Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.azure.cdn.kotlin.FrontdoorFirewallPolicyArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.cdn.kotlin
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs.builder
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyCustomRuleArgs
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyCustomRuleArgsBuilder
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyManagedRuleArgs
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyManagedRuleArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Manages a Front Door (standard/premium) Firewall Policy instance.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example-cdn-frontdoor",
* location: "West Europe",
* });
* const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("example", {
* name: "example-profile",
* resourceGroupName: example.name,
* skuName: "Premium_AzureFrontDoor",
* });
* const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("example", {
* name: "examplecdnfdwafpolicy",
* resourceGroupName: example.name,
* skuName: exampleFrontdoorProfile.skuName,
* enabled: true,
* mode: "Prevention",
* redirectUrl: "https://www.contoso.com",
* customBlockResponseStatusCode: 403,
* customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* customRules: [
* {
* name: "Rule1",
* enabled: true,
* priority: 1,
* rateLimitDurationInMinutes: 1,
* rateLimitThreshold: 10,
* type: "MatchRule",
* action: "Block",
* matchConditions: [{
* matchVariable: "RemoteAddr",
* operator: "IPMatch",
* negationCondition: false,
* matchValues: [
* "10.0.1.0/24",
* "10.0.0.0/24",
* ],
* }],
* },
* {
* name: "Rule2",
* enabled: true,
* priority: 2,
* rateLimitDurationInMinutes: 1,
* rateLimitThreshold: 10,
* type: "MatchRule",
* action: "Block",
* matchConditions: [
* {
* matchVariable: "RemoteAddr",
* operator: "IPMatch",
* negationCondition: false,
* matchValues: ["192.168.1.0/24"],
* },
* {
* matchVariable: "RequestHeader",
* selector: "UserAgent",
* operator: "Contains",
* negationCondition: false,
* matchValues: ["windows"],
* transforms: [
* "Lowercase",
* "Trim",
* ],
* },
* ],
* },
* ],
* managedRules: [
* {
* type: "DefaultRuleSet",
* version: "1.0",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "not_suspicious",
* }],
* overrides: [
* {
* ruleGroupName: "PHP",
* rules: [{
* ruleId: "933100",
* enabled: false,
* action: "Block",
* }],
* },
* {
* ruleGroupName: "SQLI",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "really_not_suspicious",
* }],
* rules: [{
* ruleId: "942200",
* action: "Block",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "innocent",
* }],
* }],
* },
* ],
* },
* {
* type: "Microsoft_BotManagerRuleSet",
* version: "1.0",
* action: "Log",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example-cdn-frontdoor",
* location="West Europe")
* example_frontdoor_profile = azure.cdn.FrontdoorProfile("example",
* name="example-profile",
* resource_group_name=example.name,
* sku_name="Premium_AzureFrontDoor")
* example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("example",
* name="examplecdnfdwafpolicy",
* resource_group_name=example.name,
* sku_name=example_frontdoor_profile.sku_name,
* enabled=True,
* mode="Prevention",
* redirect_url="https://www.contoso.com",
* custom_block_response_status_code=403,
* custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* custom_rules=[
* {
* "name": "Rule1",
* "enabled": True,
* "priority": 1,
* "rate_limit_duration_in_minutes": 1,
* "rate_limit_threshold": 10,
* "type": "MatchRule",
* "action": "Block",
* "match_conditions": [{
* "match_variable": "RemoteAddr",
* "operator": "IPMatch",
* "negation_condition": False,
* "match_values": [
* "10.0.1.0/24",
* "10.0.0.0/24",
* ],
* }],
* },
* {
* "name": "Rule2",
* "enabled": True,
* "priority": 2,
* "rate_limit_duration_in_minutes": 1,
* "rate_limit_threshold": 10,
* "type": "MatchRule",
* "action": "Block",
* "match_conditions": [
* {
* "match_variable": "RemoteAddr",
* "operator": "IPMatch",
* "negation_condition": False,
* "match_values": ["192.168.1.0/24"],
* },
* {
* "match_variable": "RequestHeader",
* "selector": "UserAgent",
* "operator": "Contains",
* "negation_condition": False,
