com.pulumi.azure.frontdoor.kotlin.FirewallPolicyArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.frontdoor.kotlin
import com.pulumi.azure.frontdoor.FirewallPolicyArgs.builder
import com.pulumi.azure.frontdoor.kotlin.inputs.FirewallPolicyCustomRuleArgs
import com.pulumi.azure.frontdoor.kotlin.inputs.FirewallPolicyCustomRuleArgsBuilder
import com.pulumi.azure.frontdoor.kotlin.inputs.FirewallPolicyManagedRuleArgs
import com.pulumi.azure.frontdoor.kotlin.inputs.FirewallPolicyManagedRuleArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* !> **IMPORTANT** This deploys an Azure Front Door (classic) resource which has been deprecated and will receive security updates only. Please migrate your existing Azure Front Door (classic) deployments to the new Azure Front Door (standard/premium) resources. For your convenience, the service team has exposed a `Front Door Classic` to `Front Door Standard/Premium` [migration tool](https://learn.microsoft.com/azure/frontdoor/tier-migration) to allow you to migrate your existing `Front Door Classic` instances to the new `Front Door Standard/Premium` product tiers.
* Manages an Azure Front Door (classic) Web Application Firewall Policy instance.
* !> **Be Aware:** Azure is rolling out a breaking change on Friday 9th April 2021 which may cause issues with the CDN/FrontDoor resources. More information is available in this GitHub issue as the necessary changes are identified.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example-rg",
* location: "West Europe",
* });
* const exampleFirewallPolicy = new azure.frontdoor.FirewallPolicy("example", {
* name: "examplefdwafpolicy",
* resourceGroupName: example.name,
* enabled: true,
* mode: "Prevention",
* redirectUrl: "https://www.contoso.com",
* customBlockResponseStatusCode: 403,
* customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* customRules: [
* {
* name: "Rule1",
* enabled: true,
* priority: 1,
* rateLimitDurationInMinutes: 1,
* rateLimitThreshold: 10,
* type: "MatchRule",
* action: "Block",
* matchConditions: [{
* matchVariable: "RemoteAddr",
* operator: "IPMatch",
* negationCondition: false,
* matchValues: [
* "192.168.1.0/24",
* "10.0.0.0/24",
* ],
* }],
* },
* {
* name: "Rule2",
* enabled: true,
* priority: 2,
* rateLimitDurationInMinutes: 1,
* rateLimitThreshold: 10,
* type: "MatchRule",
* action: "Block",
* matchConditions: [
* {
* matchVariable: "RemoteAddr",
* operator: "IPMatch",
* negationCondition: false,
* matchValues: ["192.168.1.0/24"],
* },
* {
* matchVariable: "RequestHeader",
* selector: "UserAgent",
* operator: "Contains",
* negationCondition: false,
* matchValues: ["windows"],
* transforms: [
* "Lowercase",
* "Trim",
* ],
* },
* ],
* },
* ],
* managedRules: [
* {
* type: "DefaultRuleSet",
* version: "1.0",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "not_suspicious",
* }],
* overrides: [
* {
* ruleGroupName: "PHP",
* rules: [{
* ruleId: "933100",
* enabled: false,
* action: "Block",
* }],
* },
* {
* ruleGroupName: "SQLI",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "really_not_suspicious",
* }],
* rules: [{
* ruleId: "942200",
* action: "Block",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "innocent",
* }],
* }],
* },
* ],
* },
* {
* type: "Microsoft_BotManagerRuleSet",
* version: "1.0",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example-rg",
* location="West Europe")
* example_firewall_policy = azure.frontdoor.FirewallPolicy("example",
* name="examplefdwafpolicy",
* resource_group_name=example.name,
* enabled=True,
* mode="Prevention",
* redirect_url="https://www.contoso.com",
* custom_block_response_status_code=403,
* custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* custom_rules=[
* {
* "name": "Rule1",
* "enabled": True,
* "priority": 1,
* "rate_limit_duration_in_minutes": 1,
* "rate_limit_threshold": 10,
* "type": "MatchRule",
* "action": "Block",
* "match_conditions": [{
* "match_variable": "RemoteAddr",
* "operator": "IPMatch",
* "negation_condition": False,
* "match_values": [
* "192.168.1.0/24",
* "10.0.0.0/24",
* ],
* }],
* },
* {
* "name": "Rule2",
* "enabled": True,
* "priority": 2,
* "rate_limit_duration_in_minutes": 1,
* "rate_limit_threshold": 10,
* "type": "MatchRule",
* "action": "Block",
* "match_conditions": [
* {
* "match_variable": "RemoteAddr",
