diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListManagedRuleSets.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListManagedRuleSets.json new file mode 100644 index 000000000000..077c75907f3b --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListManagedRuleSets.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "DefaultRuleSet_1.0", + "id": "/subscriptions/subid/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets", + "properties": { + "provisioningState": "Succeeded", + "ruleSetId": "8125d145-ddc5-4d90-9bc3-24c5f2de69a2", + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "ruleGroups": [ + { + "ruleGroupName": "SQLI", + "description": "SQL injection", + "rules": [ + { + "ruleId": "942100", + "description": "SQL Injection Attack Detected via libinjection", + "defaultState": "Enabled", + "defaultAction": "Block" + }, + { + "ruleId": "942110", + "description": "SQL Injection Attack: Common Injection Testing Detected", + "defaultState": "Enabled", + "defaultAction": "Block" + } + ] + }, + { + "ruleGroupName": "XSS", + "description": "Cross-site scripting", + "rules": [ + { + "ruleId": "941100", + "description": "XSS Attack Detected via libinjection", + "defaultState": "Enabled", + "defaultAction": "Block" + }, + { + "ruleId": "941101", + "description": "XSS Attack Detected via libinjection", + "defaultState": "Enabled", + "defaultAction": "Block" + }, + { + "ruleId": "941110", + "description": "XSS Filter - Category 1: Script Tag Vector", + "defaultState": "Enabled", + "defaultAction": "Block" + } + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListPolicies.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListPolicies.json new file mode 100644 index 000000000000..8ea00823429f --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListPolicies.json @@ -0,0 +1,134 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "sku": { + "name": "Classic_AzureFrontDoor" + }, + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net" + } + ], + "securityPolicyLinks": [] + } + } + ] + } + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListPoliciesUnderSubscription.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListPoliciesUnderSubscription.json new file mode 100644 index 000000000000..09e1982e7774 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafListPoliciesUnderSubscription.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "sku": { + "name": "Classic_AzureFrontDoor" + }, + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect" + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net" + } + ], + "securityPolicyLinks": [] + } + } + ] + } + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyCreateOrUpdate.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyCreateOrUpdate.json new file mode 100644 index 000000000000..0588fdbd4a81 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyCreateOrUpdate.json @@ -0,0 +1,561 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1", + "parameters": { + "location": "WestUs", + "properties": { + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 429, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", + "requestBodyCheck": "Disabled", + "logScrubbing": { + "state": "Enabled", + "scrubbingRules": [ + { + "matchVariable": "RequestIPAddress", + "selectorMatchOperator": "EqualsAny", + "selector": null, + "state": "Enabled" + } + ] + } + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "ruleType": "RateLimitRule", + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "operator": "IPMatch", + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "operator": "GeoMatch", + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "operator": "Contains", + "selector": "UserAgent", + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "ruleSetAction": "Block", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "exclusions": [ + { + "matchVariable": "RequestCookieNames", + "selectorMatchOperator": "StartsWith", + "selector": "token" + } + ], + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect", + "exclusions": [ + { + "matchVariable": "QueryStringArgNames", + "selectorMatchOperator": "Equals", + "selector": "query" + } + ] + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + } + }, + "sku": { + "name": "Premium_AzureFrontDoor" + } + } + }, + "responses": { + "200": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 429, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", + "requestBodyCheck": "Disabled", + "logScrubbing": { + "state": "Enabled", + "scrubbingRules": [ + { + "matchVariable": "RequestIPAddress", + "selectorMatchOperator": "EqualsAny", + "selector": null, + "state": "Enabled" + } + ] + } + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "ruleSetAction": "Block", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "exclusions": [ + { + "matchVariable": "RequestCookieNames", + "selectorMatchOperator": "StartsWith", + "selector": "token" + } + ], + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect", + "exclusions": [ + { + "matchVariable": "QueryStringArgNames", + "selectorMatchOperator": "Equals", + "selector": "query" + } + ] + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [], + "securityPolicyLinks": [] + }, + "sku": { + "name": "Premium_AzureFrontDoor" + } + } + }, + "201": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 429, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", + "requestBodyCheck": "Disabled", + "logScrubbing": { + "state": "Enabled", + "scrubbingRules": [ + { + "matchVariable": "RequestIPAddress", + "selectorMatchOperator": "EqualsAny", + "selector": null, + "state": "Enabled" + } + ] + } + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "exclusions": [ + { + "matchVariable": "RequestCookieNames", + "selectorMatchOperator": "StartsWith", + "selector": "token" + } + ], + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect", + "exclusions": [ + { + "matchVariable": "QueryStringArgNames", + "selectorMatchOperator": "Equals", + "selector": "query" + } + ] + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [], + "securityPolicyLinks": [] + }, + "sku": { + "name": "Classic_AzureFrontDoor" + } + } + }, + "202": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 429, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", + "requestBodyCheck": "Disabled", + "logScrubbing": { + "state": "Enabled", + "scrubbingRules": [ + { + "matchVariable": "RequestIPAddress", + "selectorMatchOperator": "EqualsAny", + "selector": null, + "state": "Enabled" + } + ] + } + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "ruleSetAction": "Block", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "exclusions": [ + { + "matchVariable": "RequestCookieNames", + "selectorMatchOperator": "StartsWith", + "selector": "token" + } + ], + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect", + "exclusions": [ + { + "matchVariable": "QueryStringArgNames", + "selectorMatchOperator": "Equals", + "selector": "query" + } + ] + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [], + "securityPolicyLinks": [] + }, + "sku": { + "name": "Premium_AzureFrontDoor" + } + } + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyDelete.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyDelete.json new file mode 100644 index 000000000000..10aedb3c5192 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyDelete.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1" + }, + "responses": { + "200": {}, + "202": { + "headers": { + "azure-asyncoperation": "https://management.azure.com/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/providers/Microsoft.Network/frontdoors/fd1/operationResults/62e4d893-d233-4005-988e-a428d9f77076?api-version=2022-10-01" + } + }, + "204": {} + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyGet.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyGet.json new file mode 100644 index 000000000000..1eac8c6135a8 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyGet.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1" + }, + "responses": { + "200": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", + "requestBodyCheck": "Disabled", + "logScrubbing": null + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "ruleSetAction": "Block", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "exclusions": [], + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect", + "exclusions": [] + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [ + { + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontdoors/fd1/frontendendpoints/fd1-azurefd-net" + } + ], + "securityPolicyLinks": [] + }, + "sku": { + "name": "Classic_AzureFrontDoor" + } + } + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyPatch.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyPatch.json new file mode 100644 index 000000000000..fa19482128e7 --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/examples/WafPolicyPatch.json @@ -0,0 +1,150 @@ +{ + "parameters": { + "api-version": "2023-11-01", + "subscriptionId": "subid", + "resourceGroupName": "rg1", + "policyName": "Policy1", + "parameters": { + "tags": { + "key1": "value1", + "key2": "value2" + } + } + }, + "responses": { + "200": { + "body": { + "name": "Policy1", + "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/Policy1", + "type": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies", + "tags": { + "key1": "value1", + "key2": "value2" + }, + "location": "WestUs", + "properties": { + "resourceState": "Enabled", + "provisioningState": "Succeeded", + "policySettings": { + "enabledState": "Enabled", + "mode": "Prevention", + "redirectUrl": "http://www.bing.com", + "customBlockResponseStatusCode": 499, + "customBlockResponseBody": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", + "requestBodyCheck": "Disabled", + "logScrubbing": null + }, + "customRules": { + "rules": [ + { + "name": "Rule1", + "priority": 1, + "enabledState": "Enabled", + "ruleType": "RateLimitRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 