Creating CLI for Exception (Allow List) feature in Application Gateway #31597
Description
Preconditions
- No need to upgrade Python SDK or the Python SDK is ready.
Related command
az network application-gateway waf-policy managed-rule exception rule-set (add/list/remove)
full data:
az network application-gateway waf-policy managed-rule exception rule-set add - Add a managed rule set to an exception.
az network application-gateway waf-policy managed-rule exception rule-set list - List all managed rule sets of an exception.
az network application-gateway waf-policy managed-rule exception rule-set remove - Remove managed rule set within an exception.
parameters:
--match-variable {RequestURI, RemoteAddr ,RequestHeader}
--value-match-operator {Equals, Contains, StartsWith, EndsWith, IPMatch}
--policy-name
--resource-group
--type {Microsoft_BotManagerRuleSet, OWASP}
--version {2.1, 3.2}
[--values]
[--selector-match-operator {Equals, Contains, StartsWith. EndsWith}]
[--selector]
[--group-name]
[--rule-ids]
Resource Provider
Microsoft.Network/applicationGateways
Description of Feature or Work Requested
This feature allows traffic that met configured criteria to skip the configured managed rules.
This is a design document for the feature:
https://microsoft.sharepoint.com/:w:/r/teams/ApplicationGateway9/Shared%20Documents/WAF/Documents/Allowlist/Allow%20List%20Functionality%20for%20WAF.docx?d=wbbb1982c8b544e1ea744faa5efe96356&csf=1&web=1&e=XEtwnG
Minimum API Version Required
2024-03-01
Swagger PR link / SDK link
https://github.com/Azure/azure-rest-api-specs-pr/commit/6c4f7e769fffe4bb807336975ef1469f7fb40891
Request Example
Target Date
N/A
PM Contact
yuvalpery
Engineer Contact
yanivhaddad
Additional context
No response