* "operator": "IPMatch",
* "negation_condition": False,
* "match_values": ["192.168.1.0/24"],
* },
* {
* "match_variable": "RequestHeader",
* "selector": "UserAgent",
* "operator": "Contains",
* "negation_condition": False,
* "match_values": ["windows"],
* "transforms": [
* "Lowercase",
* "Trim",
* ],
* },
* ],
* },
* ],
* managed_rules=[
* {
* "type": "DefaultRuleSet",
* "version": "1.0",
* "exclusions": [{
* "match_variable": "QueryStringArgNames",
* "operator": "Equals",
* "selector": "not_suspicious",
* }],
* "overrides": [
* {
* "rule_group_name": "PHP",
* "rules": [{
* "rule_id": "933100",
* "enabled": False,
* "action": "Block",
* }],
* },
* {
* "rule_group_name": "SQLI",
* "exclusions": [{
* "match_variable": "QueryStringArgNames",
* "operator": "Equals",
* "selector": "really_not_suspicious",
* }],
* "rules": [{
* "rule_id": "942200",
* "action": "Block",
* "exclusions": [{
* "match_variable": "QueryStringArgNames",
* "operator": "Equals",
* "selector": "innocent",
* }],
* }],
* },
* ],
* },
* {
* "type": "Microsoft_BotManagerRuleSet",
* "version": "1.0",
* },
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-rg",
* Location = "West Europe",
* });
* var exampleFirewallPolicy = new Azure.FrontDoor.FirewallPolicy("example", new()
* {
* Name = "examplefdwafpolicy",
* ResourceGroupName = example.Name,
* Enabled = true,
* Mode = "Prevention",
* RedirectUrl = "https://www.contoso.com",
* CustomBlockResponseStatusCode = 403,
* CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* CustomRules = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
* {
* Name = "Rule1",
* Enabled = true,
* Priority = 1,
* RateLimitDurationInMinutes = 1,
* RateLimitThreshold = 10,
* Type = "MatchRule",
* Action = "Block",
* MatchConditions = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RemoteAddr",
* Operator = "IPMatch",
* NegationCondition = false,
* MatchValues = new[]
* {
* "192.168.1.0/24",
* "10.0.0.0/24",
* },
* },
* },
* },
* new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleArgs
* {
* Name = "Rule2",
* Enabled = true,
* Priority = 2,
* RateLimitDurationInMinutes = 1,
* RateLimitThreshold = 10,
* Type = "MatchRule",
* Action = "Block",
* MatchConditions = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RemoteAddr",
* Operator = "IPMatch",
* NegationCondition = false,
* MatchValues = new[]
* {
* "192.168.1.0/24",
* },
* },
* new Azure.FrontDoor.Inputs.FirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RequestHeader",
* Selector = "UserAgent",
* Operator = "Contains",
* NegationCondition = false,
* MatchValues = new[]
* {
* "windows",
* },
* Transforms = new[]
* {
* "Lowercase",
* "Trim",
* },
* },
* },
* },
* },
* ManagedRules = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
* {
* Type = "DefaultRuleSet",
* Version = "1.0",
* Exclusions = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "not_suspicious",
* },
* },
* Overrides = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
* {
* RuleGroupName = "PHP",
* Rules = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
* {
* RuleId = "933100",
* Enabled = false,
* Action = "Block",
* },
* },
* },
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideArgs
* {
* RuleGroupName = "SQLI",
* Exclusions = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "really_not_suspicious",
* },
* },
* Rules = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleArgs
* {
* RuleId = "942200",
* Action = "Block",
* Exclusions = new[]
* {
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleOverrideRuleExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "innocent",
* },
* },
* },
* },
* },
* },
* },
* new Azure.FrontDoor.Inputs.FirewallPolicyManagedRuleArgs
* {
* Type = "Microsoft_BotManagerRuleSet",
* Version = "1.0",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/frontdoor"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-rg"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* _, err = frontdoor.NewFirewallPolicy(ctx, "example", &frontdoor.FirewallPolicyArgs{
* Name: pulumi.String("examplefdwafpolicy"),
* ResourceGroupName: example.Name,
* Enabled: pulumi.Bool(true),
* Mode: pulumi.String("Prevention"),
* RedirectUrl: pulumi.String("https://www.contoso.com"),
* CustomBlockResponseStatusCode: pulumi.Int(403),
* CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
* CustomRules: frontdoor.FirewallPolicyCustomRuleArray{
* &frontdoor.FirewallPolicyCustomRuleArgs{
* Name: pulumi.String("Rule1"),
* Enabled: pulumi.Bool(true),
* Priority: pulumi.Int(1),
* RateLimitDurationInMinutes: pulumi.Int(1),
* RateLimitThreshold: pulumi.Int(10),
* Type: pulumi.String("MatchRule"),
* Action: pulumi.String("Block"),
* MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
* &frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RemoteAddr"),
* Operator: pulumi.String("IPMatch"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("192.168.1.0/24"),
* pulumi.String("10.0.0.0/24"),
* },
* },
* },
* },
* &frontdoor.FirewallPolicyCustomRuleArgs{
* Name: pulumi.String("Rule2"),
* Enabled: pulumi.Bool(true),
* Priority: pulumi.Int(2),
* RateLimitDurationInMinutes: pulumi.Int(1),
* RateLimitThreshold: pulumi.Int(10),
* Type: pulumi.String("MatchRule"),
* Action: pulumi.String("Block"),
* MatchConditions: frontdoor.FirewallPolicyCustomRuleMatchConditionArray{
* &frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RemoteAddr"),
* Operator: pulumi.String("IPMatch"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("192.168.1.0/24"),
* },
* },
* &frontdoor.FirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RequestHeader"),
* Selector: pulumi.String("UserAgent"),
* Operator: pulumi.String("Contains"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("windows"),
* },
* Transforms: pulumi.StringArray{
* pulumi.String("Lowercase"),
* pulumi.String("Trim"),
* },
* },
* },
* },
* },
* ManagedRules: frontdoor.FirewallPolicyManagedRuleArray{
* &frontdoor.FirewallPolicyManagedRuleArgs{
* Type: pulumi.String("DefaultRuleSet"),
* Version: pulumi.String("1.0"),
* Exclusions: frontdoor.FirewallPolicyManagedRuleExclusionArray{
* &frontdoor.FirewallPolicyManagedRuleExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("not_suspicious"),
* },
* },
* Overrides: frontdoor.FirewallPolicyManagedRuleOverrideArray{
* &frontdoor.FirewallPolicyManagedRuleOverrideArgs{
* RuleGroupName: pulumi.String("PHP"),
* Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
* &frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
* RuleId: pulumi.String("933100"),
* Enabled: pulumi.Bool(false),
* Action: pulumi.String("Block"),
* },
* },
* },
* &frontdoor.FirewallPolicyManagedRuleOverrideArgs{
* RuleGroupName: pulumi.String("SQLI"),
* Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideExclusionArray{
* &frontdoor.FirewallPolicyManagedRuleOverrideExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("really_not_suspicious"),
* },
* },
* Rules: frontdoor.FirewallPolicyManagedRuleOverrideRuleArray{
* &frontdoor.FirewallPolicyManagedRuleOverrideRuleArgs{
* RuleId: pulumi.String("942200"),
* Action: pulumi.String("Block"),
* Exclusions: frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArray{
* &frontdoor.FirewallPolicyManagedRuleOverrideRuleExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("innocent"),
* },
* },
* },
* },
* },
* },
* },
* &frontdoor.FirewallPolicyManagedRuleArgs{
* Type: pulumi.String("Microsoft_BotManagerRuleSet"),
* Version: pulumi.String("1.0"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.frontdoor.FirewallPolicy;
* import com.pulumi.azure.frontdoor.FirewallPolicyArgs;
* import com.pulumi.azure.frontdoor.inputs.FirewallPolicyCustomRuleArgs;
* import com.pulumi.azure.frontdoor.inputs.FirewallPolicyManagedRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-rg")
* .location("West Europe")
* .build());
* var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
* .name("examplefdwafpolicy")
* .resourceGroupName(example.name())
* .enabled(true)
* .mode("Prevention")
* .redirectUrl("https://www.contoso.com")
* .customBlockResponseStatusCode(403)
* .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
* .customRules(
* FirewallPolicyCustomRuleArgs.builder()
* .name("Rule1")
* .enabled(true)
* .priority(1)
* .rateLimitDurationInMinutes(1)
* .rateLimitThreshold(10)
* .type("MatchRule")
* .action("Block")
* .matchConditions(FirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RemoteAddr")
* .operator("IPMatch")
* .negationCondition(false)
* .matchValues(
* "192.168.1.0/24",
* "10.0.0.0/24")
* .build())
* .build(),
* FirewallPolicyCustomRuleArgs.builder()