1000, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "IPMatch", + "negateCondition": false, + "matchValue": [ + "192.168.1.0/24", + "10.0.0.0/24" + ], + "transforms": [] + } + ], + "action": "Block" + }, + { + "name": "Rule2", + "priority": 2, + "enabledState": "Enabled", + "ruleType": "MatchRule", + "rateLimitDurationInMinutes": 0, + "rateLimitThreshold": 0, + "matchConditions": [ + { + "matchVariable": "RemoteAddr", + "selector": null, + "operator": "GeoMatch", + "negateCondition": false, + "matchValue": [ + "CH" + ] + }, + { + "matchVariable": "RequestHeader", + "selector": "UserAgent", + "operator": "Contains", + "negateCondition": false, + "matchValue": [ + "windows" + ], + "transforms": [ + "Lowercase" + ] + } + ], + "action": "Block" + } + ] + }, + "managedRules": { + "managedRuleSets": [ + { + "ruleSetType": "DefaultRuleSet", + "ruleSetVersion": "1.0", + "ruleSetAction": "Block", + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selectorMatchOperator": "Equals", + "selector": "User-Agent" + } + ], + "ruleGroupOverrides": [ + { + "ruleGroupName": "SQLI", + "exclusions": [ + { + "matchVariable": "RequestCookieNames", + "selectorMatchOperator": "StartsWith", + "selector": "token" + } + ], + "rules": [ + { + "ruleId": "942100", + "enabledState": "Enabled", + "action": "Redirect", + "exclusions": [ + { + "matchVariable": "QueryStringArgNames", + "selectorMatchOperator": "Equals", + "selector": "query" + } + ] + }, + { + "ruleId": "942110", + "enabledState": "Disabled" + } + ] + } + ] + } + ] + }, + "frontendEndpointLinks": [], + "securityPolicyLinks": [] + }, + "sku": { + "name": "Classic_AzureFrontDoor" + } + } + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/network.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/network.json new file mode 100644 index 000000000000..ba648ab53eec --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/network.json @@ -0,0 +1,167 @@ +{ + "swagger": "2.0", + "info": { + "title": "NetworkManagementClient", + "description": "The Microsoft Azure Network management API provides a RESTful set of web services that interact with Microsoft Azure Networks service to manage your network resources. The API has entities that capture the relationship between an end user and the Microsoft Azure Networks service.", + "version": "2023-11-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json", + "text/json" + ], + "produces": [ + "application/json", + "text/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": {}, + "definitions": { + "ErrorDetails": { + "properties": { + "code": { + "type": "string" + }, + "target": { + "type": "string" + }, + "message": { + "type": "string" + } + } + }, + "Error": { + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + }, + "details": { + "type": "array", + "items": { + "$ref": "#/definitions/ErrorDetails" + } + }, + "innerError": { + "type": "string" + } + } + }, + "AzureAsyncOperationResult": { + "properties": { + "status": { + "type": "string", + "description": "Status of the Azure async operation.", + "enum": [ + "InProgress", + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "NetworkOperationStatus", + "modelAsString": true + } + }, + "error": { + "$ref": "#/definitions/Error" + } + }, + "description": "The response body contains the status of the specified asynchronous operation, indicating whether it has succeeded, is in progress, or has failed. Note that this status is distinct from the HTTP status code returned for the Get Operation Status operation itself. If the asynchronous operation succeeded, the response body includes the HTTP status code for the successful request. If the asynchronous operation failed, the response body includes the HTTP status code for the failed request and error information regarding the failure." + }, + "Resource": { + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Resource ID." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "Resource name." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Resource type." + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags." + } + }, + "description": "Common resource representation.", + "x-ms-azure-resource": true + }, + "SubResource": { + "properties": { + "id": { + "type": "string", + "description": "Resource ID." + } + }, + "description": "Reference to another subresource.", + "x-ms-azure-resource": true + }, + "TagsObject": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags." + } + }, + "description": "Tags object for patch operations." + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call." + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "Client API version." + } + } +} diff --git a/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/webapplicationfirewall.json b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/webapplicationfirewall.json new file mode 100644 index 000000000000..0edc9af3c61f --- /dev/null +++ b/specification/frontdoor/resource-manager/Microsoft.Network/stable/2023-11-01/webapplicationfirewall.json @@ -0,0 +1,1168 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-11-01", + "title": "WebApplicationFirewallManagement", + "description": "APIs to manage web application firewall rules." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies": { + "get": { + "tags": [ + "WebApplicationFirewallPolicies" + ], + "description": "Lists all of the protection policies within a resource group.", + "operationId": "Policies_List", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicyList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "Get all Policies in a Resource Group": { + "$ref": "./examples/WafListPolicies.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies": { + "get": { + "tags": [ + "WebApplicationFirewallPolicies" + ], + "description": "Lists all of the protection policies within a subscription.", + "operationId": "Policies_ListBySubscription", + "parameters": [ + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicyList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/DefaultErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "Get all Policies in a Resource Group": { + "$ref": "./examples/WafListPoliciesUnderSubscription.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallPolicies/{policyName}": { + "get": { + "tags": [ + "WebApplicationFirewallPolicies" + ], + "description": "Retrieve protection policy with specified name within a resource group.", + "operationId": "Policies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyNameParameter" + }, + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get Policy": { + "$ref": "./examples/WafPolicyGet.json" + } + } + }, + "put": { + "tags": [ + "WebApplicationFirewallPolicies" + ], + "description": "Create or update policy with specified rule set name within a resource group.", + "operationId": "Policies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyNameParameter" + }, + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + }, + { + "description": "Policy to be created.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "201": { + "description": "Created. The request has been fulfilled and a new protection policy has been created.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "202": { + "description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Creates specific policy": { + "$ref": "./examples/WafPolicyCreateOrUpdate.json" + } + }, + "x-ms-long-running-operation": true + }, + "patch": { + "tags": [ + "WebApplicationFirewallPolicies" + ], + "description": "Patch a specific frontdoor webApplicationFirewall policy for tags update under the specified subscription and resource group.", + "operationId": "Policies_Update", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyNameParameter" + }, + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + }, + { + "description": "FrontdoorWebApplicationFirewallPolicy parameters to be patched.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "./network.json#/definitions/TagsObject" + } + } + ], + "responses": { + "200": { + "description": "OK. The request has succeeded.", + "schema": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Patches specific policy": { + "$ref": "./examples/WafPolicyPatch.json" + } + }, + "x-ms-long-running-operation": true + }, + "delete": { + "tags": [ + "WebApplicationFirewallPolicies" + ], + "description": "Deletes Policy", + "operationId": "Policies_Delete", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyNameParameter" + }, + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Delete successful." + }, + "202": { + "description": "Accepted. The request has been accepted for processing and the operation will complete asynchronously." + }, + "204": { + "description": "No Content. The request has been accepted but the policy was not found." + } + }, + "x-ms-examples": { + "Delete protection policy": { + "$ref": "./examples/WafPolicyDelete.json" + } + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets": { + "get": { + "tags": [ + "WebApplicationFirewallManagedRuleSets" + ], + "description": "Lists all available managed rule sets.", + "operationId": "ManagedRuleSets_List", + "parameters": [ + { + "$ref": "./network.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "./network.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success. The operation returns a list of all available web application firewall managed rule sets.", + "schema": { + "$ref": "#/definitions/ManagedRuleSetDefinitionList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List Policies ManagedRuleSets in a Resource Group": { + "$ref": "./examples/WafListManagedRuleSets.json" + } + } + } + } + }, + "definitions": { + "WebApplicationFirewallPolicy": { + "description": "Defines web application firewall policy.