waf 1101

Commands/network/front-door/waf-policy/_create.md

@@ -22,3 +22,14 @@ Create policy with specified rule set name within a resource group.
     ```bash
         network front-door waf-policy create --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor
     ```
+
+### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{} 2025-11-01 -->
+
+#### examples
+
+- Creates specific policy
+    ```bash
+        network front-door waf-policy create --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor
+    ```

Commands/network/front-door/waf-policy/_delete.md

@@ -22,3 +22,14 @@ Delete Policy
     ```bash
         network front-door waf-policy delete --resource-group rg1 --policy-name Policy1
     ```
+
+### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{} 2025-11-01 -->
+
+#### examples
+
+- Delete protection policy
+    ```bash
+        network front-door waf-policy delete --resource-group rg1 --policy-name Policy1
+    ```

Commands/network/front-door/waf-policy/_list.md

@@ -22,3 +22,14 @@ List all of the protection policies within a resource group.
     ```bash
         network front-door waf-policy list --resource-group rg1
     ```
+
+### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcw==/2025-11-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies 2025-11-01 -->
+
+#### examples
+
+- Get all Policies in a Resource Group
+    ```bash
+        network front-door waf-policy list --resource-group rg1
+    ```

Commands/network/front-door/waf-policy/_show.md

@@ -22,3 +22,14 @@ Get protection policy with specified name within a resource group.
     ```bash
         network front-door waf-policy show --resource-group rg1 --policy-name Policy1
     ```
+
+### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{} 2025-11-01 -->
+
+#### examples
+
+- Get Policy
+    ```bash
+        network front-door waf-policy show --resource-group rg1 --policy-name Policy1
+    ```

Commands/network/front-door/waf-policy/_update.md

@@ -47,3 +47,21 @@ Update policy with specified rule set name within a resource group.
     ```bash
         network front-door waf-policy update --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor
     ```
+
+### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxwb2xpY2llcy97fQ==/2025-11-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/resourcegroups/{}/providers/microsoft.network/frontdoorwebapplicationfirewallpolicies/{} 2025-11-01 -->
+
+#### examples
+
+- update log scrubbing
+    ```bash
+        network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:QueryStringArgNames,selector-match-operator:EqualsAny}],state:Enabled}"
+        network front-door waf-policy update -g rg -n n1 --log-scrubbing scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:Equals}"
+        network front-door waf-policy update -g rg -n n1 --log-scrubbing "{scrubbing-rules:[{match-variable:RequestBodyJsonArgNames,selector-match-operator:EqualsAny}],state:Enabled}" scrubbing-rules[1]="{match-variable:RequestUri,selector-match-operator:EqualsAny}"
+    ```
+
+- Update specific policy
+    ```bash
+        network front-door waf-policy update --resource-group rg1 --policy-name Policy1 --location WestUs --enabled-state Enabled --mode Prevention --redirect-url http://www.bing.com --custom-block-response-status-code 429 --custom-block-response-body PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg== --request-body-check Disabled --javascript-challenge-expiration-in-minutes 30 --captcha-expiration-in-minutes 30 --log-scrubbing "{state:Enabled,scrubbing-rules:[{match-variable:RequestIPAddress,selector-match-operator:EqualsAny,selector:null,state:Enabled}]}" --custom-rules "{rules:[{name:Rule1,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:IPMatch,match-value:[192.168.1.0/24,10.0.0.0/24]}],action:Block},{name:Rule2,priority:2,rule-type:MatchRule,match-conditions:[{match-variable:RemoteAddr,operator:GeoMatch,match-value:[CH]},{match-variable:RequestHeader,operator:Contains,selector:UserAgent,match-value:[windows],transforms:[Lowercase]}],action:Block},{name:Rule3,priority:1,rule-type:RateLimitRule,rate-limit-threshold:1000,match-conditions:[{match-variable:RemoteAddr,operator:ServiceTagMatch,match-value:[AzureBackup,AzureBotService]}],action:CAPTCHA}]}" --managed-rules "{managed-rule-sets:[{rule-set-type:DefaultRuleSet,rule-set-version:1.0,rule-set-action:Block,exclusions:[{matchVariable:RequestHeaderNames,selectorMatchOperator:Equals,selector:User-Agent}],rule-group-overrides:[{rule-group-name:SQLI,exclusions:[{matchVariable:RequestCookieNames,selectorMatchOperator:StartsWith,selector:token}],rules:[{rule-id:942100,enabled-state:Enabled,action:Redirect,exclusions:[{matchVariable:QueryStringArgNames,selectorMatchOperator:Equals,selector:query}]},{rule-id:942110,enabled-state:Disabled}]}]},{rule-set-type:Microsoft_HTTPDDoSRuleSet,rule-set-version:1.0,rule-group-overrides:[{rule-group-name:ExcessiveRequests,rules:[{rule-id:500100,enabled-state:Enabled,action:Block,sensitivity:High}]}]}]}" --sku Premium_AzureFrontDoor
+    ```

Commands/network/front-door/waf-policy/managed-rule-definition/_list.md

@@ -0,0 +1,27 @@
+# [Command] _network front-door waf-policy managed-rule-definition list_
+
+List all available managed rule sets.
+
+## Versions
+
+### [2025-10-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets 2025-10-01 -->
+
+#### examples
+
+- List Policies ManagedRuleSets in a Resource Group
+    ```bash
+        network front-door waf-policy managed-rule-definition list
+    ```
+
+### [2025-11-01](/Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-11-01.xml) **Stable**
+
+<!-- mgmt-plane /subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets 2025-11-01 -->
+
+#### examples
+
+- List Policies ManagedRuleSets in a Resource Group
+    ```bash
+        network front-door waf-policy managed-rule-definition list
+    ```

Commands/network/front-door/waf-policy/managed-rule-definition/readme.md

@@ -0,0 +1,8 @@
+# [Group] _network front-door waf-policy managed-rule-definition_
+
+Manage Managed Rule Definition
+
+## Commands
+
+- [list](/Commands/network/front-door/waf-policy/managed-rule-definition/_list.md)
+: List all available managed rule sets.

Commands/network/front-door/waf-policy/readme.md

@@ -2,6 +2,11 @@
 
 Manage WebApplication Firewall (WAF) policies.
 
+## Subgroups
+
+- [managed-rule-definition](/Commands/network/front-door/waf-policy/managed-rule-definition/readme.md)
+: Manage Managed Rule Definition
+
 ## Commands
 
 - [create](/Commands/network/front-door/waf-policy/_create.md)

Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5uZXR3b3JrL2Zyb250ZG9vcndlYmFwcGxpY2F0aW9uZmlyZXdhbGxtYW5hZ2VkcnVsZXNldHM=/2025-10-01.json

@@ -0,0 +1 @@
+{"plane": "mgmt-plane", "resources": [{"id": "/subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets", "version": "2025-10-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvRnJvbnREb29yV2ViQXBwbGljYXRpb25GaXJld2FsbE1hbmFnZWRSdWxlU2V0cw==/V/MjAyNS0xMC0wMQ=="}], "commandGroups": [{"name": "network front-door waf-policy managed-rule-definition", "commands": [{"name": "list", "version": "2025-10-01", "resources": [{"id": "/subscriptions/{}/providers/microsoft.network/frontdoorwebapplicationfirewallmanagedrulesets", "version": "2025-10-01", "swagger": "mgmt-plane/frontdoor/ResourceProviders/Microsoft.Network/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9wcm92aWRlcnMvTWljcm9zb2Z0Lk5ldHdvcmsvRnJvbnREb29yV2ViQXBwbGljYXRpb25GaXJld2FsbE1hbmFnZWRSdWxlU2V0cw==/V/MjAyNS0xMC0wMQ=="}], "argGroups": [{"name": "", "args": [{"type": "SubscriptionId", "var": "$Path.subscriptionId", "options": ["subscription"], "required": true, "idPart": "subscription"}]}], "operations": [{"operationId": "ManagedRuleSets_List", "http": {"path": "/subscriptions/{subscriptionId}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets", "request": {"method": "get", "path": {"params": [{"type": "string", "name": "subscriptionId", "arg": "$Path.subscriptionId", "required": true}]}, "query": {"consts": [{"readOnly": true, "const": true, "default": {"value": "2025-10-01"}, "type": "string", "name": "api-version", "required": true}]}}, "responses": [{"statusCode": [200], "body": {"json": {"var": "$Instance", "schema": {"type": "object", "props": [{"type": "string", "name": "nextLink"}, {"readOnly": true, "type": "array<object>", "name": "value", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "id"}, {"type": "ResourceLocation", "name": "location"}, {"readOnly": true, "type": "string", "name": "name"}, {"type": "object", "name": "properties", "props": [{"readOnly": true, "type": "string", "name": "provisioningState"}, {"readOnly": true, "type": "array<object>", "name": "ruleGroups", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "description"}, {"readOnly": true, "type": "string", "name": "ruleGroupName"}, {"readOnly": true, "type": "array<object>", "name": "rules", "item": {"type": "object", "props": [{"readOnly": true, "type": "string", "name": "defaultAction", "enum": {"items": [{"value": "Allow"}, {"value": "AnomalyScoring"}, {"value": "Block"}, {"value": "CAPTCHA"}, {"value": "JSChallenge"}, {"value": "Log"}, {"value": "Redirect"}]}}, {"readOnly": true, "type": "string", "name": "defaultSensitivity", "enum": {"items": [{"value": "High"}, {"value": "Low"}, {"value": "Medium"}]}}, {"readOnly": true, "type": "string", "name": "defaultState", "enum": {"items": [{"value": "Disabled"}, {"value": "Enabled"}]}}, {"readOnly": true, "type": "string", "name": "description"}, {"readOnly": true, "type": "string", "name": "ruleId"}]}}]}}, {"readOnly": true, "type": "string", "name": "ruleSetId"}, {"readOnly": true, "type": "string", "name": "ruleSetType"}, {"readOnly": true, "type": "string", "name": "ruleSetVersion"}], "clientFlatten": true}, {"type": "object", "name": "tags", "additionalProps": {"item": {"type": "string"}}}, {"readOnly": true, "type": "string", "name": "type"}]}}]}}}}, {"isError": true, "body": {"json": {"schema": {"type": "@ODataV4Format"}}}}]}}], "outputs": [{"type": "array", "ref": "$Instance.value", "clientFlatten": true, "nextLink": "$Instance.nextLink"}], "confirmation": ""}]}]}