority", "required": true}, {"type": "integer", "name": "rateLimitDurationInMinutes", "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "name": "rateLimitThreshold", "format": {"minimum": 0}}, {"type": "string", "name": "ruleType", "required": true, "enum": {"items": [{"value": "MatchRule"}, {"value": "RateLimitRule"}]}}]}}]}, {"readOnly": true, "type": "array", "name": "frontendEndpointLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"type": "object", "name": "managedRules", "props": [{"type": "object", "name": "exceptionsList", "props": [{"type": "array", "name": "exceptions", "item": {"type": "object", "props": [{"type": "array", "name": "matchValues", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "RequestHeaderNames"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "array", "name": "scopes", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "ruleGroupScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "ruleScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleId", "required": true}]}}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "enum": {"items": [{"value": "Equals"}]}}, {"type": "string", "name": "valueMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "IPMatch"}, {"value": "StartsWith"}]}}]}}]}, {"type": "array", "name": "managedRuleSets", "item": {"type": "object", "props": [{"type": "array", "name": "exclusions", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}]}}, {"type": "string", "name": "selector", "required": true}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_read"}}, {"type": "array", "name": "ruleGroupOverrides", "item": {"type": "object", "props": [{"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleId", "required": true}, {"type": "string", "name": "sensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}]}}]}}, {"type": "string", "name": "ruleSetAction", "enum": {"items": [{"value": "Block"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}]}, {"type": "object", "name": "policySettings", "props": [{"type": "integer32", "name": "captchaExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "name": "customBlockResponseBody", "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "name": "customBlockResponseStatusCode"}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "integer32", "name": "javascriptChallengeExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "name": "logScrubbing", "props": [{"type": "array", "name": "scrubbingRules", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}, {"value": "RequestIPAddress"}, {"value": "RequestUri"}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Equals"}, {"value": "EqualsAny"}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}], "clientFlatten": true}, {"type": "string", "name": "mode", "enum": {"items": [{"value": "Detection"}, {"value": "Prevention"}]}}, {"type": "string", "name": "redirectUrl"}, {"type": "string", "name": "requestBodyCheck", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}, {"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "string", "name": "resourceState", "enum": {"items": [{"value": "Creating"}, {"value": "Deleting"}, {"value": "Disabled"}, {"value": "Disabling"}, {"value": "Enabled"}, {"value": "Enabling"}]}}, {"readOnly": true, "type": "array", "name": "routingRuleLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"readOnly": true, "type": "array", "name": "securityPolicyLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}], "clientFlatten": true}, {"type": "object", "name": "sku", "props": [{"type": "string", "name": "name", "enum": {"items": [{"value": "Classic_AzureFrontDoor"}, {"value": "Premium_AzureFrontDoor"}, {"value": "Standard_AzureFrontDoor"}]}}]}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}]}}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "array", "ref": "$Instance.value", "clientFlatten": true, "nextLink": "$Instance.nextLink"}]}]}]} \ No newline at end of file diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.xml b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.xml new file mode 100644 index 000000000..252967901 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.xml @@ -0,0 +1,397 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.json b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.json new file mode 100644 index 000000000..a28b60124 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.json @@ -0,0 +1 @@ +{"plane": "mgmt-plane", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0xMS0wMQ=="}], "commandGroups": [{"name": "network front-door waf-policy", "commands": [{"name": "show", "version": "2025-11-01", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0xMS0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "string", "var": "$Path.policyName", "options": ["n", "name", "policy-name"], "required": true, "idPart": "name", "help": {"short": "The name of the Web Application Firewall Policy."}, "format": {"maxLength": 128}}, {"type": "ResourceGroupName", "var": "$Path.resourceGroupName", "options": ["g", "resource-group"], "required": true, "idPart": "resource_group"}, {"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}], "operations": [{"operationId": "Policies_Get", "http": {"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "policyName", "arg": "$Path.policyName", "required": true, "format": {"maxLength": 128}}, {"type": "string", "name": "resourceGroupName", "arg": "$Path.resourceGroupName", "required": true, "format": {"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", "maxLength": 80, "minLength": 1}}, {"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "etag"}, {"readOnly": true, "type": "ResourceId", "name": "id", "format": {"template": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"}}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"type": "object", "name": "customRules", "props": [{"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "required": true, "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array", "name": "groupBy", "item": {"type": "object", "props": [{"type": "string", "name": "variableName", "required": true, "enum": {"items": [{"value": "GeoLocation"}, {"value": "None"}, {"value": "SocketAddr"}]}}]}}, {"type": "array", "name": "matchConditions", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "matchValue", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "Cookies"}, {"value": "JA4"}, {"value": "PostArgs"}, {"value": "QueryString"}, {"value": "RemoteAddr"}, {"value": "RequestBody"}, {"value": "RequestHeader"}, {"value": "RequestMethod"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "boolean", "name": "negateCondition"}, {"type": "string", "name": "operator", "required": true, "enum": {"items": [{"value": "Any"}, {"value": "AsnMatch"}, {"value": "BeginsWith"}, {"value": "ClientFingerprint"}, {"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equal"}, {"value": "GeoMatch"}, {"value": "GreaterThan"}, {"value": "GreaterThanOrEqual"}, {"value": "IPMatch"}, {"value": "LessThan"}, {"value": "LessThanOrEqual"}, {"value": "RegEx"}, {"value": "ServiceTagMatch"}]}}, {"type": "string", "name": "selector"}, {"type": "array", "name": "transforms", "item": {"type": "string", "enum": {"items": [{"value": "Lowercase"}, {"value": "RemoveNulls"}, {"value": "Trim"}, {"value": "Uppercase"}, {"value": "UrlDecode"}, {"value": "UrlEncode"}]}}}]}}, {"type": "string", "name": "name", "format": {"maxLength": 128}}, {"type": "integer", "name": "priority", "required": true}, {"type": "integer", "name": "rateLimitDurationInMinutes", "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "name": "rateLimitThreshold", "format": {"minimum": 0}}, {"type": "string", "name": "ruleType", "required": true, "enum": {"items": [{"value": "MatchRule"}, {"value": "RateLimitRule"}]}}]}}]}, {"readOnly": true, "type": "array", "name": "frontendEndpointLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"type": "object", "name": "managedRules", "props": [{"type": "object", "name": "exceptionsList", "props": [{"type": "array", "name": "exceptions", "item": {"type": "object", "props": [{"type": "array", "name": "matchValues", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "RequestHeaderNames"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "array", "name": "scopes", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "ruleGroupScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "ruleScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleId", "required": true}]}}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "enum": {"items": [{"value": "Equals"}]}}, {"type": "string", "name": "valueMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "IPMatch"}, {"value": "StartsWith"}]}}]}}]}, {"type": "array", "name": "managedRuleSets", "item": {"type": "object", "props": [{"type": "array", "name": "exclusions", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}]}}, {"type": "string", "name": "selector", "required": true}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_read"}}, {"type": "array", "name": "ruleGroupOverrides", "item": {"type": "object", "props": [{"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleId", "required": true}, {"type": "string", "name": "sensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}]}}]}}, {"type": "string", "name": "ruleSetAction", "enum": {"items": [{"value": "Block"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}]}, {"type": "object", "name": "policySettings", "props": [{"type": "integer32", "name": "captchaExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "name": "customBlockResponseBody", "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "name": "customBlockResponseStatusCode"}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "integer32", "name": "javascriptChallengeExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "name": "logScrubbing", "props": [{"type": "array", "name": "scrubbingRules", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}, {"value": "RequestIPAddress"}, {"value": "RequestUri"}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Equals"}, {"value": "EqualsAny"}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}], "clientFlatten": true}, {"type": "string", "name": "mode", "enum": {"items": [{"value": "Detection"}, {"value": "Prevention"}]}}, {"type": "string", "name": "redirectUrl"}, {"type": "string", "name": "requestBodyCheck", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}, {"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "string", "name": "resourceState", "enum": {"items": [{"value": "Creating"}, {"value": "Deleting"}, {"value": "Disabled"}, {"value": "Disabling"}, {"value": "Enabled"}, {"value": "Enabling"}]}}, {"readOnly": true, "type": "array", "name": "routingRuleLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"readOnly": true, "type": "array", "name": "securityPolicyLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}], "clientFlatten": true}, {"type": "object", "name": "sku", "props": [{"type": "string", "name": "name", "enum": {"items": [{"value": "Classic_AzureFrontDoor"}, {"value": "Premium_AzureFrontDoor"}, {"value": "Standard_AzureFrontDoor"}]}}]}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "object", "ref": "$Instance", "clientFlatten": true}]}, {"name": "delete", "version": "2025-11-01", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0xMS0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "string", "var": "$Path.policyName", "options": ["n", "name", "policy-name"], "required": true, "idPart": "name", "help": {"short": "The name of the Web Application Firewall Policy."}, "format": {"maxLength": 128}}, {"type": "ResourceGroupName", "var": "$Path.resourceGroupName", "options": ["g", "resource-group"], "required": true, "idPart": "resource_group"}, {"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}], "operations": [{"longRunning": {"finalStateVia": "azure-async-operation"}, "operationId": "Policies_Delete", "http": {"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", "request": {"method": "delete", "path": {"params": [{"type": "string", "name": "policyName", "arg": "$Path.policyName", "required": true, "format": {"maxLength": 128}}, {"type": "string", "name": "resourceGroupName", "arg": "$Path.resourceGroupName", "required": true, "format": {"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", "maxLength": 80, "minLength": 1}}, {"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200]}, {"statusCode": [202]}, {"statusCode": [204]}, {"isError": true, "body": {"json": {"schema": {"type": "@MgmtErrorFormat"}}}}]}}], "confirmation": ""}, {"name": "create", "version": "2025-11-01", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0xMS0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "string", "var": "$Path.policyName", "options": ["n", "name", "policy-name"], "required": true, "idPart": "name", "help": {"short": "The name of the Web Application Firewall Policy."}, "format": {"maxLength": 128}}, {"type": "ResourceGroupName", "var": "$Path.resourceGroupName", "options": ["g", "resource-group"], "required": true, "idPart": "resource_group"}, {"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}, {"name": "Parameters", "args": [{"type": "string", "var": "$parameters.etag", "options": ["etag"], "group": "Parameters", "help": {"short": "Gets a unique read-only string that changes whenever the resource is updated."}}, {"type": "ResourceLocation", "var": "$parameters.location", "options": ["l", "location"], "group": "Parameters", "help": {"short": "Resource location."}}, {"type": "object", "var": "$parameters.tags", "options": ["tags"], "group": "Parameters", "help": {"short": "Resource tags."}, "additionalProps": {"item": {"type": "string"}}}]}, {"name": "PolicySettings", "args": [{"type": "integer32", "var": "$parameters.properties.policySettings.captchaExpirationInMinutes", "options": ["captcha-expiration-in-minutes"], "group": "PolicySettings", "help": {"short": "Defines the Captcha cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30."}, "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "var": "$parameters.properties.policySettings.customBlockResponseBody", "options": ["custom-block-response-body"], "group": "PolicySettings", "help": {"short": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding."}, "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "var": "$parameters.properties.policySettings.customBlockResponseStatusCode", "options": ["custom-block-response-status-code"], "group": "PolicySettings", "help": {"short": "If the action type is block, customer can override the response status code."}}, {"type": "string", "var": "$parameters.properties.policySettings.enabledState", "options": ["enabled-state"], "group": "PolicySettings", "help": {"short": "Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}, {"type": "integer32", "var": "$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes", "options": ["js-expiration", "javascript-challenge-expiration-in-minutes"], "group": "PolicySettings", "help": {"short": "Defines the JavaScript challenge cookie validity lifetime in minutes. Value must be an integer between 5 and 1440 with the default value being 30."}, "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "var": "$parameters.properties.policySettings.logScrubbing", "options": ["log-scrubbing"], "group": "PolicySettings", "help": {"short": "Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing \"{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null"}, "args": [{"type": "array", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules", "options": ["scrubbing-rules"], "help": {"short": "List of log scrubbing rules applied to the Web Application Firewall logs."}, "item": {"type": "object", "args": [{"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable", "options": ["match-variable"], "required": true, "help": {"short": "The variable to be scrubbed from the logs."}, "enum": {"items": [{"name": "QueryStringArgNames", "value": "QueryStringArgNames"}, {"name": "RequestBodyJsonArgNames", "value": "RequestBodyJsonArgNames"}, {"name": "RequestBodyPostArgNames", "value": "RequestBodyPostArgNames"}, {"name": "RequestCookieNames", "value": "RequestCookieNames"}, {"name": "RequestHeaderNames", "value": "RequestHeaderNames"}, {"name": "RequestIPAddress", "value": "RequestIPAddress"}, {"name": "RequestUri", "value": "RequestUri"}]}}, {"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector", "options": ["selector"], "help": {"short": "When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to."}}, {"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator", "options": ["selector-match-operator"], "required": true, "help": {"short": "When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to."}, "enum": {"items": [{"name": "Equals", "value": "Equals"}, {"name": "EqualsAny", "value": "EqualsAny"}]}}, {"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state", "options": ["state"], "help": {"short": "Defines the state of a log scrubbing rule. Default value is enabled."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}]}}, {"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.state", "options": ["state"], "help": {"short": "State of the log scrubbing config. Default value is Enabled."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}]}, {"type": "string", "var": "$parameters.properties.policySettings.mode", "options": ["mode"], "group": "PolicySettings", "help": {"short": "Describes if it is in detection mode or prevention mode at policy level."}, "enum": {"items": [{"name": "Detection", "value": "Detection"}, {"name": "Prevention", "value": "Prevention"}]}}, {"type": "string", "var": "$parameters.properties.policySettings.redirectUrl", "options": ["redirect-url"], "group": "PolicySettings", "help": {"short": "If action type is redirect, this field represents redirect URL for the client."}}, {"type": "string", "var": "$parameters.properties.policySettings.requestBodyCheck", "options": ["request-body-check"], "group": "PolicySettings", "help": {"short": "Describes if policy managed rules will inspect the request body content."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}]}, {"name": "Properties", "args": [{"type": "object", "var": "$parameters.properties.customRules", "options": ["custom-rules"], "group": "Properties", "help": {"short": "Describes custom rules inside the policy."}, "args": [{"type": "array", "var": "$parameters.properties.customRules.rules", "options": ["rules"], "help": {"short": "List of rules"}, "item": {"type": "object", "args": [{"type": "string", "var": "$parameters.properties.customRules.rules[].action", "options": ["action"], "required": true, "help": {"short": "Describes what action to be applied when rule matches."}, "enum": {"items": [{"name": "Allow", "value": "Allow"}, {"name": "AnomalyScoring", "value": "AnomalyScoring"}, {"name": "Block", "value": "Block"}, {"name": "CAPTCHA", "value": "CAPTCHA"}, {"name": "JSChallenge", "value": "JSChallenge"}, {"name": "Log", "value": "Log"}, {"name": "Redirect", "value": "Redirect"}]}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].enabledState", "options": ["enabled-state"], "help": {"short": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}, {"type": "array", "var": "$parameters.properties.customRules.rules[].groupBy", "options": ["group-by"], "help": {"short": "Describes the list of variables to group the rate limit requests"}, "item": {"type": "object", "args": [{"type": "string", "var": "$parameters.properties.customRules.rules[].groupBy[].variableName", "options": ["variable-name"], "required": true, "help": {"short": "Describes the supported variable for group by"}, "enum": {"items": [{"name": "GeoLocation", "value": "GeoLocation"}, {"name": "None", "value": "None"}, {"name": "SocketAddr", "value": "SocketAddr"}]}}]}}, {"type": "array", "var": "$parameters.properties.customRules.rules[].matchConditions", "options": ["match-conditions"], "required": true, "help": {"short": "List of match conditions."}, "item": {"type": "object", "args": [{"type": "array", "var": "$parameters.properties.customRules.rules[].matchConditions[].matchValue", "options": ["match-value"], "required": true, "help": {"short": "List of possible match values."}, "item": {"type": "string"}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].matchConditions[].matchVariable", "options": ["match-variable"], "required": true, "help": {"short": "Request variable to compare with."}, "enum": {"items": [{"name": "Cookies", "value": "Cookies"}, {"name": "JA4", "value": "JA4"}, {"name": "PostArgs", "value": "PostArgs"}, {"name": "QueryString", "value": "QueryString"}, {"name": "RemoteAddr", "value": "RemoteAddr"}, {"name": "RequestBody", "value": "RequestBody"}, {"name": "RequestHeader", "value": "RequestHeader"}, {"name": "RequestMethod", "value": "RequestMethod"}, {"name": "RequestUri", "value": "RequestUri"}, {"name": "SocketAddr", "value": "SocketAddr"}]}}, {"type": "boolean", "var": "$parameters.properties.customRules.rules[].matchConditions[].negateCondition", "options": ["negate-condition"], "help": {"short": "Describes if the result of this condition should be negated."}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].matchConditions[].operator", "options": ["operator"], "required": true, "help": {"short": "Comparison type to use for matching with the variable value."}, "enum": {"items": [{"name": "Any", "value": "Any"}, {"name": "AsnMatch", "value": "AsnMatch"}, {"name": "BeginsWith", "value": "BeginsWith"}, {"name": "ClientFingerprint", "value": "ClientFingerprint"}, {"name": "Contains", "value": "Contains"}, {"name": "EndsWith", "value": "EndsWith"}, {"name": "Equal", "value": "Equal"}, {"name": "GeoMatch", "value": "GeoMatch"}, {"name": "GreaterThan", "value": "GreaterThan"}, {"name": "GreaterThanOrEqual", "value": "GreaterThanOrEqual"}, {"name": "IPMatch", "value": "IPMatch"}, {"name": "LessThan", "value": "LessThan"}, {"name": "LessThanOrEqual", "value": "LessThanOrEqual"}, {"name": "RegEx", "value": "RegEx"}, {"name": "ServiceTagMatch", "value": "ServiceTagMatch"}]}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].matchConditions[].selector", "options": ["selector"], "help": {"short": "Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null."