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Properties of the web application firewall policy.", + "$ref": "#/definitions/WebApplicationFirewallPolicyProperties" + }, + "etag": { + "type": "string", + "description": "Gets a unique read-only string that changes whenever the resource is updated." + }, + "sku": { + "description": "The pricing tier of web application firewall policy. Defaults to Classic_AzureFrontDoor if not specified.", + "$ref": "#/definitions/Sku" + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/Resource" + } + ] + }, + "WebApplicationFirewallPolicyProperties": { + "description": "Defines web application firewall policy properties.", + "properties": { + "policySettings": { + "description": "Describes settings for the policy.", + "$ref": "#/definitions/PolicySettings" + }, + "customRules": { + "description": "Describes custom rules inside the policy.", + "$ref": "#/definitions/CustomRuleList" + }, + "managedRules": { + "description": "Describes managed rules inside the policy.", + "$ref": "#/definitions/ManagedRuleSetList" + }, + "frontendEndpointLinks": { + "description": "Describes Frontend Endpoints associated with this Web Application Firewall policy.", + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/FrontendEndpointLink" + } + }, + "routingRuleLinks": { + "description": "Describes Routing Rules associated with this Web Application Firewall policy.", + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/RoutingRuleLink" + } + }, + "securityPolicyLinks": { + "description": "Describes Security Policy associated with this Web Application Firewall policy.", + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/SecurityPolicyLink" + } + }, + "provisioningState": { + "readOnly": true, + "type": "string", + "description": "Provisioning state of the policy." + }, + "resourceState": { + "title": "Resource status of the policy.", + "readOnly": true, + "enum": [ + "Creating", + "Enabling", + "Enabled", + "Disabling", + "Disabled", + "Deleting" + ], + "type": "string", + "x-ms-enum": { + "name": "PolicyResourceState", + "modelAsString": true + } + } + } + }, + "Sku": { + "description": "The pricing tier of the web application firewall policy.", + "properties": { + "name": { + "description": "Name of the pricing tier.", + "enum": [ + "Classic_AzureFrontDoor", + "Standard_AzureFrontDoor", + "Premium_AzureFrontDoor" + ], + "type": "string", + "x-ms-enum": { + "name": "SkuName", + "modelAsString": true + } + } + }, + "type": "object" + }, + "WebApplicationFirewallPolicyList": { + "description": "Defines a list of WebApplicationFirewallPolicies. It contains a list of WebApplicationFirewallPolicy objects and a URL link to get the next set of results.", + "properties": { + "value": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/WebApplicationFirewallPolicy" + }, + "description": "List of WebApplicationFirewallPolicies within a resource group." + }, + "nextLink": { + "type": "string", + "description": "URL to get the next set of WebApplicationFirewallPolicy objects if there are any." + } + } + }, + "PolicySettings": { + "description": "Defines top-level WebApplicationFirewallPolicy configuration settings.", + "properties": { + "enabledState": { + "description": "Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.", + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "x-ms-enum": { + "name": "PolicyEnabledState", + "modelAsString": true + } + }, + "mode": { + "description": "Describes if it is in detection mode or prevention mode at policy level.", + "type": "string", + "enum": [ + "Prevention", + "Detection" + ], + "x-ms-enum": { + "name": "PolicyMode", + "modelAsString": true + } + }, + "redirectUrl": { + "description": "If action type is redirect, this field represents redirect URL for the client.", + "type": "string" + }, + "customBlockResponseStatusCode": { + "description": "If the action type is block, customer can override the response status code.", + "type": "integer" + }, + "customBlockResponseBody": { + "description": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$" + }, + "requestBodyCheck": { + "description": "Describes if policy managed rules will inspect the request body content.", + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "x-ms-enum": { + "name": "PolicyRequestBodyCheck", + "modelAsString": true + } + }, + "logScrubbing": { + "description": "Defines rules to scrub sensitive fields in Web Application Firewall logs", + "type": "object", + "properties": { + "state": { + "type": "string", + "description": "State of the log scrub config. Default value is Enabled.", + "enum": [ + "Enabled", + "Disabled" + ], + "x-ms-enum": { + "name": "WebApplicationFirewallScrubbingState", + "modelAsString": true + } + }, + "scrubbingRules": { + "type": "array", + "items": { + "$ref": "#/definitions/WebApplicationFirewallScrubbingRules" + }, + "x-ms-identifiers": [], + "description": "List of log scrub rules applied to Web Application Firewall logs." + } + } + } + } + }, + "CustomRuleList": { + "description": "Defines contents of custom rules", + "properties": { + "rules": { + "description": "List of