* .name("Rule2")
* .enabled(true)
* .priority(2)
* .rateLimitDurationInMinutes(1)
* .rateLimitThreshold(10)
* .type("MatchRule")
* .action("Block")
* .matchConditions(
* FirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RemoteAddr")
* .operator("IPMatch")
* .negationCondition(false)
* .matchValues("192.168.1.0/24")
* .build(),
* FirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RequestHeader")
* .selector("UserAgent")
* .operator("Contains")
* .negationCondition(false)
* .matchValues("windows")
* .transforms(
* "Lowercase",
* "Trim")
* .build())
* .build())
* .managedRules(
* FirewallPolicyManagedRuleArgs.builder()
* .type("DefaultRuleSet")
* .version("1.0")
* .exclusions(FirewallPolicyManagedRuleExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("not_suspicious")
* .build())
* .overrides(
* FirewallPolicyManagedRuleOverrideArgs.builder()
* .ruleGroupName("PHP")
* .rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
* .ruleId("933100")
* .enabled(false)
* .action("Block")
* .build())
* .build(),
* FirewallPolicyManagedRuleOverrideArgs.builder()
* .ruleGroupName("SQLI")
* .exclusions(FirewallPolicyManagedRuleOverrideExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("really_not_suspicious")
* .build())
* .rules(FirewallPolicyManagedRuleOverrideRuleArgs.builder()
* .ruleId("942200")
* .action("Block")
* .exclusions(FirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("innocent")
* .build())
* .build())
* .build())
* .build(),
* FirewallPolicyManagedRuleArgs.builder()
* .type("Microsoft_BotManagerRuleSet")
* .version("1.0")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-rg
* location: West Europe
* exampleFirewallPolicy:
* type: azure:frontdoor:FirewallPolicy
* name: example
* properties:
* name: examplefdwafpolicy
* resourceGroupName: ${example.name}
* enabled: true
* mode: Prevention
* redirectUrl: https://www.contoso.com
* customBlockResponseStatusCode: 403
* customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
* customRules:
* - name: Rule1
* enabled: true
* priority: 1
* rateLimitDurationInMinutes: 1
* rateLimitThreshold: 10
* type: MatchRule
* action: Block
* matchConditions:
* - matchVariable: RemoteAddr
* operator: IPMatch
* negationCondition: false
* matchValues:
* - 192.168.1.0/24
* - 10.0.0.0/24
* - name: Rule2
* enabled: true
* priority: 2
* rateLimitDurationInMinutes: 1
* rateLimitThreshold: 10
* type: MatchRule
* action: Block
* matchConditions:
* - matchVariable: RemoteAddr
* operator: IPMatch
* negationCondition: false
* matchValues:
* - 192.168.1.0/24
* - matchVariable: RequestHeader
* selector: UserAgent
* operator: Contains
* negationCondition: false
* matchValues:
* - windows
* transforms:
* - Lowercase
* - Trim
* managedRules:
* - type: DefaultRuleSet
* version: '1.0'
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: not_suspicious
* overrides:
* - ruleGroupName: PHP
* rules:
* - ruleId: '933100'
* enabled: false
* action: Block
* - ruleGroupName: SQLI
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: really_not_suspicious
* rules:
* - ruleId: '942200'
* action: Block
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: innocent
* - type: Microsoft_BotManagerRuleSet
* version: '1.0'
* ```
*
* ## Import
* FrontDoor Web Application Firewall Policy can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicy
* ```
* @property customBlockResponseBody If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
* @property customBlockResponseStatusCode If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
* @property customRules One or more `custom_rule` blocks as defined below.
* @property enabled Is the policy a enabled state or disabled state. Defaults to `true`.
* @property managedRules One or more `managed_rule` blocks as defined below.
* @property mode The firewall policy mode. Possible values are `Detection`, `Prevention`. Defaults to `Prevention`.
* @property name The name of the policy. Changing this forces a new resource to be created.
* @property redirectUrl If action type is redirect, this field represents redirect URL for the client.
* @property resourceGroupName The name of the resource group. Changing this forces a new resource to be created.
* @property tags A mapping of tags to assign to the Web Application Firewall Policy.