}}, {"type": "array", "var": "$parameters.properties.customRules.rules[].matchConditions[].transforms", "options": ["transforms"], "help": {"short": "List of transforms."}, "item": {"type": "string", "enum": {"items": [{"name": "Lowercase", "value": "Lowercase"}, {"name": "RemoveNulls", "value": "RemoveNulls"}, {"name": "Trim", "value": "Trim"}, {"name": "Uppercase", "value": "Uppercase"}, {"name": "UrlDecode", "value": "UrlDecode"}, {"name": "UrlEncode", "value": "UrlEncode"}]}}}]}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].name", "options": ["name"], "help": {"short": "Describes the name of the rule."}, "format": {"maxLength": 128}}, {"type": "integer", "var": "$parameters.properties.customRules.rules[].priority", "options": ["priority"], "required": true, "help": {"short": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value."}}, {"type": "integer", "var": "$parameters.properties.customRules.rules[].rateLimitDurationInMinutes", "options": ["rate-limit-duration-in-minutes"], "help": {"short": "Time window for resetting the rate limit count. Default is 1 minute."}, "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "var": "$parameters.properties.customRules.rules[].rateLimitThreshold", "options": ["rate-limit-threshold"], "help": {"short": "Number of allowed requests per client within the time window."}, "format": {"minimum": 0}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].ruleType", "options": ["rule-type"], "required": true, "help": {"short": "Describes type of rule."}, "enum": {"items": [{"name": "MatchRule", "value": "MatchRule"}, {"name": "RateLimitRule", "value": "RateLimitRule"}]}}]}}]}, {"type": "object", "var": "$parameters.properties.managedRules", "options": ["managed-rules"], "group": "Properties", "help": {"short": "Describes managed rules inside the policy."}, "args": [{"type": "object", "var": "$parameters.properties.managedRules.exceptionsList", "options": ["exceptions-list"], "help": {"short": "List of exceptions applied on the managed rule sets."}, "args": [{"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions", "options": ["exceptions"], "help": {"short": "List of exceptions applied on the managed rule sets."}, "item": {"type": "object", "args": [{"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchValues", "options": ["match-values"], "required": true, "help": {"short": "List of values to be matched with."}, "item": {"type": "string"}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchVariable", "options": ["match-variable"], "required": true, "help": {"short": "The variable to be evaluated for excluding the request."}, "enum": {"items": [{"name": "RequestHeaderNames", "value": "RequestHeaderNames"}, {"name": "RequestUri", "value": "RequestUri"}, {"name": "SocketAddr", "value": "SocketAddr"}]}}, {"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes", "options": ["scopes"], "required": true, "help": {"short": "Scope(s) of the exception."}, "item": {"type": "object", "args": [{"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes", "options": ["rule-group-scopes"], "help": {"short": "List of rule group scopes."}, "item": {"type": "object", "args": [{"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleGroupName", "options": ["rule-group-name"], "required": true, "help": {"short": "Defines the rule group name."}}, {"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes", "options": ["rule-scopes"], "help": {"short": "List of rule scopes."}, "item": {"type": "object", "args": [{"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes[].ruleId", "options": ["rule-id"], "required": true, "help": {"short": "Defines the rule id."}}]}}]}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetType", "options": ["rule-set-type"], "required": true, "help": {"short": "Defines the rule set type. Currently supports: DefaultRuleSet, Microsoft_DefaultRuleSet, Microsoft_BotManagerRuleSet, Microsoft_HTTPDDoSRuleSet, BotProtection"}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetVersion", "options": ["rule-set-version"], "required": true, "help": {"short": "Defines the version of the rule set."}}]}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].selector", "options": ["selector"], "help": {"short": "When matchVariable is a collection, operator used to specify which elements in the collection this exception applies to. Currently, the only matchVariable to support selector is 'RequestHeaderNames', and the selector value can be any HTTP request header, e.g 'User-Agent'."}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].selectorMatchOperator", "options": ["selector-match-operator"], "help": {"short": "Comparison operator to apply to the selector when specifying which elements in the collection this exception applies to."}, "enum": {"items": [{"name": "Equals", "value": "Equals"}]}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].valueMatchOperator", "options": ["value-match-operator"], "required": true, "help": {"short": "Comparison operator to apply to the value to be matched."}, "enum": {"items": [{"name": "Contains", "value": "Contains"}, {"name": "EndsWith", "value": "EndsWith"}, {"name": "Equals", "value": "Equals"}, {"name": "EqualsAny", "value": "EqualsAny"}, {"name": "IPMatch", "value": "IPMatch"}, {"name": "StartsWith", "value": "StartsWith"}]}}]}}]}, {"type": "array", "var": "$parameters.properties.managedRules.managedRuleSets", "options": ["managed-rule-sets"], "help": {"short": "List of rule sets."}, "item": {"type": "object", "args": [{"type": "array", "var": "$parameters.properties.managedRules.managedRuleSets[].exclusions", "options": ["exclusions"], "help": {"short": "Describes the exclusions that are applied to all rules in the set."}, "item": {"type": "object", "args": [{"type": "string", "var": "@ManagedRuleExclusion_create.matchVariable", "options": ["match-variable"], "required": true, "help": {"short": "The variable type to be excluded."}, "enum": {"items": [{"name": "QueryStringArgNames", "value": "QueryStringArgNames"}, {"name": "RequestBodyJsonArgNames", "value": "RequestBodyJsonArgNames"}, {"name": "RequestBodyPostArgNames", "value": "RequestBodyPostArgNames"}, {"name": "RequestCookieNames", "value": "RequestCookieNames"}, {"name": "RequestHeaderNames", "value": "RequestHeaderNames"}]}}, {"type": "string", "var": "@ManagedRuleExclusion_create.selector", "options": ["selector"], "required": true, "help": {"short": "Selector value for which elements in the collection this exclusion applies to."}}, {"type": "string", "var": "@ManagedRuleExclusion_create.selectorMatchOperator", "options": ["selector-match-operator"], "required": true, "help": {"short": "Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to."}, "enum": {"items": [{"name": "Contains", "value": "Contains"}, {"name": "EndsWith", "value": "EndsWith"}, {"name": "Equals", "value": "Equals"}, {"name": "EqualsAny", "value": "EqualsAny"}, {"name": "StartsWith", "value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_create"}}, {"type": "array", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides", "options": ["rule-group-overrides"], "help": {"short": "Defines the rule group overrides to apply to the rule set."}, "item": {"type": "object", "args": [{"type": "array<@ManagedRuleExclusion_create>", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions", "options": ["exclusions"], "help": {"short": "Describes the exclusions that are applied to all rules in the group."}, "item": {"type": "@ManagedRuleExclusion_create"}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName", "options": ["rule-group-name"], "required": true, "help": {"short": "Describes the managed rule group to override."}}, {"type": "array", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules", "options": ["rules"], "help": {"short": "List of rules that will be disabled. If none specified, all rules in the group will be disabled."}, "item": {"type": "object", "args": [{"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action", "options": ["action"], "help": {"short": "Describes the override action to be applied when rule matches."}, "enum": {"items": [{"name": "Allow", "value": "Allow"}, {"name": "AnomalyScoring", "value": "AnomalyScoring"}, {"name": "Block", "value": "Block"}, {"name": "CAPTCHA", "value": "CAPTCHA"}, {"name": "JSChallenge", "value": "JSChallenge"}, {"name": "Log", "value": "Log"}, {"name": "Redirect", "value": "Redirect"}]}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState", "options": ["enabled-state"], "help": {"short": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_create>", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions", "options": ["exclusions"], "help": {"short": "Describes the exclusions that are applied to this specific rule."}, "item": {"type": "@ManagedRuleExclusion_create"}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId", "options": ["rule-id"], "required": true, "help": {"short": "Identifier for the managed rule."}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].sensitivity", "options": ["sensitivity"], "help": {"short": "Describes the override sensitivity to be applied when rule matches."}, "enum": {"items": [{"name": "High", "value": "High"}, {"name": "Low", "value": "Low"}, {"name": "Medium", "value": "Medium"}]}}]}}]}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleSetAction", "options": ["rule-set-action"], "help": {"short": "Defines the rule set action."}, "enum": {"items": [{"name": "Block", "value": "Block"}, {"name": "Log", "value": "Log"}, {"name": "Redirect", "value": "Redirect"}]}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleSetType", "options": ["rule-set-type"], "required": true, "help": {"short": "Defines the rule set type to use."}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion", "options": ["rule-set-version"], "required": true, "help": {"short": "Defines the version of the rule set to use."}}]}}]}]}, {"name": "Sku", "args": [{"type": "string", "var": "$parameters.sku.name", "options": ["sku"], "group": "Sku", "help": {"short": "Name of the pricing tier."}, "default": {"value": "Premium_AzureFrontDoor"}, "enum": {"items": [{"name": "Classic_AzureFrontDoor", "value": "Classic_AzureFrontDoor"}, {"name": "Premium_AzureFrontDoor", "value": "Premium_AzureFrontDoor"}, {"name": "Standard_AzureFrontDoor", "value": "Standard_AzureFrontDoor"}]}}]}], "operations": [{"longRunning": {"finalStateVia": "azure-async-operation"}, "operationId": "Policies_CreateOrUpdate", "http": {"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", "request": {"method": "put", "path": {"params": [{"type": "string", "name": "policyName", "arg": "$Path.policyName", "required": true, "format": {"maxLength": 128}}, {"type": "string", "name": "resourceGroupName", "arg": "$Path.resourceGroupName", "required": true, "format": {"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", "maxLength": 80, "minLength": 1}}, {"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}, "body": {"json": {"schema": {"type": "object", "name": "parameters", "required": true, "props": [{"type": "string", "name": "etag", "arg": "$parameters.etag"}, {"type": "ResourceLocation", "name": "location", "arg": "$parameters.location"}, {"type": "object", "name": "properties", "props": [{"type": "object", "name": "customRules", "arg": "$parameters.properties.customRules", "props": [{"type": "array", "name": "rules", "arg": "$parameters.properties.customRules.rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "arg": "$parameters.properties.customRules.rules[].action", "required": true, "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "arg": "$parameters.properties.customRules.rules[].enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array", "name": "groupBy", "arg": "$parameters.properties.customRules.rules[].groupBy", "item": {"type": "object", "props": [{"type": "string", "name": "variableName", "arg": "$parameters.properties.customRules.rules[].groupBy[].variableName", "required": true, "enum": {"items": [{"value": "GeoLocation"}, {"value": "None"}, {"value": "SocketAddr"}]}}]}}, {"type": "array", "name": "matchConditions", "arg": "$parameters.properties.customRules.rules[].matchConditions", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "matchValue", "arg": "$parameters.properties.customRules.rules[].matchConditions[].matchValue", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "arg": "$parameters.properties.customRules.rules[].matchConditions[].matchVariable", "required": true, "enum": {"items": [{"value": "Cookies"}, {"value": "JA4"}, {"value": "PostArgs"}, {"value": "QueryString"}, {"value": "RemoteAddr"}, {"value": "RequestBody"}, {"value": "RequestHeader"}, {"value": "RequestMethod"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "boolean", "name": "negateCondition", "arg": "$parameters.properties.customRules.rules[].matchConditions[].negateCondition"}, {"type": "string", "name": "operator", "arg": "$parameters.properties.customRules.rules[].matchConditions[].operator", "required": true, "enum": {"items": [{"value": "Any"}, {"value": "AsnMatch"}, {"value": "BeginsWith"}, {"value": "ClientFingerprint"}, {"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equal"}, {"value": "GeoMatch"}, {"value": "GreaterThan"}, {"value": "GreaterThanOrEqual"}, {"value": "IPMatch"}, {"value": "LessThan"}, {"value": "LessThanOrEqual"}, {"value": "RegEx"}, {"value": "ServiceTagMatch"}]}}, {"type": "string", "name": "selector", "arg": "$parameters.properties.customRules.rules[].matchConditions[].selector"}, {"type": "array", "name": "transforms", "arg": "$parameters.properties.customRules.rules[].matchConditions[].transforms", "item": {"type": "string", "enum": {"items": [{"value": "Lowercase"}, {"value": "RemoveNulls"}, {"value": "Trim"}, {"value": "Uppercase"}, {"value": "UrlDecode"}, {"value": "UrlEncode"}]}}}]}}, {"type": "string", "name": "name", "arg": "$parameters.properties.customRules.rules[].name", "format": {"maxLength": 128}}, {"type": "integer", "name": "priority", "arg": "$parameters.properties.customRules.rules[].priority", "required": true}, {"type": "integer", "name": "rateLimitDurationInMinutes", "arg": "$parameters.properties.customRules.rules[].rateLimitDurationInMinutes", "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "name": "rateLimitThreshold", "arg": "$parameters.properties.customRules.rules[].rateLimitThreshold", "format": {"minimum": 0}}, {"type": "string", "name": "ruleType", "arg": "$parameters.properties.customRules.rules[].ruleType", "required": true, "enum": {"items": [{"value": "MatchRule"}, {"value": "RateLimitRule"}]}}]}}]}, {"type": "object", "name": "managedRules", "arg": "$parameters.properties.managedRules", "props": [{"type": "object", "name": "exceptionsList", "arg": "$parameters.properties.managedRules.exceptionsList", "props": [{"type": "array", "name": "exceptions", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions", "item": {"type": "object", "props": [{"type": "array", "name": "matchValues", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchValues", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchVariable", "required": true, "enum": {"items": [{"value": "RequestHeaderNames"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "array", "name": "scopes", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "ruleGroupScopes", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleGroupName", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleGroupName", "required": true}, {"type": "array", "name": "ruleScopes", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleId", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes[].ruleId", "required": true}]}}]}}, {"type": "string", "name": "ruleSetType", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetVersion", "required": true}]}}, {"type": "string", "name": "selector", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].selector"}, {"type": "string", "name": "selectorMatchOperator", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].selectorMatchOperator", "enum": {"items": [{"value": "Equals"}]}}, {"type": "string", "name": "valueMatchOperator", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].valueMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "IPMatch"}, {"value": "StartsWith"}]}}]}}]}, {"type": "array", "name": "managedRuleSets", "arg": "$parameters.properties.managedRules.managedRuleSets", "item": {"type": "object", "props": [{"type": "array", "name": "exclusions", "arg": "$parameters.properties.managedRules.managedRuleSets[].exclusions", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "arg": "@ManagedRuleExclusion_create.matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}]}}, {"type": "string", "name": "selector", "arg": "@ManagedRuleExclusion_create.selector", "required": true}, {"type": "string", "name": "selectorMatchOperator", "arg": "@ManagedRuleExclusion_create.selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_create"}}, {"type": "array", "name": "ruleGroupOverrides", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides", "item": {"type": "object", "props": [{"type": "array<@ManagedRuleExclusion_create>", "name": "exclusions", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions", "item": {"type": "@ManagedRuleExclusion_create"}}, {"type": "string", "name": "ruleGroupName", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName", "required": true}, {"type": "array", "name": "rules", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_create>", "name": "exclusions", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions", "item": {"type": "@ManagedRuleExclusion_create"}}, {"type": "string", "name": "ruleId", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId", "required": true}, {"type": "string", "name": "sensitivity", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].sensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}]}}]}}, {"type": "string", "name": "ruleSetAction", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleSetAction", "enum": {"items": [{"value": "Block"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "ruleSetType", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion", "required": true}]}}]}, {"type": "object", "name": "policySettings", "props": [{"type": "integer32", "name": "captchaExpirationInMinutes", "arg": "$parameters.properties.policySettings.captchaExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "name": "customBlockResponseBody", "arg": "$parameters.properties.policySettings.customBlockResponseBody", "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "name": "customBlockResponseStatusCode", "arg": "$parameters.properties.policySettings.customBlockResponseStatusCode"}, {"type": "string", "name": "enabledState", "arg": "$parameters.properties.policySettings.enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "integer32", "name": "javascriptChallengeExpirationInMinutes", "arg": "$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "name": "logScrubbing", "arg": "$parameters.properties.policySettings.logScrubbing", "props": [{"type": "array", "name": "scrubbingRules", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}, {"value": "RequestIPAddress"}, {"value": "RequestUri"}]}}, {"type": "string", "name": "selector", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector"}, {"type": "string", "name": "selectorMatchOperator", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Equals"}, {"value": "EqualsAny"}]}}, {"type": "string", "name": "state", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}}, {"type": "string", "name": "state", "arg": "$parameters.properties.policySettings.logScrubbing.state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}], "clientFlatten": true}, {"type": "string", "name": "mode", "arg": "$parameters.properties.policySettings.mode", "enum": {"items": [{"value": "Detection"}, {"value": "Prevention"}]}}, {"type": "string", "name": "redirectUrl", "arg": "$parameters.properties.policySettings.redirectUrl"}, {"type": "string", "name": "requestBodyCheck", "arg": "$parameters.properties.policySettings.requestBodyCheck", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}], "clientFlatten": true}, {"type": "object", "name": "sku", "props": [{"type": "string", "name": "name", "arg": "$parameters.sku.name", "enum": {"items": [{"value": "Classic_AzureFrontDoor"}, {"value": "Premium_AzureFrontDoor"}, {"value": "Standard_AzureFrontDoor"}]}}]}, {"type": "object", "name": "tags", "arg": "$parameters.tags", "additionalProps": {"item": {"type": "string"}}}], "clientFlatten": true}}}}, "responses": [{"statusCode": [200, 201], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "etag"}, {"readOnly": true, "type": "ResourceId", "name": "id", "format": {"template": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"}}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"type": "object", "name": "customRules", "props": [{"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "required": true, "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array", "name": "groupBy", "item": {"type": "object", "props": [{"type": "string", "name": "variableName", "required": true, "enum": {"items": [{"value": "GeoLocation"}, {"value": "None"}, {"value": "SocketAddr"}]}}]}}, {"type": "array", "name": "matchConditions", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "matchValue", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "Cookies"}, {"value": "JA4"}, {"value": "PostArgs"}, {"value": "QueryString"}, {"value": "RemoteAddr"}, {"value": "RequestBody"}, {"value": "RequestHeader"}, {"value": "RequestMethod"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "boolean", "name": "negateCondition"}, {"type": "string", "name": "operator", "required": true, "enum": {"items": [{"value": "Any"}, {"value": "AsnMatch"}, {"value": "BeginsWith"}, {"value": "ClientFingerprint"}, {"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equal"}, {"value": "GeoMatch"}, {"value": "GreaterThan"}, {"value": "GreaterThanOrEqual"}, {"value": "IPMatch"}, {"value": "LessThan"}, {"value": "LessThanOrEqual"}, {"value": "RegEx"}, {"value": "ServiceTagMatch"}]}}, {"type": "string", "name": "selector"}, {"type": "array", "name": "transforms", "item": {"type": "string", "enum": {"items": [{"value": "Lowercase"}, {"value": "RemoveNulls"}, {"value": "Trim"}, {"value": "Uppercase"}, {"value": "UrlDecode"}, {"value": "UrlEncode"}]}}}]}}, {"type": "string", "name": "name", "format": {"maxLength": 128}}, {"type": "integer", "name": "priority", "required": true}, {"type": "integer", "name": "rateLimitDurationInMinutes", "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "name": "rateLimitThreshold", "format": {"minimum": 0}}, {"type": "string", "name": "ruleType", "required": true, "enum": {"items": [{"value": "MatchRule"}, {"value": "RateLimitRule"}]}}]}}]}, {"readOnly": true, "type": "array", "name": "frontendEndpointLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"type": "object", "name": "managedRules", "props": [{"type": "object", "name": "exceptionsList", "props": [{"type": "array", "name": "exceptions", "item": {"type": "object", "props": [{"type": "array", "name": "matchValues", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "RequestHeaderNames"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "array", "name": "scopes", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "ruleGroupScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "ruleScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleId", "required": true}]}}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "enum": {"items": [{"value": "Equals"}]}}, {"type": "string", "name": "valueMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "IPMatch"}, {"value": "StartsWith"}]}}]}}]}, {"type": "array", "name": "managedRuleSets", "item": {"type": "object", "props": [{"type": "array", "name": "exclusions", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}]}}, {"type": "string", "name": "selector", "required": true}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_read"}}, {"type": "array", "name": "ruleGroupOverrides", "item": {"type": "object", "props": [{"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleId", "required": true}, {"type": "string", "name": "sensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}]}}]}}, {"type": "string", "name": "ruleSetAction", "enum": {"items": [{"value": "Block"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}]}, {"type": "object", "name": "policySettings", "props": [{"type": "integer32", "name": "captchaExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "name": "customBlockResponseBody", "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "name": "customBlockResponseStatusCode"}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "integer32", "name": "javascriptChallengeExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "name": "logScrubbing", "props": [{"type": "array", "name": "scrubbingRules", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}, {"value": "RequestIPAddress"}, {"value": "RequestUri"}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Equals"}, {"value": "EqualsAny"}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}], "clientFlatten": true}, {"type": "string", "name": "mode", "enum": {"items": [{"value": "Detection"}, {"value": "Prevention"}]}}, {"type": "string", "name": "redirectUrl"}, {"type": "string", "name": "requestBodyCheck", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}, {"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "string", "name": "resourceState", "enum": {"items": [{"value": "Creating"}, {"value": "Deleting"}, {"value": "Disabled"}, {"value": "Disabling"}, {"value": "Enabled"}, {"value": "Enabling"}]}}, {"readOnly": true, "type": "array", "name": "routingRuleLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"readOnly": true, "type": "array", "name": "securityPolicyLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}], "clientFlatten": true}, {"type": "object", "name": "sku", "props": [{"type": "string", "name": "name", "enum": {"items": [{"value": "Classic_AzureFrontDoor"}, {"value": "Premium_AzureFrontDoor"}, {"value": "Standard_AzureFrontDoor"}]}}]}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}], "cls": "WebApplicationFirewallPolicy_read"}}}}, {"statusCode": [202], "body": {"json": {"var": "$Instance", "schema": {"type": "@WebApplicationFirewallPolicy_read"}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "object", "ref": "$Instance", "clientFlatten": true}]}, {"name": "update", "version": "2025-11-01", "resources": [{"id": "/subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{}", "version": "2025-11-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsUG9saWNpZXMve3BvbGljeU5hbWV9/V/MjAyNS0xMS0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "string", "var": "$Path.policyName", "options": ["n", "name", "policy-name"], "required": true, "idPart": "name", "help": {"short": "The name of the Web Application Firewall Policy."}, "format": {"maxLength": 128}}, {"type": "ResourceGroupName", "var": "$Path.resourceGroupName", "options": ["g", "resource-group"], "required": true, "idPart": "resource_group"}, {"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}, {"name": "Parameters", "args": [{"nullable": true, "type": "string", "var": "$parameters.etag", "options": ["etag"], "group": "Parameters", "help": {"short": "Gets a unique read-only string that changes whenever the resource is updated."}}, {"nullable": true, "type": "ResourceLocation", "var": "$parameters.location", "options": ["l", "location"], "group": "Parameters", "help": {"short": "Resource location."}}, {"nullable": true, "type": "object", "var": "$parameters.tags", "options": ["tags"], "group": "Parameters", "help": {"short": "Resource tags."}, "additionalProps": {"item": {"nullable": true, "type": "string"}}}]}, {"name": "PolicySettings", "args": [{"nullable": true, "type": "integer32", "var": "$parameters.properties.policySettings.captchaExpirationInMinutes", "options": ["captcha-expiration-in-minutes"], "group": "PolicySettings", "help": {"short": "Defines the Captcha cookie validity lifetime in minutes. This setting is only applicable to Premium_AzureFrontDoor. Value must be an integer between 5 and 1440 with the default value being 30."}, "format": {"maximum": 1440, "minimum": 5}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.customBlockResponseBody", "options": ["custom-block-response-body"], "group": "PolicySettings", "help": {"short": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding."}, "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"nullable": true, "type": "integer", "var": "$parameters.properties.policySettings.customBlockResponseStatusCode", "options": ["custom-block-response-status-code"], "group": "PolicySettings", "help": {"short": "If the action type is block, customer can override the response status code."}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.enabledState", "options": ["enabled-state"], "group": "PolicySettings", "help": {"short": "Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}, {"nullable": true, "type": "integer32", "var": "$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes", "options": ["js-expiration", "javascript-challenge-expiration-in-minutes"], "group": "PolicySettings", "help": {"short": "Defines the JavaScript challenge cookie validity lifetime in minutes. Value must be an integer between 5 and 1440 with the default value being 30."}, "format": {"maximum": 1440, "minimum": 5}}, {"nullable": true, "type": "object", "var": "$parameters.properties.policySettings.logScrubbing", "options": ["log-scrubbing"], "group": "PolicySettings", "help": {"short": "Defines rules that scrub sensitive fields in the Web Application Firewall logs. Example: --log-scrubbing \"{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}, --log-scrubbing scrubbing-rules=[] state=Disabled, --log-scrubbing null"}, "args": [{"nullable": true, "type": "array", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules", "options": ["scrubbing-rules"], "help": {"short": "List of log scrubbing rules applied to the Web Application Firewall logs."}, "item": {"nullable": true, "type": "object", "args": [{"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable", "options": ["match-variable"], "help": {"short": "The variable to be scrubbed from the logs."}, "enum": {"items": [{"name": "QueryStringArgNames", "value": "QueryStringArgNames"}, {"name": "RequestBodyJsonArgNames", "value": "RequestBodyJsonArgNames"}, {"name": "RequestBodyPostArgNames", "value": "RequestBodyPostArgNames"}, {"name": "RequestCookieNames", "value": "RequestCookieNames"}, {"name": "RequestHeaderNames", "value": "RequestHeaderNames"}, {"name": "RequestIPAddress", "value": "RequestIPAddress"}, {"name": "RequestUri", "value": "RequestUri"}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector", "options": ["selector"], "help": {"short": "When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to."}}, {"type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator", "options": ["selector-match-operator"], "help": {"short": "When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to."}, "enum": {"items": [{"name": "Equals", "value": "Equals"}, {"name": "EqualsAny", "value": "EqualsAny"}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state", "options": ["state"], "help": {"short": "Defines the state of a log scrubbing rule. Default value is enabled."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.logScrubbing.state", "options": ["state"], "help": {"short": "State of the log scrubbing config. Default value is Enabled."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}]}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.mode", "options": ["mode"], "group": "PolicySettings", "help": {"short": "Describes if it is in detection mode or prevention mode at policy level."}, "enum": {"items": [{"name": "Detection", "value": "Detection"}, {"name": "Prevention", "value": "Prevention"}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.redirectUrl", "options": ["redirect-url"], "group": "PolicySettings", "help": {"short": "If action type is redirect, this field represents redirect URL for the client."}}, {"nullable": true, "type": "string", "var": "$parameters.properties.policySettings.requestBodyCheck", "options": ["request-body-check"], "group": "PolicySettings", "help": {"short": "Describes if policy managed rules will inspect the request body content."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}]}, {"name": "Properties", "args": [{"nullable": true, "type": "object", "var": "$parameters.properties.customRules", "options": ["custom-rules"], "group": "Properties", "help": {"short": "Describes custom rules inside the policy."}, "args": [{"nullable": true, "type": "array", "var": "$parameters.properties.customRules.rules", "options": ["rules"], "help": {"short": "List of rules"}, "item": {"nullable": true, "type": "object", "args": [{"type": "string", "var": "$parameters.properties.customRules.rules[].action", "options": ["action"], "help": {"short": "Describes what action to be applied when rule matches."}, "enum": {"items": [{"name": "Allow", "value": "Allow"}, {"name": "AnomalyScoring", "value": "AnomalyScoring"}, {"name": "Block", "value": "Block"}, {"name": "CAPTCHA", "value": "CAPTCHA"}, {"name": "JSChallenge", "value": "JSChallenge"}, {"name": "Log", "value": "Log"}, {"name": "Redirect", "value": "Redirect"}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.customRules.rules[].enabledState", "options": ["enabled-state"], "help": {"short": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}, {"nullable": true, "type": "array", "var": "$parameters.properties.customRules.rules[].groupBy", "options": ["group-by"], "help": {"short": "Describes the list of variables to group the rate limit requests"}, "item": {"nullable": true, "type": "object", "args": [{"type": "string", "var": "$parameters.properties.customRules.rules[].groupBy[].variableName", "options": ["variable-name"], "help": {"short": "Describes the supported variable for group by"}, "enum": {"items": [{"name": "GeoLocation", "value": "GeoLocation"}, {"name": "None", "value": "None"}, {"name": "SocketAddr", "value": "SocketAddr"}]}}]}}, {"type": "array", "var": "$parameters.properties.customRules.rules[].matchConditions", "options": ["match-conditions"], "help": {"short": "List of match conditions."}, "item": {"nullable": true, "type": "object", "args": [{"type": "array", "var": "$parameters.properties.customRules.rules[].matchConditions[].matchValue", "options": ["match-value"], "help": {"short": "List of possible match values."}, "item": {"nullable": true, "type": "string"}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].matchConditions[].matchVariable", "options": ["match-variable"], "help": {"short": "Request variable to compare with."}, "enum": {"items": [{"name": "Cookies", "value": "Cookies"}, {"name": "JA4", "value": "JA4"}, {"name": "PostArgs", "value": "PostArgs"}, {"name": "QueryString", "value": "QueryString"}, {"name": "RemoteAddr", "value": "RemoteAddr"}, {"name": "RequestBody", "value": "RequestBody"}, {"name": "RequestHeader", "value": "RequestHeader"}, {"name": "RequestMethod", "value": "RequestMethod"}, {"name": "RequestUri", "value": "RequestUri"}, {"name": "SocketAddr", "value": "SocketAddr"}]}}, {"nullable": true, "type": "boolean", "var": "$parameters.properties.customRules.rules[].matchConditions[].negateCondition", "options": ["negate-condition"], "help": {"short": "Describes if the result of this condition should be negated."}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].matchConditions[].operator", "options": ["operator"], "help": {"short": "Comparison type to use for matching with the variable value."}, "enum": {"items": [{"name": "Any", "value": "Any"}, {"name": "AsnMatch", "value": "AsnMatch"}, {"name": "BeginsWith", "value": "BeginsWith"}, {"name": "ClientFingerprint", "value": "ClientFingerprint"}, {"name": "Contains", "value": "Contains"}, {"name": "EndsWith", "value": "EndsWith"}, {"name": "Equal", "value": "Equal"}, {"name": "GeoMatch", "value": "GeoMatch"}, {"name": "GreaterThan", "value": "GreaterThan"}, {"name": "GreaterThanOrEqual", "value": "GreaterThanOrEqual"}, {"name": "IPMatch", "value": "IPMatch"}, {"name": "LessThan", "value": "LessThan"}, {"name": "LessThanOrEqual", "value": "LessThanOrEqual"}, {"name": "RegEx", "value": "RegEx"}, {"name": "ServiceTagMatch", "value": "ServiceTagMatch"}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.customRules.rules[].matchConditions[].selector", "options": ["selector"], "help": {"short": "Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null."}}, {"nullable": true, "type": "array", "var": "$parameters.properties.customRules.rules[].matchConditions[].transforms", "options": ["transforms"], "help": {"short": "List of transforms."}, "item": {"nullable": true, "type": "string", "enum": {"items": [{"name": "Lowercase", "value": "Lowercase"}, {"name": "RemoveNulls", "value": "RemoveNulls"}, {"name": "Trim", "value": "Trim"}, {"name": "Uppercase", "value": "Uppercase"}, {"name": "UrlDecode", "value": "UrlDecode"}, {"name": "UrlEncode", "value": "UrlEncode"}]}}}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.customRules.rules[].name", "options": ["name"], "help": {"short": "Describes the name of the rule."}, "format": {"maxLength": 128}}, {"type": "integer", "var": "$parameters.properties.customRules.rules[].priority", "options": ["priority"], "help": {"short": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value."}}, {"nullable": true, "type": "integer", "var": "$parameters.properties.customRules.rules[].rateLimitDurationInMinutes", "options": ["rate-limit-duration-in-minutes"], "help": {"short": "Time window for resetting the rate limit count. Default is 1 minute."}, "format": {"maximum": 5, "minimum": 0}}, {"nullable": true, "type": "integer", "var": "$parameters.properties.customRules.rules[].rateLimitThreshold", "options": ["rate-limit-threshold"], "help": {"short": "Number of allowed requests per client within the time window."}, "format": {"minimum": 0}}, {"type": "string", "var": "$parameters.properties.customRules.rules[].ruleType", "options": ["rule-type"], "help": {"short": "Describes type of rule."}, "enum": {"items": [{"name": "MatchRule", "value": "MatchRule"}, {"name": "RateLimitRule", "value": "RateLimitRule"}]}}]}}]}, {"nullable": true, "type": "object", "var": "$parameters.properties.managedRules", "options": ["managed-rules"], "group": "Properties", "help": {"short": "Describes managed rules inside the policy."}, "args": [{"nullable": true, "type": "object", "var": "$parameters.properties.managedRules.exceptionsList", "options": ["exceptions-list"], "help": {"short": "List of exceptions applied on the managed rule sets."}, "args": [{"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions", "options": ["exceptions"], "help": {"short": "List of exceptions applied on the managed rule sets."}, "item": {"nullable": true, "type": "object", "args": [{"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchValues", "options": ["match-values"], "help": {"short": "List of values to be matched with."}, "item": {"nullable": true, "type": "string"}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchVariable", "options": ["match-variable"], "help": {"short": "The variable to be evaluated for excluding the request."}, "enum": {"items": [{"name": "RequestHeaderNames", "value": "RequestHeaderNames"}, {"name": "RequestUri", "value": "RequestUri"}, {"name": "SocketAddr", "value": "SocketAddr"}]}}, {"type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes", "options": ["scopes"], "help": {"short": "Scope(s) of the exception."}, "item": {"nullable": true, "type": "object", "args": [{"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes", "options": ["rule-group-scopes"], "help": {"short": "List of rule group scopes."}, "item": {"nullable": true, "type": "object", "args": [{"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleGroupName", "options": ["rule-group-name"], "help": {"short": "Defines the rule group name."}}, {"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes", "options": ["rule-scopes"], "help": {"short": "List of rule scopes."}, "item": {"nullable": true, "type": "object", "args": [{"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes[].ruleId", "options": ["rule-id"], "help": {"short": "Defines the rule id."}}]}}]}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetType", "options": ["rule-set-type"], "help": {"short": "Defines the rule set type. Currently supports: DefaultRuleSet, Microsoft_DefaultRuleSet, Microsoft_BotManagerRuleSet, Microsoft_HTTPDDoSRuleSet, BotProtection"}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetVersion", "options": ["rule-set-version"], "help": {"short": "Defines the version of the rule set."}}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].selector", "options": ["selector"], "help": {"short": "When matchVariable is a collection, operator used to specify which elements in the collection this exception applies to. Currently, the only matchVariable to support selector is 'RequestHeaderNames', and the selector value can be any HTTP request header, e.g 'User-Agent'."}}, {"nullable": true, "type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].selectorMatchOperator", "options": ["selector-match-operator"], "help": {"short": "Comparison operator to apply to the selector when specifying which elements in the collection this exception applies to."}, "enum": {"items": [{"name": "Equals", "value": "Equals"}]}}, {"type": "string", "var": "$parameters.properties.managedRules.exceptionsList.exceptions[].valueMatchOperator", "options": ["value-match-operator"], "help": {"short": "Comparison operator to apply to the value to be matched."}, "enum": {"items": [{"name": "Contains", "value": "Contains"}, {"name": "EndsWith", "value": "EndsWith"}, {"name": "Equals", "value": "Equals"}, {"name": "EqualsAny", "value": "EqualsAny"}, {"name": "IPMatch", "value": "IPMatch"}, {"name": "StartsWith", "value": "StartsWith"}]}}]}}]}, {"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.managedRuleSets", "options": ["managed-rule-sets"], "help": {"short": "List of rule sets."}, "item": {"nullable": true, "type": "object", "args": [{"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.managedRuleSets[].exclusions", "options": ["exclusions"], "help": {"short": "Describes the exclusions that are applied to all rules in the set."}, "item": {"nullable": true, "type": "object", "args": [{"type": "string", "var": "@ManagedRuleExclusion_update.matchVariable", "options": ["match-variable"], "help": {"short": "The variable type to be excluded."}, "enum": {"items": [{"name": "QueryStringArgNames", "value": "QueryStringArgNames"}, {"name": "RequestBodyJsonArgNames", "value": "RequestBodyJsonArgNames"}, {"name": "RequestBodyPostArgNames", "value": "RequestBodyPostArgNames"}, {"name": "RequestCookieNames", "value": "RequestCookieNames"}, {"name": "RequestHeaderNames", "value": "RequestHeaderNames"}]}}, {"type": "string", "var": "@ManagedRuleExclusion_update.selector", "options": ["selector"], "help": {"short": "Selector value for which elements in the collection this exclusion applies to."}}, {"type": "string", "var": "@ManagedRuleExclusion_update.selectorMatchOperator", "options": ["selector-match-operator"], "help": {"short": "Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to."}, "enum": {"items": [{"name": "Contains", "value": "Contains"}, {"name": "EndsWith", "value": "EndsWith"}, {"name": "Equals", "value": "Equals"}, {"name": "EqualsAny", "value": "EqualsAny"}, {"name": "StartsWith", "value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_update"}}, {"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides", "options": ["rule-group-overrides"], "help": {"short": "Defines the rule group overrides to apply to the rule set."}, "item": {"nullable": true, "type": "object", "args": [{"nullable": true, "type": "array<@ManagedRuleExclusion_update>", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions", "options": ["exclusions"], "help": {"short": "Describes the exclusions that are applied to all rules in the group."}, "item": {"nullable": true, "type": "@ManagedRuleExclusion_update"}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName", "options": ["rule-group-name"], "help": {"short": "Describes the managed rule group to override."}}, {"nullable": true, "type": "array", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules", "options": ["rules"], "help": {"short": "List of rules that will be disabled. If none specified, all rules in the group will be disabled."}, "item": {"nullable": true, "type": "object", "args": [{"nullable": true, "type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action", "options": ["action"], "help": {"short": "Describes the override action to be applied when rule matches."}, "enum": {"items": [{"name": "Allow", "value": "Allow"}, {"name": "AnomalyScoring", "value": "AnomalyScoring"}, {"name": "Block", "value": "Block"}, {"name": "CAPTCHA", "value": "CAPTCHA"}, {"name": "JSChallenge", "value": "JSChallenge"}, {"name": "Log", "value": "Log"}, {"name": "Redirect", "value": "Redirect"}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState", "options": ["enabled-state"], "help": {"short": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified."}, "enum": {"items": [{"name": "Disabled", "value": "Disabled"}, {"name": "Enabled", "value": "Enabled"}]}}, {"nullable": true, "type": "array<@ManagedRuleExclusion_update>", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions", "options": ["exclusions"], "help": {"short": "Describes the exclusions that are applied to this specific rule."}, "item": {"nullable": true, "type": "@ManagedRuleExclusion_update"}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId", "options": ["rule-id"], "help": {"short": "Identifier for the managed rule."}}, {"nullable": true, "type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].sensitivity", "options": ["sensitivity"], "help": {"short": "Describes the override sensitivity to be applied when rule matches."}, "enum": {"items": [{"name": "High", "value": "High"}, {"name": "Low", "value": "Low"}, {"name": "Medium", "value": "Medium"}]}}]}}]}}, {"nullable": true, "type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleSetAction", "options": ["rule-set-action"], "help": {"short": "Defines the rule set action."}, "enum": {"items": [{"name": "Block", "value": "Block"}, {"name": "Log", "value": "Log"}, {"name": "Redirect", "value": "Redirect"}]}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleSetType", "options": ["rule-set-type"], "help": {"short": "Defines the rule set type to use."}}, {"type": "string", "var": "$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion", "options": ["rule-set-version"], "help": {"short": "Defines the version of the rule set to use."}}]}}]}]}, {"name": "Sku", "args": [{"nullable": true, "type": "string", "var": "$parameters.sku.name", "options": ["sku"], "group": "Sku", "help": {"short": "Name of the pricing tier."}, "enum": {"items": [{"name": "Classic_AzureFrontDoor", "value": "Classic_AzureFrontDoor"}, {"name": "Premium_AzureFrontDoor", "value": "Premium_AzureFrontDoor"}, {"name": "Standard_AzureFrontDoor", "value": "Standard_AzureFrontDoor"}]}}]}], "operations": [{"operationId": "Policies_Get", "http": {"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "policyName", "arg": "$Path.policyName", "required": true, "format": {"maxLength": 128}}, {"type": "string", "name": "resourceGroupName", "arg": "$Path.resourceGroupName", "required": true, "format": {"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", "maxLength": 80, "minLength": 1}}, {"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "etag"}, {"readOnly": true, "type": "ResourceId", "name": "id", "format": {"template": "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{}"}}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"type": "object", "name": "customRules", "props": [{"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "required": true, "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array", "name": "groupBy", "item": {"type": "object", "props": [{"type": "string", "name": "variableName", "required": true, "enum": {"items": [{"value": "GeoLocation"}, {"value": "None"}, {"value": "SocketAddr"}]}}]}}, {"type": "array", "name": "matchConditions", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "matchValue", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "Cookies"}, {"value": "JA4"}, {"value": "PostArgs"}, {"value": "QueryString"}, {"value": "RemoteAddr"}, {"value": "RequestBody"}, {"value": "RequestHeader"}, {"value": "RequestMethod"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "boolean", "name": "negateCondition"}, {"type": "string", "name": "operator", "required": true, "enum": {"items": [{"value": "Any"}, {"value": "AsnMatch"}, {"value": "BeginsWith"}, {"value": "ClientFingerprint"}, {"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equal"}, {"value": "GeoMatch"}, {"value": "GreaterThan"}, {"value": "GreaterThanOrEqual"}, {"value": "IPMatch"}, {"value": "LessThan"}, {"value": "LessThanOrEqual"}, {"value": "RegEx"}, {"value": "ServiceTagMatch"}]}}, {"type": "string", "name": "selector"}, {"type": "array", "name": "transforms", "item": {"type": "string", "enum": {"items": [{"value": "Lowercase"}, {"value": "RemoveNulls"}, {"value": "Trim"}, {"value": "Uppercase"}, {"value": "UrlDecode"}, {"value": "UrlEncode"}]}}}]}}, {"type": "string", "name": "name", "format": {"maxLength": 128}}, {"type": "integer", "name": "priority", "required": true}, {"type": "integer", "name": "rateLimitDurationInMinutes", "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "name": "rateLimitThreshold", "format": {"minimum": 0}}, {"type": "string", "name": "ruleType", "required": true, "enum": {"items": [{"value": "MatchRule"}, {"value": "RateLimitRule"}]}}]}}]}, {"readOnly": true, "type": "array", "name": "frontendEndpointLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"type": "object", "name": "managedRules", "props": [{"type": "object", "name": "exceptionsList", "props": [{"type": "array", "name": "exceptions", "item": {"type": "object", "props": [{"type": "array", "name": "matchValues", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "RequestHeaderNames"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "array", "name": "scopes", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "ruleGroupScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "ruleScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleId", "required": true}]}}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "enum": {"items": [{"value": "Equals"}]}}, {"type": "string", "name": "valueMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "IPMatch"}, {"value": "StartsWith"}]}}]}}]}, {"type": "array", "name": "managedRuleSets", "item": {"type": "object", "props": [{"type": "array", "name": "exclusions", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}]}}, {"type": "string", "name": "selector", "required": true}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_read"}}, {"type": "array", "name": "ruleGroupOverrides", "item": {"type": "object", "props": [{"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleGroupName", "required": true}, {"type": "array", "name": "rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_read>", "name": "exclusions", "item": {"type": "@ManagedRuleExclusion_read"}}, {"type": "string", "name": "ruleId", "required": true}, {"type": "string", "name": "sensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}]}}]}}, {"type": "string", "name": "ruleSetAction", "enum": {"items": [{"value": "Block"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "required": true}]}}]}, {"type": "object", "name": "policySettings", "props": [{"type": "integer32", "name": "captchaExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "name": "customBlockResponseBody", "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "name": "customBlockResponseStatusCode"}, {"type": "string", "name": "enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "integer32", "name": "javascriptChallengeExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "name": "logScrubbing", "props": [{"type": "array", "name": "scrubbingRules", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}, {"value": "RequestIPAddress"}, {"value": "RequestUri"}]}}, {"type": "string", "name": "selector"}, {"type": "string", "name": "selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Equals"}, {"value": "EqualsAny"}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}}, {"type": "string", "name": "state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}], "clientFlatten": true}, {"type": "string", "name": "mode", "enum": {"items": [{"value": "Detection"}, {"value": "Prevention"}]}}, {"type": "string", "name": "redirectUrl"}, {"type": "string", "name": "requestBodyCheck", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}, {"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "string", "name": "resourceState", "enum": {"items": [{"value": "Creating"}, {"value": "Deleting"}, {"value": "Disabled"}, {"value": "Disabling"}, {"value": "Enabled"}, {"value": "Enabling"}]}}, {"readOnly": true, "type": "array", "name": "routingRuleLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}, {"readOnly": true, "type": "array", "name": "securityPolicyLinks", "item": {"readOnly": true, "type": "object", "props": [{"type": "string", "name": "id"}]}}], "clientFlatten": true}, {"type": "object", "name": "sku", "props": [{"type": "string", "name": "name", "enum": {"items": [{"value": "Classic_AzureFrontDoor"}, {"value": "Premium_AzureFrontDoor"}, {"value": "Standard_AzureFrontDoor"}]}}]}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}], "cls": "WebApplicationFirewallPolicy_read"}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}, {"instanceUpdate": {"ref": "$Instance", "json": {"schema": {"type": "object", "name": "parameters", "required": true, "props": [{"type": "string", "name": "etag", "arg": "$parameters.etag"}, {"type": "ResourceLocation", "name": "location", "arg": "$parameters.location"}, {"type": "object", "name": "properties", "props": [{"type": "object", "name": "customRules", "arg": "$parameters.properties.customRules", "props": [{"type": "array", "name": "rules", "arg": "$parameters.properties.customRules.rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "arg": "$parameters.properties.customRules.rules[].action", "required": true, "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "arg": "$parameters.properties.customRules.rules[].enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array", "name": "groupBy", "arg": "$parameters.properties.customRules.rules[].groupBy", "item": {"type": "object", "props": [{"type": "string", "name": "variableName", "arg": "$parameters.properties.customRules.rules[].groupBy[].variableName", "required": true, "enum": {"items": [{"value": "GeoLocation"}, {"value": "None"}, {"value": "SocketAddr"}]}}]}}, {"type": "array", "name": "matchConditions", "arg": "$parameters.properties.customRules.rules[].matchConditions", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "matchValue", "arg": "$parameters.properties.customRules.rules[].matchConditions[].matchValue", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "arg": "$parameters.properties.customRules.rules[].matchConditions[].matchVariable", "required": true, "enum": {"items": [{"value": "Cookies"}, {"value": "JA4"}, {"value": "PostArgs"}, {"value": "QueryString"}, {"value": "RemoteAddr"}, {"value": "RequestBody"}, {"value": "RequestHeader"}, {"value": "RequestMethod"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "boolean", "name": "negateCondition", "arg": "$parameters.properties.customRules.rules[].matchConditions[].negateCondition"}, {"type": "string", "name": "operator", "arg": "$parameters.properties.customRules.rules[].matchConditions[].operator", "required": true, "enum": {"items": [{"value": "Any"}, {"value": "AsnMatch"}, {"value": "BeginsWith"}, {"value": "ClientFingerprint"}, {"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equal"}, {"value": "GeoMatch"}, {"value": "GreaterThan"}, {"value": "GreaterThanOrEqual"}, {"value": "IPMatch"}, {"value": "LessThan"}, {"value": "LessThanOrEqual"}, {"value": "RegEx"}, {"value": "ServiceTagMatch"}]}}, {"type": "string", "name": "selector", "arg": "$parameters.properties.customRules.rules[].matchConditions[].selector"}, {"type": "array", "name": "transforms", "arg": "$parameters.properties.customRules.rules[].matchConditions[].transforms", "item": {"type": "string", "enum": {"items": [{"value": "Lowercase"}, {"value": "RemoveNulls"}, {"value": "Trim"}, {"value": "Uppercase"}, {"value": "UrlDecode"}, {"value": "UrlEncode"}]}}}]}}, {"type": "string", "name": "name", "arg": "$parameters.properties.customRules.rules[].name", "format": {"maxLength": 