rules", + "type": "array", + "items": { + "$ref": "#/definitions/CustomRule" + } + } + } + }, + "CustomRule": { + "description": "Defines contents of a web application rule", + "required": [ + "priority", + "ruleType", + "matchConditions", + "action" + ], + "properties": { + "name": { + "type": "string", + "description": "Describes the name of the rule.", + "maxLength": 128 + }, + "priority": { + "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.", + "type": "integer" + }, + "enabledState": { + "description": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.", + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "x-ms-enum": { + "name": "CustomRuleEnabledState", + "modelAsString": true + } + }, + "ruleType": { + "description": "Describes type of rule.", + "type": "string", + "enum": [ + "MatchRule", + "RateLimitRule" + ], + "x-ms-enum": { + "name": "RuleType", + "modelAsString": true + } + }, + "rateLimitDurationInMinutes": { + "description": "Time window for resetting the rate limit count. Default is 1 minute.", + "type": "integer", + "minimum": 0, + "maximum": 5 + }, + "rateLimitThreshold": { + "description": "Number of allowed requests per client within the time window.", + "type": "integer", + "minimum": 0 + }, + "matchConditions": { + "description": "List of match conditions.", + "type": "array", + "items": { + "$ref": "#/definitions/MatchCondition" + } + }, + "action": { + "description": "Describes what action to be applied when rule matches.", + "$ref": "#/definitions/ActionType" + } + } + }, + "TransformType": { + "description": "Describes what transforms applied before matching.", + "type": "string", + "enum": [ + "Lowercase", + "Uppercase", + "Trim", + "UrlDecode", + "UrlEncode", + "RemoveNulls" + ], + "x-ms-enum": { + "name": "TransformType", + "modelAsString": true + } + }, + "MatchCondition": { + "description": "Define a match condition.", + "required": [ + "matchVariable", + "operator", + "matchValue" + ], + "properties": { + "matchVariable": { + "description": "Request variable to compare with.", + "type": "string", + "enum": [ + "RemoteAddr", + "RequestMethod", + "QueryString", + "PostArgs", + "RequestUri", + "RequestHeader", + "RequestBody", + "Cookies", + "SocketAddr" + ], + "x-ms-enum": { + "name": "MatchVariable", + "modelAsString": true + } + }, + "selector": { + "description": "Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.", + "type": "string" + }, + "operator": { + "description": "Comparison type to use for matching with the variable value.", + "type": "string", + "enum": [ + "Any", + "IPMatch", + "GeoMatch", + "Equal", + "Contains", + "LessThan", + "GreaterThan", + "LessThanOrEqual", + "GreaterThanOrEqual", + "BeginsWith", + "EndsWith", + "RegEx" + ], + "x-ms-enum": { + "name": "Operator", + "modelAsString": true + } + }, + "negateCondition": { + "description": "Describes if the result of this condition should be negated.", + "type": "boolean" + }, + "matchValue": { + "description": "List of possible match values.", + "type": "array", + "items": { + "type": "string" + } + }, + "transforms": { + "description": "List of transforms.", + "type": "array", + "items": { + "$ref": "#/definitions/TransformType" + } + } + } + }, + "ManagedRuleSetList": { + "description": "Defines the list of managed rule sets for the policy.", + "properties": { + "managedRuleSets": { + "description": "List of rule sets.", + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleSet" + } + } + } + }, + "ManagedRuleSet": { + "type": "object", + "description": "Defines a managed rule set.", + "required": [ + "ruleSetType", + "ruleSetVersion" + ], + "properties": { + "ruleSetType": { + "description": "Defines the rule set type to use.", + "type": "string" + }, + "ruleSetVersion": { + "description": "Defines the version of the rule set to use.", + "type": "string" + }, + "ruleSetAction": { + "description": "Defines the rule set action.", + "title": "ruleSetAction", + "$ref": "#/definitions/ManagedRuleSetActionType" + }, + "exclusions": { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleExclusion" + }, + "description": "Describes the exclusions that are applied to all rules in the set." + }, + "ruleGroupOverrides": { + "description": "Defines the rule group overrides to apply to the rule set.", + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleGroupOverride" + } + } + } + }, + "ManagedRuleGroupOverride": { + "description": "Defines a managed rule group override setting.", + "required": [ + "ruleGroupName" + ], + "properties": { + "ruleGroupName": { + "description": "Describes the managed rule group to override.", + "type": "string" + }, + "exclusions": { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleExclusion" + }, + "description": "Describes the exclusions that are applied to all rules in the group." + }, + "rules": { + "description": "List of rules that will be disabled. If none specified, all rules in the group will be disabled.", + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleOverride" + } + } + } + }, + "ManagedRuleOverride": { + "description": "Defines a managed rule group override setting.", + "required": [ + "ruleId" + ], + "properties": { + "ruleId": { + "description": "Identifier for the managed rule.", + "type": "string" + }, + "enabledState": { + "description": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.", + "$ref": "#/definitions/ManagedRuleEnabledState" + }, + "action": { + "description": "Describes the override action to be applied when rule matches.", + "$ref": "#/definitions/ActionType" + }, + "exclusions": { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleExclusion" + }, + "description": "Describes the exclusions that are applied to this specific rule." + } + } + }, + "ManagedRuleSetDefinitionList": { + "description": "List of managed rule set definitions available for use in a policy.", + "properties": { + "value": { + "description": "List of managed rule set definitions.", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleSetDefinition" + } + }, + "nextLink": { + "type": "string", + "description": "URL to retrieve next set of managed rule set definitions." + } + } + }, + "ManagedRuleSetDefinition": { + "description": "Describes the a managed rule set definition.", + "properties": { + "properties": { + "description": "Properties for a managed rule set definition.", + "x-ms-client-flatten": true, + "$ref": "#/definitions/ManagedRuleSetDefinitionProperties" + } + }, + "allOf": [ + { + "$ref": "./network.json#/definitions/Resource" + } + ] + }, + "ManagedRuleSetDefinitionProperties": { + "description": "Properties for a managed rule set definition.", + "properties": { + "provisioningState": { + "type": "string", + "readOnly": true, + "description": "Provisioning state of the managed rule set." + }, + "ruleSetId": { + "type": "string", + "readOnly": true, + "description": "Id of the managed rule set." + }, + "ruleSetType": { + "type": "string", + "readOnly": true, + "description": "Type of the managed rule set." + }, + "ruleSetVersion": { + "type": "string", + "readOnly": true, + "description": "Version of the managed rule set type." + }, + "ruleGroups": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/ManagedRuleGroupDefinition" + }, + "description": "Rule groups of the managed rule set." + } + } + }, + "ManagedRuleGroupDefinition": { + "description": "Describes a managed rule group.", + "properties": { + "ruleGroupName": { + "type": "string", + "readOnly": true, + "description": "Name of the managed rule group." + }, + "description": { + "type": "string", + "readOnly": true, + "description": "Description of the managed rule group." + }, + "rules": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/ManagedRuleDefinition" + }, + "description": "List of rules within the managed rule group." + } + } + }, + "ManagedRuleDefinition": { + "description": "Describes a managed rule definition.", + "properties": { + "ruleId": { + "description": "Identifier for the managed rule.", + "readOnly": true, + "type": "string" + }, + "defaultState": { + "description": "Describes the default state for the managed rule.", + "readOnly": true, + "$ref": "#/definitions/ManagedRuleEnabledState" + }, + "defaultAction": { + "description": "Describes the default action to be applied when the managed rule matches.", + "readOnly": true, + "$ref": "#/definitions/ActionType" + }, + "description": { + "description": "Describes the functionality of the managed rule.", + "readOnly": true, + "type": "string" + } + } + }, + "ManagedRuleExclusion": { + "required": [ + "matchVariable", + "selectorMatchOperator", + "selector" + ], + "description": "Exclude variables from managed rule evaluation.", + "properties": { + "matchVariable": { + "type": "string", + "enum": [ + "RequestHeaderNames", + "RequestCookieNames", + "QueryStringArgNames", + "RequestBodyPostArgNames", + "RequestBodyJsonArgNames" + ], + "description": "The variable type to be excluded.", + "x-ms-enum": { + "name": "ManagedRuleExclusionMatchVariable", + "modelAsString": true + } + }, + "selectorMatchOperator": { + "type": "string", + "enum": [ + "Equals", + "Contains", + "StartsWith", + "EndsWith", + "EqualsAny" + ], + "description": "Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.", + "x-ms-enum": { + "name": "ManagedRuleExclusionSelectorMatchOperator", + "modelAsString": true + } + }, + "selector": { + "type": "string", + "description": "Selector value for which elements in the collection this exclusion applies to." + } + } + }, + "ActionType": { + "description": "Defines the action to take on rule match.", + "type": "string", + "enum": [ + "Allow", + "Block", + "Log", + "Redirect", + "AnomalyScoring" + ], + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true + } + }, + "WebApplicationFirewallScrubbingRules": { + "description": "Defines contents of a log scrub rules.", + "type": "object", + "required": [ + "matchVariable", + "selectorMatchOperator" + ], + "properties": { + "matchVariable": { + "type": "string", + "enum": [ + "RequestIPAddress", + "RequestUri", + "QueryStringArgNames", + "RequestHeaderNames", + "RequestCookieNames", + "RequestBodyPostArgNames", + "RequestBodyJsonArgNames" + ], + "description": "The variable to be scrubbed from the logs.", + "x-ms-enum": { + "name": "scrubbingRuleEntryMatchVariable", + "modelAsString": true + } + }, + "selectorMatchOperator": { + "type": "string", + "enum": [ + "EqualsAny", + "Equals" + ], + "description": "Comparison type to use for matching with the variable value in log.", + "x-ms-enum": { + "name": " scrubbingRuleEntryMatchOperator", + "modelAsString": true + } + }, + "selector": { + "type": "string", + "description": "Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables in the log. Default value is null." + }, + "state": { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ], + "description": "Defines the state of log scrubbing rule. Default value is Enabled.", + "x-ms-enum": { + "name": " scrubbingRuleEntryState", + "modelAsString": true + } + } + } + }, + "ManagedRuleSetActionType": { + "description": "Defines the action to take when a managed rule set score threshold is met.", + "type": "string", + "enum": [ + "Block", + "Log", + "Redirect" + ], + "x-ms-enum": { + "name": "ManagedRuleSetActionType", + "modelAsString": true + } + }, + "ManagedRuleEnabledState": { + "description": "Describes if the managed rule is in enabled or disabled state.", + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "x-ms-enum": { + "name": "ManagedRuleEnabledState", + "modelAsString": true + } + }, + "ErrorResponse": { + "description": "Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.", + "type": "object", + "properties": { + "code": { + "description": "Error code.", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "Error message indicating why the operation failed.", + "readOnly": true, + "type": "string" + } + } + }, + "DefaultErrorResponse": { + "description": "Error response indicates Front Door service is not able to process the incoming request. The reason is provided in the error message.", + "type": "object", + "properties": { + "error": { + "description": "Error model.", + "type": "object", + "properties": { + "code": { + "description": "Error code.", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "Error message indicating why the operation failed.", + "readOnly": true, + "type": "string" + } + } + } + } + }, + "FrontendEndpointLink": { + "description": "Defines the Resource ID for a Frontend Endpoint.", + "type": "object", + "readOnly": true, + "properties": { + "id": { + "type": "string", + "description": "Resource ID." + } + } + }, + "RoutingRuleLink": { + "description": "Defines the Resource ID for a Routing Rule.", + "type": "object", + "readOnly": true, + "properties": { + "id": { + "type": "string", + "description": "Resource ID." + } + } + }, + "SecurityPolicyLink": { + "description": "Defines the Resource ID for a Security Policy.", + "type": "object", + "readOnly": true, + "properties": { + "id": { + "type": "string", + "description": "Resource ID." + } + } + } + }, + "parameters": { + "PolicyNameParameter": { + "name": "policyName", + "in": "path", + "required": true, + "type": "string", + "maxLength": 128, + "x-ms-parameter-location": "method", + "description": "The name of the Web Application Firewall Policy." + }, + "ResourceGroupNameParameter": { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[a-zA-Z0-9_\\-\\(\\)\\.]*[^\\.]$", + "minLength": 1, + "maxLength": 80, + "x-ms-parameter-location": "method", + "description": "Name of the Resource group within the Azure subscription." + } + } +} diff --git a/specification/frontdoor/resource-manager/readme.md b/specification/frontdoor/resource-manager/readme.md index b50e64fb7691..a37b5368216e 100644 --- a/specification/frontdoor/resource-manager/readme.md +++ b/specification/frontdoor/resource-manager/readme.md @@ -28,9 +28,21 @@ These are the global settings for the FrontDoor API. title: FrontDoorManagementClient description: FrontDoor Client openapi-type: arm -tag: package-2022-05 +tag: package-2023-11 ``` + +### Tag: package-2023-11 + +These settings apply only when `--tag=package-2023-11` is specified on the command line. + +```yaml $(tag) == 'package-2023-11' +input-file: + - Microsoft.Network/stable/2023-11-01/network.json + - Microsoft.Network/stable/2023-11-01/webapplicationfirewall.json + - Microsoft.Network/stable/2021-06-01/frontdoor.json + - Microsoft.Network/stable/2019-11-01/networkexperiment.json +``` ### Tag: package-2022-05 These settings apply only when `--tag=package-2022-05` is specified on the command line. @@ -47,7 +59,7 @@ input-file: These settings apply only when `--tag=package-2021-06` is specified on the command line. -```yaml $(tag) == 'package-2021-06' +``` yaml $(tag) == 'package-2021-06' input-file: - Microsoft.Network/stable/2021-06-01/frontdoor.json - Microsoft.Network/stable/2021-06-01/webapplicationfirewall.json