* "match_values": ["windows"],
* "transforms": [
* "Lowercase",
* "Trim",
* ],
* },
* ],
* },
* ],
* managed_rules=[
* {
* "type": "DefaultRuleSet",
* "version": "1.0",
* "exclusions": [{
* "match_variable": "QueryStringArgNames",
* "operator": "Equals",
* "selector": "not_suspicious",
* }],
* "overrides": [
* {
* "rule_group_name": "PHP",
* "rules": [{
* "rule_id": "933100",
* "enabled": False,
* "action": "Block",
* }],
* },
* {
* "rule_group_name": "SQLI",
* "exclusions": [{
* "match_variable": "QueryStringArgNames",
* "operator": "Equals",
* "selector": "really_not_suspicious",
* }],
* "rules": [{
* "rule_id": "942200",
* "action": "Block",
* "exclusions": [{
* "match_variable": "QueryStringArgNames",
* "operator": "Equals",
* "selector": "innocent",
* }],
* }],
* },
* ],
* },
* {
* "type": "Microsoft_BotManagerRuleSet",
* "version": "1.0",
* "action": "Log",
* },
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-cdn-frontdoor",
* Location = "West Europe",
* });
* var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("example", new()
* {
* Name = "example-profile",
* ResourceGroupName = example.Name,
* SkuName = "Premium_AzureFrontDoor",
* });
* var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("example", new()
* {
* Name = "examplecdnfdwafpolicy",
* ResourceGroupName = example.Name,
* SkuName = exampleFrontdoorProfile.SkuName,
* Enabled = true,
* Mode = "Prevention",
* RedirectUrl = "https://www.contoso.com",
* CustomBlockResponseStatusCode = 403,
* CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* CustomRules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
* {
* Name = "Rule1",
* Enabled = true,
* Priority = 1,
* RateLimitDurationInMinutes = 1,
* RateLimitThreshold = 10,
* Type = "MatchRule",
* Action = "Block",
* MatchConditions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RemoteAddr",
* Operator = "IPMatch",
* NegationCondition = false,
* MatchValues = new[]
* {
* "10.0.1.0/24",
* "10.0.0.0/24",
* },
* },
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
* {
* Name = "Rule2",
* Enabled = true,
* Priority = 2,
* RateLimitDurationInMinutes = 1,
* RateLimitThreshold = 10,
* Type = "MatchRule",
* Action = "Block",
* MatchConditions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RemoteAddr",
* Operator = "IPMatch",
* NegationCondition = false,
* MatchValues = new[]
* {
* "192.168.1.0/24",
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RequestHeader",
* Selector = "UserAgent",
* Operator = "Contains",
* NegationCondition = false,
* MatchValues = new[]
* {
* "windows",
* },
* Transforms = new[]
* {
* "Lowercase",
* "Trim",
* },
* },
* },
* },
* },
* ManagedRules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
* {
* Type = "DefaultRuleSet",
* Version = "1.0",
* Exclusions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "not_suspicious",
* },
* },
* Overrides = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
* {
* RuleGroupName = "PHP",
* Rules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
* {
* RuleId = "933100",
* Enabled = false,
* Action = "Block",
* },
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
* {
* RuleGroupName = "SQLI",
* Exclusions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "really_not_suspicious",
* },
* },
* Rules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
* {
* RuleId = "942200",
* Action = "Block",
* Exclusions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "innocent",
* },
* },
* },
* },
* },
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
* {
* Type = "Microsoft_BotManagerRuleSet",
* Version = "1.0",
* Action = "Log",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/cdn"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-cdn-frontdoor"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "example", &cdn.FrontdoorProfileArgs{
* Name: pulumi.String("example-profile"),
* ResourceGroupName: example.Name,
* SkuName: pulumi.String("Premium_AzureFrontDoor"),
* })
* if err != nil {
* return err
* }
* _, err = cdn.NewFrontdoorFirewallPolicy(ctx, "example", &cdn.FrontdoorFirewallPolicyArgs{
* Name: pulumi.String("examplecdnfdwafpolicy"),
* ResourceGroupName: example.Name,
* SkuName: exampleFrontdoorProfile.SkuName,
* Enabled: pulumi.Bool(true),
* Mode: pulumi.String("Prevention"),
* RedirectUrl: pulumi.String("https://www.contoso.com"),
* CustomBlockResponseStatusCode: pulumi.Int(403),
* CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
* CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
* &cdn.FrontdoorFirewallPolicyCustomRuleArgs{
* Name: pulumi.String("Rule1"),
* Enabled: pulumi.Bool(true),
* Priority: pulumi.Int(1),
* RateLimitDurationInMinutes: pulumi.Int(1),
* RateLimitThreshold: pulumi.Int(10),
* Type: pulumi.String("MatchRule"),
* Action: pulumi.String("Block"),
* MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
* &cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RemoteAddr"),
* Operator: pulumi.String("IPMatch"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("10.0.1.0/24"),
* pulumi.String("10.0.0.0/24"),
* },
* },
* },
* },
* &cdn.FrontdoorFirewallPolicyCustomRuleArgs{
* Name: pulumi.String("Rule2"),
* Enabled: pulumi.Bool(true),
* Priority: pulumi.Int(2),
* RateLimitDurationInMinutes: pulumi.Int(1),
* RateLimitThreshold: pulumi.Int(10),
* Type: pulumi.String("MatchRule"),
* Action: pulumi.String("Block"),
* MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
* &cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RemoteAddr"),
* Operator: pulumi.String("IPMatch"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("192.168.1.0/24"),
* },
* },
* &cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RequestHeader"),
* Selector: pulumi.String("UserAgent"),
* Operator: pulumi.String("Contains"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("windows"),
* },
* Transforms: pulumi.StringArray{
* pulumi.String("Lowercase"),
* pulumi.String("Trim"),
* },
* },
* },
* },
* },
* ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleArgs{
* Type: pulumi.String("DefaultRuleSet"),
* Version: pulumi.String("1.0"),
* Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("not_suspicious"),
* },
* },
* Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
* RuleGroupName: pulumi.String("PHP"),
* Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
* RuleId: pulumi.String("933100"),
* Enabled: pulumi.Bool(false),
* Action: pulumi.String("Block"),
* },
* },
* },
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
* RuleGroupName: pulumi.String("SQLI"),
* Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("really_not_suspicious"),
* },
* },
* Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
* RuleId: pulumi.String("942200"),
* Action: pulumi.String("Block"),
* Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("innocent"),
* },
* },
* },
* },
* },
* },
* },
* &cdn.FrontdoorFirewallPolicyManagedRuleArgs{
* Type: pulumi.String("Microsoft_BotManagerRuleSet"),
* Version: pulumi.String("1.0"),
* Action: pulumi.String("Log"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.cdn.FrontdoorProfile;
* import com.pulumi.azure.cdn.FrontdoorProfileArgs;
* import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
* import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
* import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
* import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-cdn-frontdoor")
* .location("West Europe")
* .build());
* var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
* .name("example-profile")
* .resourceGroupName(example.name())
* .skuName("Premium_AzureFrontDoor")
* .build());
* var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
* .name("examplecdnfdwafpolicy")
* .resourceGroupName(example.name())
* .skuName(exampleFrontdoorProfile.skuName())
* .enabled(true)
* .mode("Prevention")
* .redirectUrl("https://www.contoso.com")
* .customBlockResponseStatusCode(403)
* .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
* .customRules(
* FrontdoorFirewallPolicyCustomRuleArgs.builder()
* .name("Rule1")
* .enabled(true)
* .priority(1)
* .rateLimitDurationInMinutes(1)
* .rateLimitThreshold(10)
* .type("MatchRule")
* .action("Block")
* .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RemoteAddr")
* .operator("IPMatch")
* .negationCondition(false)
* .matchValues(
* "10.0.1.0/24",
* "10.0.0.0/24")
* .build())
* .build(),
