Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial version of migrate waf config into waf resource, and follow A… #5906

Closed
wants to merge 1 commit into from
Closed

initial version of migrate waf config into waf resource, and follow A… #5906

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
144 changes: 144 additions & 0 deletions .../network/resource-manager/Microsoft.Network/stable/2019-02-01/webapplicationfirewall.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,13 +288,21 @@
"description": "Describes policySettings for policy",
"$ref": "#/definitions/PolicySettings"
},
"policyDetailSettings": {
"description": "Describes policyDetailSettings for policy",
"$ref": "#/definitions/policyDetailSettings"
},
"customRules": {
"description": "Describes custom rules inside the policy",
"type": "array",
"items": {
"$ref": "#/definitions/WebApplicationFirewallCustomRule"
}
},
"managedRules": {
"description": "Describes managed rules inside the policy",
"$ref": "#/definitions/ManagedRuleSets"
},
"applicationGateways": {
"readOnly": true,
"type": "array",
Expand Down Expand Up @@ -375,6 +383,33 @@
}
}
},
"policyDetailSettings": {
"description": "Defines contents of a web application firewall global detail configuration",
"properties": {
"requestBodyCheck": {
"type": "boolean",
"description": "Whether allow WAF to check request Body."
},
"maxRequestBodySizeInKb": {
"type": "integer",
"format": "int32",
"maximum": 128,
"exclusiveMaximum": false,
"minimum": 8,
"exclusiveMinimum": false,
"description": "Maximum request body size in Kb for WAF."
},
"fileUploadLimitInMb": {
"type": "integer",
"format": "int32",
"maximum": 500,
"exclusiveMaximum": false,
"minimum": 0,
"exclusiveMinimum": false,
"description": "Maximum file upload size in Mb for WAF."
}
}
},
"WebApplicationFirewallCustomRule": {
"description": "Defines contents of a web application rule",
"required": [
Expand Down Expand Up @@ -534,6 +569,115 @@
}
}
},
"ManagedRuleSets": {
"description": "Defines ManagedRuleSets - array of managedRuleSet",
"properties": {
"ruleSets": {
"description": "List of rules",
"type": "array",
"items": {
"$ref": "#/definitions/ManagedRuleSet"
}
}
}
},
"ManagedRuleSet": {
"type": "object",
"description": "Base class for all types of ManagedRuleSet.",
"x-ms-discriminator-value": "Unknown",
"properties": {
"ruleSetVersion": {
"description": "defines version of the rule set",
"type": "string"
},
"ruleSetType": {
"description": "RuleSetType - AzureManagedRuleSet or OWASP RuleSets.",
"type": "string"
}
},
"required": [
"ruleSetType"
],
"discriminator": "ruleSetType"
},
"OWASPRuleSet": {
"type": "object",
"description": "Describes azure managed provider.",
"x-ms-discriminator-value": "OWASPRuleSet",
"properties": {
"ruleSetConfiguration": {
"$ref": "#/definitions/OWASPRuleSetConfiguration",
"description": "owasp rule set configuration."
}
},
"allOf": [
{
"$ref": "#/definitions/ManagedRuleSet"
}
]
},
"OWASPRuleSetConfiguration": {
"properties": {
"disabledRuleGroups": {
"type": "array",
"items": {
"$ref": "#/definitions/OWASPRuleSetDisabledRuleGroup"
},
"description": "The disabled rule groups."
},
"exclusions": {
"type": "array",
"items": {
"$ref": "#/definitions/OWASPRuleSetExclusion"
},
"description": "The exclusion list."
}
},
"description": "owas rule set configuration."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"description": "owas rule set configuration."
"description": "OWASP rule set configuration."

},
"OWASPRuleSetDisabledRuleGroup": {
"properties": {
"ruleGroupName": {
"type": "string",
"description": "The name of the rule group that will be disabled."
},
"rules": {
"type": "array",
"items": {
"type": "integer",
"format": "int32",
"x-nullable": false
},
"description": "The list of rules that will be disabled. If null, all rules of the rule group will be disabled."
}
},
"required": [
"ruleGroupName"
],
"description": "Allows to disable rules within a rule group or an entire rule group."
},
"OWASPRuleSetExclusion": {
"properties": {
"matchVariable": {
"type": "string",
"description": "The variable to be excluded."
},
"selectorMatchOperator": {
"type": "string",
"description": "When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to."
},
"selector": {
"type": "string",
"description": "When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to."
}
},
"required": [
"matchVariable",
"selectorMatchOperator",
"selector"
],
"description": "Allow to exclude some variable satisfy the condition for the WAF check"
},
"parameters": {
"SubscriptionIdParameter": {
"name": "subscriptionId",
Expand Down