< Back
New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
Post
NAME New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
SYNOPSIS
Creates a WAF configuration for an application gateway.
SYNTAX
New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration [-DefaultProfile <IAzureContextContainer>] [-DisabledRuleGroups
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]>] -Enabled <Boolean>
-FirewallMode {Detection | Prevention} [-RuleSetType {OWASP}] [-RuleSetVersion {3.0 | 2.2.9}] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration cmdlet creates a web application firewall (WAF) configuration for an Azure
application gateway.
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DisabledRuleGroups <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]>
The disabled rule groups.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Enabled <Boolean>
Indicates whether the WAF is enabled.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-FirewallMode <String>
Specifies the web application firewall mode. The acceptable values for this parameter are:
- Detection
- Prevention
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-RuleSetType <String>
The type of the web application firewall rule set. The acceptable values for this parameter are:
- OWASP
Required? false
Position? named
Default value OWASP
Accept pipeline input? False
Accept wildcard characters? false
-RuleSetVersion <String>
The version of the rule set type. The acceptable values for this parameter are:
- 3.0
- 2.2.9
Required? false
Position? named
Default value 3.0
Accept pipeline input? False
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallConfiguration
NOTES
Example 1: Create a web application firewall configuration for an application gateway
PS C:\\> $disabledRuleGroup1 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-942-APPLICATION-ATTACK-SQLI"
-Rules 942130,942140
PS C:\\> $disabledRuleGroup2 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-921-PROTOCOL-ATTACK"
PS C:\\> $firewallConfig = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention" -RuleSetType
"OWASP" -RuleSetVersion "3.0" -DisabledRuleGroups $disabledRuleGroup1,$disabledRuleGroup2
The first command creates a new disabled rule group configuration for the rule group named "REQUEST-942-APPLICATION-ATTACK-SQLI" with rule 942130
and rule 942140 being disabled. The second command creates another disabled rule group configuration for a rule group named
"REQUEST-921-PROTOCOL-ATTACK". No rules are specifically passed and thus all rules of the rule group will be disabled. The last command then
creates a WAF configuration with firewall rules disabled as configured in $disabledRuleGroup1 and $disabledRuleGroup2. The new WAF configuration
is stored in the $firewallConfig variable.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... figuration
Get-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
Set-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
SYNOPSIS
Creates a WAF configuration for an application gateway.
SYNTAX
New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration [-DefaultProfile <IAzureContextContainer>] [-DisabledRuleGroups
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]>] -Enabled <Boolean>
-FirewallMode {Detection | Prevention} [-RuleSetType {OWASP}] [-RuleSetVersion {3.0 | 2.2.9}] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration cmdlet creates a web application firewall (WAF) configuration for an Azure
application gateway.
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DisabledRuleGroups <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayFirewallDisabledRuleGroup]>
The disabled rule groups.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Enabled <Boolean>
Indicates whether the WAF is enabled.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-FirewallMode <String>
Specifies the web application firewall mode. The acceptable values for this parameter are:
- Detection
- Prevention
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-RuleSetType <String>
The type of the web application firewall rule set. The acceptable values for this parameter are:
- OWASP
Required? false
Position? named
Default value OWASP
Accept pipeline input? False
Accept wildcard characters? false
-RuleSetVersion <String>
The version of the rule set type. The acceptable values for this parameter are:
- 3.0
- 2.2.9
Required? false
Position? named
Default value 3.0
Accept pipeline input? False
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayWebApplicationFirewallConfiguration
NOTES
Example 1: Create a web application firewall configuration for an application gateway
PS C:\\> $disabledRuleGroup1 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-942-APPLICATION-ATTACK-SQLI"
-Rules 942130,942140
PS C:\\> $disabledRuleGroup2 = New-AzureRmApplicationGatewayFirewallDisabledRuleGroupConfig -RuleGroupName "REQUEST-921-PROTOCOL-ATTACK"
PS C:\\> $firewallConfig = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention" -RuleSetType
"OWASP" -RuleSetVersion "3.0" -DisabledRuleGroups $disabledRuleGroup1,$disabledRuleGroup2
The first command creates a new disabled rule group configuration for the rule group named "REQUEST-942-APPLICATION-ATTACK-SQLI" with rule 942130
and rule 942140 being disabled. The second command creates another disabled rule group configuration for a rule group named
"REQUEST-921-PROTOCOL-ATTACK". No rules are specifically passed and thus all rules of the rule group will be disabled. The last command then
creates a WAF configuration with firewall rules disabled as configured in $disabledRuleGroup1 and $disabledRuleGroup2. The new WAF configuration
is stored in the $firewallConfig variable.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... figuration
Get-AzureRmApplicationGatewayWebApplicationFirewallConfiguration
Set-AzureRmApplicationGatewayWebApplicationFirewallConfiguration