* FrontdoorFirewallPolicyCustomRuleArgs.builder()
* .name("Rule2")
* .enabled(true)
* .priority(2)
* .rateLimitDurationInMinutes(1)
* .rateLimitThreshold(10)
* .type("MatchRule")
* .action("Block")
* .matchConditions(
* FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RemoteAddr")
* .operator("IPMatch")
* .negationCondition(false)
* .matchValues("192.168.1.0/24")
* .build(),
* FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RequestHeader")
* .selector("UserAgent")
* .operator("Contains")
* .negationCondition(false)
* .matchValues("windows")
* .transforms(
* "Lowercase",
* "Trim")
* .build())
* .build())
* .managedRules(
* FrontdoorFirewallPolicyManagedRuleArgs.builder()
* .type("DefaultRuleSet")
* .version("1.0")
* .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("not_suspicious")
* .build())
* .overrides(
* FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
* .ruleGroupName("PHP")
* .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
* .ruleId("933100")
* .enabled(false)
* .action("Block")
* .build())
* .build(),
* FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
* .ruleGroupName("SQLI")
* .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("really_not_suspicious")
* .build())
* .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
* .ruleId("942200")
* .action("Block")
* .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("innocent")
* .build())
* .build())
* .build())
* .build(),
* FrontdoorFirewallPolicyManagedRuleArgs.builder()
* .type("Microsoft_BotManagerRuleSet")
* .version("1.0")
* .action("Log")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-cdn-frontdoor
* location: West Europe
* exampleFrontdoorProfile:
* type: azure:cdn:FrontdoorProfile
* name: example
* properties:
* name: example-profile
* resourceGroupName: ${example.name}
* skuName: Premium_AzureFrontDoor
* exampleFrontdoorFirewallPolicy:
* type: azure:cdn:FrontdoorFirewallPolicy
* name: example
* properties:
* name: examplecdnfdwafpolicy
* resourceGroupName: ${example.name}
* skuName: ${exampleFrontdoorProfile.skuName}
* enabled: true
* mode: Prevention
* redirectUrl: https://www.contoso.com
* customBlockResponseStatusCode: 403
* customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
* customRules:
* - name: Rule1
* enabled: true
* priority: 1
* rateLimitDurationInMinutes: 1
* rateLimitThreshold: 10
* type: MatchRule
* action: Block
* matchConditions:
* - matchVariable: RemoteAddr
* operator: IPMatch
* negationCondition: false
* matchValues:
* - 10.0.1.0/24
* - 10.0.0.0/24
* - name: Rule2
* enabled: true
* priority: 2
* rateLimitDurationInMinutes: 1
* rateLimitThreshold: 10
* type: MatchRule
* action: Block
* matchConditions:
* - matchVariable: RemoteAddr
* operator: IPMatch
* negationCondition: false
* matchValues:
* - 192.168.1.0/24
* - matchVariable: RequestHeader
* selector: UserAgent
* operator: Contains
* negationCondition: false
* matchValues:
* - windows
* transforms:
* - Lowercase
* - Trim
* managedRules:
* - type: DefaultRuleSet
* version: '1.0'
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: not_suspicious
* overrides:
* - ruleGroupName: PHP
* rules:
* - ruleId: '933100'
* enabled: false
* action: Block
* - ruleGroupName: SQLI
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: really_not_suspicious
* rules:
* - ruleId: '942200'
* action: Block
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: innocent
* - type: Microsoft_BotManagerRuleSet
* version: '1.0'
* action: Log
* ```
*
* ## Import
* Front Door Firewall Policies can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1
* ```
* @property customBlockResponseBody If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
* @property customBlockResponseStatusCode If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
* @property customRules One or more `custom_rule` blocks as defined below.
* @property enabled Is the Front Door Firewall Policy enabled? Defaults to `true`.
* @property managedRules One or more `managed_rule` blocks as defined below.
* @property mode The Front Door Firewall Policy mode. Possible values are `Detection`, `Prevention`.
* @property name The name of the policy. Changing this forces a new resource to be created.
* @property redirectUrl If action type is redirect, this field represents redirect URL for the client.
* @property requestBodyCheckEnabled Should policy managed rules inspect the request body content? Defaults to `true`.
* > **NOTE:** When run in `Detection` mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.
* @property resourceGroupName The name of the resource group. Changing this forces a new resource to be created.
* @property skuName The sku's pricing tier for this Front Door Firewall Policy. Possible values include `Standard_AzureFrontDoor` or `Premium_AzureFrontDoor`. Changing this forces a new resource to be created.
* > **NOTE:** The `Standard_AzureFrontDoor` Front Door Firewall Policy sku may contain `custom` rules only. The `Premium_AzureFrontDoor` Front Door Firewall Policy skus may contain both `custom` and `managed` rules.
* @property tags A mapping of tags to assign to the Front Door Firewall Policy.
*/
public data class FrontdoorFirewallPolicyArgs(
public val customBlockResponseBody: Output? = null,
public val customBlockResponseStatusCode: Output? = null,
public val customRules: Output>? = null,
public val enabled: Output? = null,
public val managedRules: Output>? = null,
public val mode: Output? = null,
public val name: Output? = null,
public val redirectUrl: Output? = null,
public val requestBodyCheckEnabled: Output? = null,
public val resourceGroupName: Output? = null,
public val skuName: Output? = null,
public val tags: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs =
com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs.builder()
.customBlockResponseBody(customBlockResponseBody?.applyValue({ args0 -> args0 }))
.customBlockResponseStatusCode(customBlockResponseStatusCode?.applyValue({ args0 -> args0 }))
.customRules(
customRules?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.enabled(enabled?.applyValue({ args0 -> args0 }))
.managedRules(
managedRules?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.mode(mode?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.redirectUrl(redirectUrl?.applyValue({ args0 -> args0 }))
.requestBodyCheckEnabled(requestBodyCheckEnabled?.applyValue({ args0 -> args0 }))
.resourceGroupName(resourceGroupName?.applyValue({ args0 -> args0 }))
.skuName(skuName?.applyValue({ args0 -> args0 }))
.tags(
tags?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
).build()
}
/**
* Builder for [FrontdoorFirewallPolicyArgs].
*/
@PulumiTagMarker
public class FrontdoorFirewallPolicyArgsBuilder internal constructor() {
private var customBlockResponseBody: Output? = null
private var customBlockResponseStatusCode: Output? = null
private var customRules: Output>? = null
private var enabled: Output? = null
private var managedRules: Output>? = null
private var mode: Output? = null
private var name: Output? = null
private var redirectUrl: Output? = null
private var requestBodyCheckEnabled: Output? = null
private var resourceGroupName: Output? = null
private var skuName: Output? = null
private var tags: Output>? = null
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
*/
@JvmName("siaxmogmndqowlje")
public suspend fun customBlockResponseBody(`value`: Output) {
this.customBlockResponseBody = value
}
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
*/
@JvmName("vctflxanghscyqox")
public suspend fun customBlockResponseStatusCode(`value`: Output) {
this.customBlockResponseStatusCode = value
}
/**
* @param value One or more `custom_rule` blocks as defined below.
*/
@JvmName("lnjxjdpojbyaiucs")
public suspend fun customRules(`value`: Output>) {
this.customRules = value
}
@JvmName("ydjhbhrcsavetlxr")
public suspend fun customRules(vararg values: Output) {
this.customRules = Output.all(values.asList())
}
/**
* @param values One or more `custom_rule` blocks as defined below.
*/
@JvmName("peucsixbpkxrnqsi")
public suspend fun customRules(values: List>) {
this.customRules = Output.all(values)
}
/**
* @param value Is the Front Door Firewall Policy enabled? Defaults to `true`.
*/
@JvmName("bnrebnwbdwomawov")
public suspend fun enabled(`value`: Output) {
this.enabled = value
}
/**
* @param value One or more `managed_rule` blocks as defined below.
*/
@JvmName("kqlpstlyllrqqjwy")
public suspend fun managedRules(`value`: Output>) {
this.managedRules = value
}
@JvmName("hedwvlcpiycicugm")
public suspend fun managedRules(vararg values: Output) {
this.managedRules = Output.all(values.asList())
}
/**
* @param values One or more `managed_rule` blocks as defined below.
*/
@JvmName("yshadqieuawcilut")
public suspend fun managedRules(values: List>) {
this.managedRules = Output.all(values)
}
/**
* @param value The Front Door Firewall Policy mode. Possible values are `Detection`, `Prevention`.
*/
@JvmName("cxuwedwspyotmgdd")
public suspend fun mode(`value`: Output) {
this.mode = value
}
/**
* @param value The name of the policy. Changing this forces a new resource to be created.
*/
@JvmName("flmpxounjjkmvkqt")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value If action type is redirect, this field represents redirect URL for the client.
*/
@JvmName("xjviybofyprfruwn")
public suspend fun redirectUrl(`value`: Output) {
this.redirectUrl = value
}
/**
* @param value Should policy managed rules inspect the request body content? Defaults to `true`.
* > **NOTE:** When run in `Detection` mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.
*/
@JvmName("mhmgleheqtwlaruk")
public suspend fun requestBodyCheckEnabled(`value`: Output) {
this.requestBodyCheckEnabled = value
}
/**
* @param value The name of the resource group. Changing this forces a new resource to be created.
*/
@JvmName("hxyqqlfewsyrwmbq")
public suspend fun resourceGroupName(`value`: Output) {
this.resourceGroupName = value
}
/**
* @param value The sku's pricing tier for this Front Door Firewall Policy. Possible values include `Standard_AzureFrontDoor` or `Premium_AzureFrontDoor`. Changing this forces a new resource to be created.
* > **NOTE:** The `Standard_AzureFrontDoor` Front Door Firewall Policy sku may contain `custom` rules only. The `Premium_AzureFrontDoor` Front Door Firewall Policy skus may contain both `custom` and `managed` rules.
*/
@JvmName("tmoofxatlbmoxygw")
public suspend fun skuName(`value`: Output) {
this.skuName = value
}
/**
* @param value A mapping of tags to assign to the Front Door Firewall Policy.
*/
@JvmName("jsyfbqhjsucxbjbq")
public suspend fun tags(`value`: Output>) {
this.tags = value
}
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
*/
@JvmName("ylinkjlcudhmsdsw")
public suspend fun customBlockResponseBody(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customBlockResponseBody = mapped
}
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
*/
@JvmName("oymrrepbqvqsblkf")
public suspend fun customBlockResponseStatusCode(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customBlockResponseStatusCode = mapped
}
/**
* @param value One or more `custom_rule` blocks as defined below.
*/
@JvmName("blmdnsmwkwgxgrcv")
public suspend fun customRules(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customRules = mapped
}
/**
* @param argument One or more `custom_rule` blocks as defined below.
*/
@JvmName("wsulfybhpocqnkbb")
public suspend fun customRules(argument: List Unit>) {
val toBeMapped = argument.toList().map {
FrontdoorFirewallPolicyCustomRuleArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.customRules = mapped
}
/**
* @param argument One or more `custom_rule` blocks as defined below.
*/
@JvmName("mqnexfrxrqfplvhr")
public suspend fun customRules(vararg argument: suspend FrontdoorFirewallPolicyCustomRuleArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
FrontdoorFirewallPolicyCustomRuleArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.customRules = mapped
}
/**
* @param argument One or more `custom_rule` blocks as defined below.
*/
@JvmName("scepoamhduxcibbt")
public suspend fun customRules(argument: suspend FrontdoorFirewallPolicyCustomRuleArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
FrontdoorFirewallPolicyCustomRuleArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.customRules = mapped
}
/**
* @param values One or more `custom_rule` blocks as defined below.
*/
@JvmName("vhainqmqipqgoryq")
public suspend fun customRules(vararg values: FrontdoorFirewallPolicyCustomRuleArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.customRules = mapped
}
/**
* @param value Is the Front Door Firewall Policy enabled? Defaults to `true`.