*/
public data class FirewallPolicyArgs(
public val customBlockResponseBody: Output? = null,
public val customBlockResponseStatusCode: Output? = null,
public val customRules: Output>? = null,
public val enabled: Output? = null,
public val managedRules: Output>? = null,
public val mode: Output? = null,
public val name: Output? = null,
public val redirectUrl: Output? = null,
public val resourceGroupName: Output? = null,
public val tags: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.frontdoor.FirewallPolicyArgs =
com.pulumi.azure.frontdoor.FirewallPolicyArgs.builder()
.customBlockResponseBody(customBlockResponseBody?.applyValue({ args0 -> args0 }))
.customBlockResponseStatusCode(customBlockResponseStatusCode?.applyValue({ args0 -> args0 }))
.customRules(
customRules?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.enabled(enabled?.applyValue({ args0 -> args0 }))
.managedRules(
managedRules?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.mode(mode?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.redirectUrl(redirectUrl?.applyValue({ args0 -> args0 }))
.resourceGroupName(resourceGroupName?.applyValue({ args0 -> args0 }))
.tags(
tags?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
).build()
}
/**
* Builder for [FirewallPolicyArgs].
*/
@PulumiTagMarker
public class FirewallPolicyArgsBuilder internal constructor() {
private var customBlockResponseBody: Output? = null
private var customBlockResponseStatusCode: Output? = null
private var customRules: Output>? = null
private var enabled: Output? = null
private var managedRules: Output>? = null
private var mode: Output? = null
private var name: Output? = null
private var redirectUrl: Output? = null
private var resourceGroupName: Output? = null
private var tags: Output>? = null
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
*/
@JvmName("respiplgpupykwkw")
public suspend fun customBlockResponseBody(`value`: Output) {
this.customBlockResponseBody = value
}
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
*/
@JvmName("uvkojqqrbqpisltb")
public suspend fun customBlockResponseStatusCode(`value`: Output) {
this.customBlockResponseStatusCode = value
}
/**
* @param value One or more `custom_rule` blocks as defined below.
*/
@JvmName("qpveiopcccmywlvr")
public suspend fun customRules(`value`: Output>) {
this.customRules = value
}
@JvmName("adaxjbiqxlxvjppl")
public suspend fun customRules(vararg values: Output) {
this.customRules = Output.all(values.asList())
}
/**
* @param values One or more `custom_rule` blocks as defined below.
*/
@JvmName("hnvfkrqgmjogmbkl")
public suspend fun customRules(values: List>) {
this.customRules = Output.all(values)
}
/**
* @param value Is the policy a enabled state or disabled state. Defaults to `true`.
*/
@JvmName("shwjioxwckmdsmme")
public suspend fun enabled(`value`: Output) {
this.enabled = value
}
/**
* @param value One or more `managed_rule` blocks as defined below.
*/
@JvmName("mssieyqtnxqblhpj")
public suspend fun managedRules(`value`: Output>) {
this.managedRules = value
}
@JvmName("sswpukkkwgyajefg")
public suspend fun managedRules(vararg values: Output) {
this.managedRules = Output.all(values.asList())
}
/**
* @param values One or more `managed_rule` blocks as defined below.
*/
@JvmName("drxkvphhbbvwbcjv")
public suspend fun managedRules(values: List>) {
this.managedRules = Output.all(values)
}
/**
* @param value The firewall policy mode. Possible values are `Detection`, `Prevention`. Defaults to `Prevention`.
*/
@JvmName("okviskrhrvgknfbw")
public suspend fun mode(`value`: Output) {
this.mode = value
}
/**
* @param value The name of the policy. Changing this forces a new resource to be created.
*/
@JvmName("fqabwybmaxhlcdyx")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value If action type is redirect, this field represents redirect URL for the client.
*/
@JvmName("tklcmnspdgwdabrw")
public suspend fun redirectUrl(`value`: Output) {
this.redirectUrl = value
}
/**
* @param value The name of the resource group. Changing this forces a new resource to be created.
*/
@JvmName("spsliunmfuhqqnpl")
public suspend fun resourceGroupName(`value`: Output) {
this.resourceGroupName = value
}
/**
* @param value A mapping of tags to assign to the Web Application Firewall Policy.
*/
@JvmName("xcbnamqcokyvllmy")
public suspend fun tags(`value`: Output>) {
this.tags = value
}
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
*/
@JvmName("ijrxpblgnwfwjgpy")
public suspend fun customBlockResponseBody(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customBlockResponseBody = mapped
}
/**
* @param value If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
*/
@JvmName("cjbskkvkqtycwdeq")
public suspend fun customBlockResponseStatusCode(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customBlockResponseStatusCode = mapped
}
/**
* @param value One or more `custom_rule` blocks as defined below.
*/
@JvmName("xulpalkjwnaxooen")
public suspend fun customRules(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customRules = mapped
}
/**
* @param argument One or more `custom_rule` blocks as defined below.
*/
@JvmName("rgcfkpfifaydwvvt")
public suspend fun customRules(argument: List Unit>) {
val toBeMapped = argument.toList().map {
FirewallPolicyCustomRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.customRules = mapped
}
/**
* @param argument One or more `custom_rule` blocks as defined below.
*/
@JvmName("flkyusokynycgcus")
public suspend fun customRules(vararg argument: suspend FirewallPolicyCustomRuleArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
FirewallPolicyCustomRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.customRules = mapped
}
/**
* @param argument One or more `custom_rule` blocks as defined below.
*/
@JvmName("jxcjjaaongstctkh")
public suspend fun customRules(argument: suspend FirewallPolicyCustomRuleArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
FirewallPolicyCustomRuleArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.customRules = mapped
}
/**
* @param values One or more `custom_rule` blocks as defined below.
*/
@JvmName("cvqquwkuosqqgtiw")
public suspend fun customRules(vararg values: FirewallPolicyCustomRuleArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.customRules = mapped
}
/**
* @param value Is the policy a enabled state or disabled state. Defaults to `true`.
*/
@JvmName("evvmosacqjvwaftu")
public suspend fun enabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enabled = mapped
}
/**
* @param value One or more `managed_rule` blocks as defined below.
*/
@JvmName("smrhpwfsmkikhaiq")
public suspend fun managedRules(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.managedRules = mapped
}
/**
* @param argument One or more `managed_rule` blocks as defined below.
*/
@JvmName("cgofvdhsoqwaokan")
public suspend fun managedRules(argument: List Unit>) {
val toBeMapped = argument.toList().map {
FirewallPolicyManagedRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.managedRules = mapped
}
/**
* @param argument One or more `managed_rule` blocks as defined below.
*/
@JvmName("dpmfldqrpevsdkhb")
public suspend fun managedRules(vararg argument: suspend FirewallPolicyManagedRuleArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
FirewallPolicyManagedRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.managedRules = mapped
}
/**
* @param argument One or more `managed_rule` blocks as defined below.
*/
@JvmName("ekoulacqyemwsyvd")
public suspend fun managedRules(argument: suspend FirewallPolicyManagedRuleArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
FirewallPolicyManagedRuleArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.managedRules = mapped
}
/**
* @param values One or more `managed_rule` blocks as defined below.
*/
@JvmName("yhhamuefwvgtiamp")
public suspend fun managedRules(vararg values: FirewallPolicyManagedRuleArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.managedRules = mapped
}
/**
* @param value The firewall policy mode. Possible values are `Detection`, `Prevention`. Defaults to `Prevention`.
*/
@JvmName("ecrgdotwfhhfhvaf")
public suspend fun mode(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.mode = mapped
}
/**
* @param value The name of the policy. Changing this forces a new resource to be created.
*/
@JvmName("cxqyhhdtxjufckrd")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value If action type is redirect, this field represents redirect URL for the client.
*/
@JvmName("otrbkqcxsqrqwstr")
public suspend fun redirectUrl(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.redirectUrl = mapped
}
/**
* @param value The name of the resource group. Changing this forces a new resource to be created.
*/
@JvmName("ntxtqupxjnffbqep")
public suspend fun resourceGroupName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceGroupName = mapped
}
/**
* @param value A mapping of tags to assign to the Web Application Firewall Policy.
*/
@JvmName("idjqgwnupvtncjpl")
public suspend fun tags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param values A mapping of tags to assign to the Web Application Firewall Policy.
*/
@JvmName("kjemtmvhmrqdicfa")
public fun tags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tags = mapped
}
internal fun build(): FirewallPolicyArgs = FirewallPolicyArgs(
customBlockResponseBody = customBlockResponseBody,
customBlockResponseStatusCode = customBlockResponseStatusCode,
customRules = customRules,
enabled = enabled,
managedRules = managedRules,
mode = mode,
name = name,
redirectUrl = redirectUrl,
resourceGroupName = resourceGroupName,
tags = tags,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy