import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * !> **Note:** This deploys an Azure Front Door (classic) resource which has been deprecated and will receive security updates only. Please migrate your existing Azure Front Door (classic) deployments to the new Azure Front Door (standard/premium) resources. For your convenience, the service team has exposed a `Front Door Classic` to `Front Door Standard/Premium` [migration tool](https://learn.microsoft.com/azure/frontdoor/tier-migration) to allow you to migrate your existing `Front Door Classic` instances to the new `Front Door Standard/Premium` product tiers. * * Manages an Azure Front Door (classic) Web Application Firewall Policy instance. * * !> **Note:** Azure rolled out a breaking change on Friday 9th April 2021 which may cause issues with the CDN/FrontDoor resources. More information is available in this GitHub issue - unfortunately this may necessitate a breaking change to the CDN and Front Door resources, more information will be posted in the GitHub issue as the necessary changes are identified. * * !> **Note:** The creation of new Azure Front Door (classic) resources is no longer supported following its deprecation on `April 1, 2025`. However, modifications to existing Azure Front Door (classic) resources will continue to be supported until the API reaches full retirement on `March 31, 2027`. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-rg", * location: "West Europe", * }); * const exampleFirewallPolicy = new azure.frontdoor.FirewallPolicy("example", { * name: "examplefdwafpolicy", * resourceGroupName: example.name, * enabled: true, * mode: "Prevention", * redirectUrl: "https://www.contoso.com", * customBlockResponseStatusCode: 403, * customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==", * customRules: [ * { * name: "Rule1", * enabled: true, * priority: 1, * rateLimitDurationInMinutes: 1, * rateLimitThreshold: 10, * type: "MatchRule", * action: "Block", * matchConditions: [{ * matchVariable: "RemoteAddr", * operator: "IPMatch", * negationCondition: false, * matchValues: [ * "192.168.1.0/24", * "10.0.0.0/24", * ], * }], * }, * { * name: "Rule2", * enabled: true, * priority: 2, * rateLimitDurationInMinutes: 1, * rateLimitThreshold: 10, * type: "MatchRule", * action: "Block", * matchConditions: [ * { * matchVariable: "RemoteAddr", * operator: "IPMatch", * negationCondition: false, * matchValues: ["192.168.1.0/24"], * }, * { * matchVariable: "RequestHeader", * selector: "UserAgent", * operator: "Contains", * negationCondition: false, * matchValues: ["windows"], * transforms: [ * "Lowercase", * "Trim", * ], * }, * ], * }, * ], * managedRules: [ * { * type: "DefaultRuleSet", * version: "1.0", * exclusions: [{ * matchVariable: "QueryStringArgNames", * operator: "Equals", * selector: "not_suspicious", * }], * overrides: [ * { * ruleGroupName: "PHP", * rules: [{ * ruleId: "933100", * enabled: false, * action: "Block", * }], * }, * { * ruleGroupName: "SQLI", * exclusions: [{ * matchVariable: "QueryStringArgNames", * operator: "Equals", * selector: "really_not_suspicious", * }], * rules: [{ * ruleId: "942200", * action: "Block", * exclusions: [{ * matchVariable: "QueryStringArgNames", * operator: "Equals", * selector: "innocent", * }], * }], * }, * ], * }, * { * type: "Microsoft_BotManagerRuleSet", * version: "1.0", * }, * ], * }); * ``` * * ## Import * * FrontDoor Web Application Firewall Policy can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:frontdoor/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/examplefdwafpolicy * ``` */ export declare class FirewallPolicy extends pulumi.CustomResource { /** * Get an existing FirewallPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FirewallPolicyState, opts?: pulumi.CustomResourceOptions): FirewallPolicy; /** * Returns true if the given object is an instance of FirewallPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FirewallPolicy; /** * If a `customRule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding. */ readonly customBlockResponseBody: pulumi.Output; /** * If a `customRule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`. */ readonly customBlockResponseStatusCode: pulumi.Output; /** * One or more `customRule` blocks as defined below. */ readonly customRules: pulumi.Output; /** * Is the policy a enabled state or disabled state. Defaults to `true`. */ readonly enabled: pulumi.Output; /** * The Frontend Endpoints associated with this Front Door Web Application Firewall policy. */ readonly frontendEndpointIds: pulumi.Output; /** * The Azure Region where this Front Door Firewall Policy exists. */ readonly location: pulumi.Output; /** * One or more `managedRule` blocks as defined below. */ readonly managedRules: pulumi.Output; /** * The firewall policy mode. Possible values are `Detection`, `Prevention`. Defaults to `Prevention`. */ readonly mode: pulumi.Output; /** * The name of the policy. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * If action type is redirect, this field represents redirect URL for the client. */ readonly redirectUrl: pulumi.Output; /** * The name of the resource group. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * A mapping of tags to assign to the Web Application Firewall Policy. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a FirewallPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FirewallPolicy resources. */ export interface FirewallPolicyState { /** * If a `customRule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding. */ customBlockResponseBody?: pulumi.Input; /** * If a `customRule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`. */ customBlockResponseStatusCode?: pulumi.Input; /** * One or more `customRule` blocks as defined below. */ customRules?: pulumi.Input[]>; /** * Is the policy a enabled state or disabled state. Defaults to `true`. */ enabled?: pulumi.Input; /** * The Frontend Endpoints associated with this Front Door Web Application Firewall policy. */ frontendEndpointIds?: pulumi.Input[]>; /** * The Azure Region where this Front Door Firewall Policy exists. */ location?: pulumi.Input; /** * One or more `managedRule` blocks as defined below. */ managedRules?: pulumi.Input[]>; /** * The firewall policy mode. Possible values are `Detection`, `Prevention`. Defaults to `Prevention`. */ mode?: pulumi.Input; /** * The name of the policy. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * If action type is redirect, this field represents redirect URL for the client. */ redirectUrl?: pulumi.Input; /** * The name of the resource group. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * A mapping of tags to assign to the Web Application Firewall Policy. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a FirewallPolicy resource. */ export interface FirewallPolicyArgs { /** * If a `customRule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding. */ customBlockResponseBody?: pulumi.Input; /** * If a `customRule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`. */ customBlockResponseStatusCode?: pulumi.Input; /** * One or more `customRule` blocks as defined below. */ customRules?: pulumi.Input[]>; /** * Is the policy a enabled state or disabled state. Defaults to `true`. */ enabled?: pulumi.Input; /** * One or more `managedRule` blocks as defined below. */ managedRules?: pulumi.Input[]>; /** * The firewall policy mode. Possible values are `Detection`, `Prevention`. Defaults to `Prevention`. */ mode?: pulumi.Input; /** * The name of the policy. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * If action type is redirect, this field represents redirect URL for the client. */ redirectUrl?: pulumi.Input; /** * The name of the resource group. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * A mapping of tags to assign to the Web Application Firewall Policy. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }