Merge pull request #190860 from duongau/rulesengine

AFD Rules engine architecture - merge to AFD

Author: denrea

.openpublishing.redirection.json

@@ -693,6 +693,11 @@
       "redirect_url": "/azure/frontdoor/front-door-rules-engine-actions",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/frontdoor/concept-rules-set.md",
+      "redirect_url": "/azure/frontdoor/front-door-rules-engine",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/app-service-web/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database.md",
       "redirect_url": "/aspnet/core/security/authorization/secure-data",

articles/frontdoor/front-door-routing-architecture.md

@@ -97,7 +97,7 @@ The route specifies the [backend pool](front-door-backend-pool.md) that the requ
 
 ## Evaluate rule sets
 
-If you have defined [rule sets](standard-premium/concept-rule-set.md) for the route, they're executed in the order they're configured. [Rule sets can override the origin group](front-door-rules-engine-actions.md#origin-group-override) specified in a route. Rule sets can also trigger a redirection response to the request instead of forwarding it to an origin.
+If you have defined [rule sets](front-door-rules-engine.md) for the route, they're executed in the order they're configured. [Rule sets can override the origin group](front-door-rules-engine-actions.md#origin-group-override) specified in a route. Rule sets can also trigger a redirection response to the request instead of forwarding it to an origin.
 
 ::: zone-end
 

articles/frontdoor/front-door-rules-engine-actions.md

@@ -15,7 +15,7 @@ zone_pivot_groups: front-door-tiers
 
 ::: zone pivot="front-door-standard-premium"
 
-An Azure Front Door Standard/Premium [Rule Set](standard-premium/concept-rule-set.md) consist of rules with a combination of match conditions and actions. This article provides a detailed description of the actions you can use in Azure Front Door Standard/Premium Rule Set. The action defines the behavior that gets applied to a request type that a match condition(s) identifies. In an Azure Front Door (Standard/Premium) Rule Set, a rule can contain up to five actions.
+An Azure Front Door Standard/Premium [Rule Set](front-door-rules-engine.md) consist of rules with a combination of match conditions and actions. This article provides a detailed description of the actions you can use in Azure Front Door Standard/Premium Rule Set. The action defines the behavior that gets applied to a request type that a match condition(s) identifies. In an Azure Front Door (Standard/Premium) Rule Set, a rule can contain up to five actions.
 
 > [!IMPORTANT]
 > Azure Front Door Standard/Premium (Preview) is currently in public preview.

articles/frontdoor/front-door-rules-engine.md

@@ -2,20 +2,81 @@
 title: Rules Engine for Azure Front Door architecture and terminology
 description: This article provides an overview of the Azure Front Door Rules Engine feature. 
 services: frontdoor
-documentationcenter: ''
 author: duongau
-editor: ''
 ms.service: frontdoor
 ms.topic: article
-ms.tgt_pltfrm: na
 ms.workload: infrastructure-services
-ms.date: 9/29/2020
+ms.date: 03/07/2022
 ms.author: duau
-# Customer intent: As an IT admin, I want to learn about Front Door and what the Rules Engine feature does. 
+zone_pivot_groups: front-door-tiers
 ---
 
 # What is Rules Engine for Azure Front Door? 
 
+::: zone pivot="front-door-standard-premium"
+
+A Rule Set is a customized rule engine that groups a combination of rules into a single set. You can associate a Rule Set with multiple routes. The Rule Set allows you to customize how requests get processed at the edge, and how Azure Front Door handles those requests.
+
+> [!IMPORTANT]
+> Azure Front Door Standard/Premium (Preview) is currently in public preview.
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+## Common supported scenarios
+
+* Implementing security headers to prevent browser-based vulnerabilities like HTTP Strict-Transport-Security (HSTS), X-XSS-Protection, Content-Security-Policy, X-Frame-Options, and Access-Control-Allow-Origin headers for Cross-Origin Resource Sharing (CORS) scenarios. Security-based attributes can also be defined with cookies.
+
+* Route requests to mobile or desktop versions of your application based on the client device type.
+
+* Using redirect capabilities to return 301, 302, 307, and 308 redirects to the client to direct them to new hostnames, paths, query strings, or protocols.
+
+* Dynamically modify the caching configuration of your route based on the incoming requests.
+
+* Rewrite the request URL path and forwards the request to the appropriate origin in your configured origin group.
+
+* Add, modify, or remove request/response header to hide sensitive information or capture important information through headers.
+
+* Support server variables to dynamically change the request/response headers or URL rewrite paths/query strings, for example, when a new page load or when a form is posted. Server variable is currently supported on **[Rule Set actions](front-door-rules-engine-actions.md)** only.
+
+## Architecture
+
+Rule Set handles requests at the edge. When a request arrives at your Azure Front Door Standard/Premium endpoint, WAF is executed first, followed by the settings configured in Route. Those settings include the Rule Set associated to the Route. Rule Sets are processed from top to bottom in the Route. The same applies to rules within a Rule Set. In order for all the actions in each rule to get executed, all the match conditions within a rule has to be satisfied. If a request doesn't match any of the conditions in your Rule Set configuration, then only configurations in Route will be executed.
+
+If **Stop evaluating remaining rules** gets checked, then all of the remaining Rule Sets associated with the Route aren't executed.  
+
+### Example
+
+In the following diagram, WAF policies get executed first. A Rule Set gets configured to append a response header. Then the header changes the max-age of the cache control if the match condition gets met.
+
+:::image type="content" source="./media/front-door-rules-engine/front-door-rule-set-architecture-1.png" alt-text="Diagram that shows architecture of Rule Set." lightbox="./media/front-door-rules-engine/front-door-rule-set-architecture-1-expanded.png":::
+
+## Terminology
+
+With Azure Front Door Rule Set, you can create a combination of Rules Set configuration, each composed of a set of rules. The following out lines some helpful terminologies you'll come across when configuring your Rule Set.
+
+For more quota limit, refer to [Azure subscription and service limits, quotas and constraints](../azure-resource-manager/management/azure-subscription-service-limits.md).
+
+* *Rule Set*: A set of rules that gets associated to one or multiple [routes](standard-premium/concept-route.md).
+
+* *Rule Set rule*: A rule composed of up to 10 match conditions and 5 actions. Rules are local to a Rule Set and cannot be exported to use across Rule Sets. Users can create the same rule in multiple Rule Sets.
+
+* *Match condition*: There are many match conditions that can be utilized to parse your incoming requests. A rule can contain up to 10 match conditions. Match conditions are evaluated with an **AND** operator. *Regular expression is supported in conditions*. A full list of match conditions can be found in [Rule Set match conditions](rules-match-conditions.md).
+
+* *Action*: Actions dictate how AFD handles the incoming requests based on the matching conditions. You can modify caching behaviors, modify request headers/response headers, do URL rewrite and URL redirection. *Server variables are supported on Action*. A rule can contain up to 10 match conditions. A full list of actions can be found [Rule Set actions](front-door-rules-engine-actions.md).
+
+## ARM template support
+
+Rule Sets can be configured using Azure Resource Manager templates. [See an example template](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.cdn/front-door-standard-premium-rule-set). You can customize the behavior by using the JSON or Bicep snippets included in the documentation examples for [match conditions](rules-match-conditions.md) and [actions](front-door-rules-engine-actions.md).
+
+## Next steps
+
+* Learn how to [create a Front Door Standard/Premium](standard-premium/create-front-door-portal.md).
+* Learn how to configure your first [Rule Set](standard-premium/how-to-configure-rule-set.md).
+
+::: zone-end
+
+::: zone pivot="front-door-classic"
+
 Rules Engine allows you to customize how HTTP requests gets handled at the edge and provides a more controlled behavior to your web application. Rules Engine for Azure Front Door has several key features, including:
 
 * Enforces HTTPS to ensure all your end users interact with your content over a secure connection.
@@ -54,3 +115,5 @@ With AFD Rules Engine, you can create a combination of Rules Engine configuratio
 - Learn how to configure your first [Rules Engine configuration](front-door-tutorial-rules-engine.md). 
 - Learn how to [create a Front Door](quickstart-create-front-door.md).
 - Learn [how Front Door works](front-door-routing-architecture.md).
+
+::: zone-end

articles/frontdoor/media/concept-rule-set/front-door-rule-set-architecture-1-expanded.png renamed to articles/frontdoor/media/front-door-rules-engine/front-door-rule-set-architecture-1-expanded.png

@@ -14,7 +14,7 @@ zone_pivot_groups: front-door-tiers
 
 ::: zone pivot="front-door-standard-premium"
 
-In Azure Front Door Standard/Premium [rule sets](standard-premium/concept-rule-set.md), a rule consists of none or some match conditions and an action. This article provides detailed descriptions of match conditions you can use in Azure Front Door rule sets.
+In Azure Front Door Standard/Premium [rule sets](front-door-rules-engine.md), a rule consists of none or some match conditions and an action. This article provides detailed descriptions of match conditions you can use in Azure Front Door rule sets.
 
 ::: zone-end
 
@@ -1508,7 +1508,7 @@ For rules that can transform strings, the following transforms are valid:
 
 ::: zone pivot="front-door-standard-premium"
 
-* Learn more about Azure Front Door Standard/Premium [Rule Set](standard-premium/concept-rule-set.md).
+* Learn more about Azure Front Door Standard/Premium [Rule Set](front-door-rules-engine.md).
 * Learn how to [configure your first Rule Set](standard-premium/how-to-configure-rule-set.md).
 * Learn more about [Rule actions](front-door-rules-engine-actions.md).
 

articles/frontdoor/media/concept-rule-set/front-door-rule-set-architecture-1.png renamed to articles/frontdoor/media/front-door-rules-engine/front-door-rule-set-architecture-1.png

@@ -52,7 +52,7 @@
   - name: Rule Engine
     items:
     - name: Rules Engine architecture
-      href: concept-rule-set.md
+      href: ../front-door-rules-engine.md?toc=%2fazure%2ffrontdoor%2fstandard-premium%2ftoc.json
     - name: Rules match conditions
       href: ../rules-match-conditions.md?toc=%2fazure%2ffrontdoor%2fstandard-premium%2ftoc.json
     - name: Rules actions

articles/frontdoor/rules-match-conditions.md

@@ -25,7 +25,7 @@ A Front Door Standard/Premium routing configuration is composed of two major par
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 > [!NOTE]
-> When you use the [Front Door rules engine](concept-rule-set.md), you can configure a rule to [override the origin group](../front-door-rules-engine-actions.md#origin-group-override) for a request. The origin group set by the rules engine overrides the routing process described in this article.
+> When you use the [Front Door rules engine](../front-door-rules-engine.md), you can configure a rule to [override the origin group](../front-door-rules-engine-actions.md#origin-group-override) for a request. The origin group set by the rules engine overrides the routing process described in this article.
 
 ### Incoming match (left-hand side)
 
@@ -133,7 +133,7 @@ Given that configuration, the following example matching table would result:
 
 Once Azure Front Door Standard/Premium has matched to a single routing rule, it then needs to choose how to process the request. If Azure Front Door Standard/Premium has a cached response available for the matched routing rule, then the request gets served back to the client.
 
-Finally, Azure Front Door Standard/Premium evaluates whether or not you have a [rule set](concept-rule-set.md) for the matched routing rule. If there's no rule set defined, then the request gets forwarded to the origin group as-is. Otherwise, the rule sets get executed in the order they're configured. [Rule sets can override the route](../front-door-rules-engine-actions.md#origin-group-override), forcing traffic to a specific origin group.
+Finally, Azure Front Door Standard/Premium evaluates whether or not you have a [rule set](../front-door-rules-engine.md) for the matched routing rule. If there's no rule set defined, then the request gets forwarded to the origin group as-is. Otherwise, the rule sets get executed in the order they're configured. [Rule sets can override the route](../front-door-rules-engine-actions.md#origin-group-override), forcing traffic to a specific origin group.
 
 ## Next steps
 

articles/frontdoor/standard-premium/TOC.yml

@@ -92,4 +92,4 @@ For example, if I set **Preserve unmatched path to No**.
 
 ## Next steps
 
-* Learn more about [Azure Front Door Standard/Premium Rule Set](concept-rule-set.md).
+* Learn more about [Azure Front Door Standard/Premium Rule Set](../front-door-rules-engine.md).