*/
@JvmName("wwtupyoesnjubfwl")
public suspend fun enabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enabled = mapped
}
/**
* @param value One or more `managed_rule` blocks as defined below.
*/
@JvmName("qqlvfelkjmfywubq")
public suspend fun managedRules(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.managedRules = mapped
}
/**
* @param argument One or more `managed_rule` blocks as defined below.
*/
@JvmName("tnvwtyhxwxkffydj")
public suspend fun managedRules(argument: List Unit>) {
val toBeMapped = argument.toList().map {
FrontdoorFirewallPolicyManagedRuleArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.managedRules = mapped
}
/**
* @param argument One or more `managed_rule` blocks as defined below.
*/
@JvmName("eqrlvvvjidniiyhs")
public suspend fun managedRules(vararg argument: suspend FrontdoorFirewallPolicyManagedRuleArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
FrontdoorFirewallPolicyManagedRuleArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.managedRules = mapped
}
/**
* @param argument One or more `managed_rule` blocks as defined below.
*/
@JvmName("dcqxuxxtjbkfoywa")
public suspend fun managedRules(argument: suspend FrontdoorFirewallPolicyManagedRuleArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
FrontdoorFirewallPolicyManagedRuleArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.managedRules = mapped
}
/**
* @param values One or more `managed_rule` blocks as defined below.
*/
@JvmName("sqofdtrbdftnhjbx")
public suspend fun managedRules(vararg values: FrontdoorFirewallPolicyManagedRuleArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.managedRules = mapped
}
/**
* @param value The Front Door Firewall Policy mode. Possible values are `Detection`, `Prevention`.
*/
@JvmName("nbwsmqaddfickcte")
public suspend fun mode(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.mode = mapped
}
/**
* @param value The name of the policy. Changing this forces a new resource to be created.
*/
@JvmName("lkcecvfweeltilpi")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value If action type is redirect, this field represents redirect URL for the client.
*/
@JvmName("igjppyoquvgtbucm")
public suspend fun redirectUrl(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.redirectUrl = mapped
}
/**
* @param value Should policy managed rules inspect the request body content? Defaults to `true`.
* > **NOTE:** When run in `Detection` mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.
*/
@JvmName("tfvlnnmqtjhmkpid")
public suspend fun requestBodyCheckEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.requestBodyCheckEnabled = mapped
}
/**
* @param value The name of the resource group. Changing this forces a new resource to be created.
*/
@JvmName("waqndkarovjllcui")
public suspend fun resourceGroupName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceGroupName = mapped
}
/**
* @param value The sku's pricing tier for this Front Door Firewall Policy. Possible values include `Standard_AzureFrontDoor` or `Premium_AzureFrontDoor`. Changing this forces a new resource to be created.
* > **NOTE:** The `Standard_AzureFrontDoor` Front Door Firewall Policy sku may contain `custom` rules only. The `Premium_AzureFrontDoor` Front Door Firewall Policy skus may contain both `custom` and `managed` rules.
*/
@JvmName("ryrsqgicrdgysqyg")
public suspend fun skuName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.skuName = mapped
}
/**
* @param value A mapping of tags to assign to the Front Door Firewall Policy.
*/
@JvmName("dbfxmgwvpqwelxsh")
public suspend fun tags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param values A mapping of tags to assign to the Front Door Firewall Policy.
*/
@JvmName("fjktuhbfxbsoasjq")
public fun tags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tags = mapped
}
internal fun build(): FrontdoorFirewallPolicyArgs = FrontdoorFirewallPolicyArgs(
customBlockResponseBody = customBlockResponseBody,
customBlockResponseStatusCode = customBlockResponseStatusCode,
customRules = customRules,
enabled = enabled,
managedRules = managedRules,
mode = mode,
name = name,
redirectUrl = redirectUrl,
requestBodyCheckEnabled = requestBodyCheckEnabled,
resourceGroupName = resourceGroupName,
skuName = skuName,
tags = tags,
)
}