128}}, {"type": "integer", "name": "priority", "arg": "$parameters.properties.customRules.rules[].priority", "required": true}, {"type": "integer", "name": "rateLimitDurationInMinutes", "arg": "$parameters.properties.customRules.rules[].rateLimitDurationInMinutes", "format": {"maximum": 5, "minimum": 0}}, {"type": "integer", "name": "rateLimitThreshold", "arg": "$parameters.properties.customRules.rules[].rateLimitThreshold", "format": {"minimum": 0}}, {"type": "string", "name": "ruleType", "arg": "$parameters.properties.customRules.rules[].ruleType", "required": true, "enum": {"items": [{"value": "MatchRule"}, {"value": "RateLimitRule"}]}}]}}]}, {"type": "object", "name": "managedRules", "arg": "$parameters.properties.managedRules", "props": [{"type": "object", "name": "exceptionsList", "arg": "$parameters.properties.managedRules.exceptionsList", "props": [{"type": "array", "name": "exceptions", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions", "item": {"type": "object", "props": [{"type": "array", "name": "matchValues", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchValues", "required": true, "item": {"type": "string"}}, {"type": "string", "name": "matchVariable", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].matchVariable", "required": true, "enum": {"items": [{"value": "RequestHeaderNames"}, {"value": "RequestUri"}, {"value": "SocketAddr"}]}}, {"type": "array", "name": "scopes", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes", "required": true, "item": {"type": "object", "props": [{"type": "array", "name": "ruleGroupScopes", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleGroupName", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleGroupName", "required": true}, {"type": "array", "name": "ruleScopes", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes", "item": {"type": "object", "props": [{"type": "string", "name": "ruleId", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleGroupScopes[].ruleScopes[].ruleId", "required": true}]}}]}}, {"type": "string", "name": "ruleSetType", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].scopes[].ruleSetVersion", "required": true}]}}, {"type": "string", "name": "selector", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].selector"}, {"type": "string", "name": "selectorMatchOperator", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].selectorMatchOperator", "enum": {"items": [{"value": "Equals"}]}}, {"type": "string", "name": "valueMatchOperator", "arg": "$parameters.properties.managedRules.exceptionsList.exceptions[].valueMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "IPMatch"}, {"value": "StartsWith"}]}}]}}]}, {"type": "array", "name": "managedRuleSets", "arg": "$parameters.properties.managedRules.managedRuleSets", "item": {"type": "object", "props": [{"type": "array", "name": "exclusions", "arg": "$parameters.properties.managedRules.managedRuleSets[].exclusions", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "arg": "@ManagedRuleExclusion_update.matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}]}}, {"type": "string", "name": "selector", "arg": "@ManagedRuleExclusion_update.selector", "required": true}, {"type": "string", "name": "selectorMatchOperator", "arg": "@ManagedRuleExclusion_update.selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Contains"}, {"value": "EndsWith"}, {"value": "Equals"}, {"value": "EqualsAny"}, {"value": "StartsWith"}]}}], "cls": "ManagedRuleExclusion_update"}}, {"type": "array", "name": "ruleGroupOverrides", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides", "item": {"type": "object", "props": [{"type": "array<@ManagedRuleExclusion_update>", "name": "exclusions", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].exclusions", "item": {"type": "@ManagedRuleExclusion_update"}}, {"type": "string", "name": "ruleGroupName", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].ruleGroupName", "required": true}, {"type": "array", "name": "rules", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules", "item": {"type": "object", "props": [{"type": "string", "name": "action", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].action", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "enabledState", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "array<@ManagedRuleExclusion_update>", "name": "exclusions", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].exclusions", "item": {"type": "@ManagedRuleExclusion_update"}}, {"type": "string", "name": "ruleId", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].ruleId", "required": true}, {"type": "string", "name": "sensitivity", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleGroupOverrides[].rules[].sensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}]}}]}}, {"type": "string", "name": "ruleSetAction", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleSetAction", "enum": {"items": [{"value": "Block"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"type": "string", "name": "ruleSetType", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleSetType", "required": true}, {"type": "string", "name": "ruleSetVersion", "arg": "$parameters.properties.managedRules.managedRuleSets[].ruleSetVersion", "required": true}]}}]}, {"type": "object", "name": "policySettings", "props": [{"type": "integer32", "name": "captchaExpirationInMinutes", "arg": "$parameters.properties.policySettings.captchaExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "string", "name": "customBlockResponseBody", "arg": "$parameters.properties.policySettings.customBlockResponseBody", "format": {"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$"}}, {"type": "integer", "name": "customBlockResponseStatusCode", "arg": "$parameters.properties.policySettings.customBlockResponseStatusCode"}, {"type": "string", "name": "enabledState", "arg": "$parameters.properties.policySettings.enabledState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"type": "integer32", "name": "javascriptChallengeExpirationInMinutes", "arg": "$parameters.properties.policySettings.javascriptChallengeExpirationInMinutes", "format": {"maximum": 1440, "minimum": 5}}, {"type": "object", "name": "logScrubbing", "arg": "$parameters.properties.policySettings.logScrubbing", "props": [{"type": "array", "name": "scrubbingRules", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules", "item": {"type": "object", "props": [{"type": "string", "name": "matchVariable", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].matchVariable", "required": true, "enum": {"items": [{"value": "QueryStringArgNames"}, {"value": "RequestBodyJsonArgNames"}, {"value": "RequestBodyPostArgNames"}, {"value": "RequestCookieNames"}, {"value": "RequestHeaderNames"}, {"value": "RequestIPAddress"}, {"value": "RequestUri"}]}}, {"type": "string", "name": "selector", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selector"}, {"type": "string", "name": "selectorMatchOperator", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].selectorMatchOperator", "required": true, "enum": {"items": [{"value": "Equals"}, {"value": "EqualsAny"}]}}, {"type": "string", "name": "state", "arg": "$parameters.properties.policySettings.logScrubbing.scrubbingRules[].state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}}, {"type": "string", "name": "state", "arg": "$parameters.properties.policySettings.logScrubbing.state", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}], "clientFlatten": true}, {"type": "string", "name": "mode", "arg": "$parameters.properties.policySettings.mode", "enum": {"items": [{"value": "Detection"}, {"value": "Prevention"}]}}, {"type": "string", "name": "redirectUrl", "arg": "$parameters.properties.policySettings.redirectUrl"}, {"type": "string", "name": "requestBodyCheck", "arg": "$parameters.properties.policySettings.requestBodyCheck", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}]}], "clientFlatten": true}, {"type": "object", "name": "sku", "props": [{"type": "string", "name": "name", "arg": "$parameters.sku.name", "enum": {"items": [{"value": "Classic_AzureFrontDoor"}, {"value": "Premium_AzureFrontDoor"}, {"value": "Standard_AzureFrontDoor"}]}}]}, {"type": "object", "name": "tags", "arg": "$parameters.tags", "additionalProps": {"item": {"type": "string"}}}], "clientFlatten": true}}}}, {"longRunning": {"finalStateVia": "azure-async-operation"}, "operationId": "Policies_CreateOrUpdate", "http": {"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}", "request": {"method": "put", "path": {"params": [{"type": "string", "name": "policyName", "arg": "$Path.policyName", "required": true, "format": {"maxLength": 128}}, {"type": "string", "name": "resourceGroupName", "arg": "$Path.resourceGroupName", "required": true, "format": {"pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", "maxLength": 80, "minLength": 1}}, {"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-11-01"}, "type": "string", "name": "api-version", "required": true}]}, "body": {"json": {"ref": "$Instance"}}}, "responses": [{"statusCode": [200, 201], "body": {"json": {"var": "$Instance", "schema": {"type": "@WebApplicationFirewallPolicy_read"}}}}, {"statusCode": [202], "body": {"json": {"var": "$Instance", "schema": {"type": "@WebApplicationFirewallPolicy_read"}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "object", "ref": "$Instance", "clientFlatten": true}]}]}]} \ No newline at end of file diff --git a/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml new file mode 100644 index 000000000..9d6098109 --- /dev/null +++ b/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml @@ -0,0 +1,2733 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +