{Network} AppGateway WAF support HTTPDDoS rule set#32374
Merged
Conversation
️✔️AzureCLI-FullTest
|
azure-client-tools-bot-prd
bot
added this to the
November 2025 (2025-11-18)❗ Breaking change release ❗ milestone
|
Hi @cxznmhdcxz, |
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| network application-gateway waf-policy create | cmd network application-gateway waf-policy create update parameter rule_set_type: updated property choices from ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'OWASP'] to ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'Microsoft_HTTPDDoSRuleSet', 'OWASP'] |
||
| network application-gateway waf-policy managed-rule exclusion rule-set add | cmd network application-gateway waf-policy managed-rule exclusion rule-set add update parameter rule_set_type: updated property choices from ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'OWASP'] to ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'Microsoft_HTTPDDoSRuleSet', 'OWASP'] |
||
| network application-gateway waf-policy managed-rule exclusion rule-set remove | cmd network application-gateway waf-policy managed-rule exclusion rule-set remove update parameter rule_set_type: updated property choices from ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'OWASP'] to ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'Microsoft_HTTPDDoSRuleSet', 'OWASP'] |
||
| network application-gateway waf-policy managed-rule rule-set add | cmd network application-gateway waf-policy managed-rule rule-set add update parameter rule_set_type: updated property choices from ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'OWASP'] to ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'Microsoft_HTTPDDoSRuleSet', 'OWASP'] |
||
| network application-gateway waf-policy managed-rule rule-set remove | cmd network application-gateway waf-policy managed-rule rule-set remove update parameter rule_set_type: updated property choices from ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'OWASP'] to ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'Microsoft_HTTPDDoSRuleSet', 'OWASP'] |
||
| network application-gateway waf-policy managed-rule rule-set update | cmd network application-gateway waf-policy managed-rule rule-set update update parameter rule_set_type: updated property choices from ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'OWASP'] to ['Microsoft_BotManagerRuleSet', 'Microsoft_DefaultRuleSet', 'Microsoft_HTTPDDoSRuleSet', 'OWASP'] |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
jsntcy,
kairu-ms and
yonzhan
cxznmhdcxz
changed the title
Contributor
There was a problem hiding this comment.
Pull Request Overview
This pull request adds support for the Microsoft_HTTPDDoSRuleSet type in Azure Application Gateway WAF policies and updates the API version to 2025-03-01. The main changes include:
- Adding Microsoft_HTTPDDoSRuleSet to the available rule set types for WAF policies
- Implementing default sensitivity value of "Medium" for HTTPDDoSRuleSet rules when not explicitly specified
- Updating the API version from 2024-07-01 to 2025-03-01 across multiple AAZ modules
- Adding test coverage for the new rule set type with sensitivity validation
- Adding virtual network creation with default-outbound configuration in test setup
Reviewed Changes
Copilot reviewed 17 out of 25 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| custom.py | Added Microsoft_HTTPDDoSRuleSet enum value and logic to set default sensitivity to "Medium" for HTTPDDoSRuleSet rules |
| test_network_commands.py | Added test case for HTTPDDoSRuleSet with sensitivity validation, added VNet creation with default-outbound false flag |
| _update.py | Updated API version to 2025-03-01, removed "None" from sensitivity enum, added new schema properties |
| _wait.py | Updated API version to 2025-03-01, added new schema properties for application gateway and related resources |
| _delete.py | Updated API version to 2025-03-01 |
| test recordings | Updated test recordings with new API version and test data |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/azure-cli/azure/cli/command_modules/network/tests/latest/test_network_commands.py
Show resolved
Hide resolved
Member
|
brilliant work! |
necusjz
approved these changes
Nov 5, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az network application-gateway waf-policyaz network application-gateway waf-policy managed-rule rule-setDescription
resolve #32300
resolve #32301
aaz Azure/aaz#891
Testing Guide
History Notes
[Network]
az network application-gateway waf-policy managed-rule: SupportMicrosoft_HTTPDDoSRuleSetrule set[Network]
az network application-gateway waf-policy: Remove optionNonefor WAF rule sensitivityThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.