Merge pull request #232057 from Miskatonic-Electronic/patch-39

Update create-custom-waf-rules.md

Author: prmerger-automator[bot]

articles/web-application-firewall/ag/create-custom-waf-rules.md

@@ -6,7 +6,7 @@ services: web-application-firewall
 ms.topic: article
 author: vhorne
 ms.service: web-application-firewall
-ms.date: 08/22/2022
+ms.date: 04/06/2023
 ms.author: victorh 
 ms.custom: devx-track-azurepowershell
 ---
@@ -26,7 +26,7 @@ The JSON snippets shown in this article are derived from a [ApplicationGatewayWe
 
 ## Example 1
 
-You know there's a bot named *evilbot* that you want to block from crawling your website. In this case, you’ll block on the User-Agent *evilbot* in the request headers.
+You know there's a bot named *evilbot* that you want to block from crawling your website. In this case, you block on the User-Agent *evilbot* in the request headers.
 
 Logic: p
 
@@ -47,10 +47,11 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 2 `
    -RuleType MatchRule `
    -MatchCondition $condition `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
-And here is the corresponding JSON:
+And here's the corresponding JSON:
 
 ```json
 {
@@ -60,6 +61,7 @@ And here is the corresponding JSON:
       "priority": 2,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -106,7 +108,8 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 2 `
    -RuleType MatchRule `
    -MatchCondition $condition `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
 And the corresponding JSON:
@@ -119,6 +122,7 @@ And the corresponding JSON:
       "priority": 2,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -144,7 +148,7 @@ And the corresponding JSON:
 
 ## Example 2
 
-You want to allow traffic only from the US using the GeoMatch operator and still have the managed rules apply:
+You want to allow traffic only from the United States using the GeoMatch operator and still have the managed rules apply:
 
 ```azurepowershell
 $variable = New-AzApplicationGatewayFirewallMatchVariable `
@@ -162,7 +166,8 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 2 `
    -RuleType MatchRule `
    -MatchCondition $condition `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
 And the corresponding JSON:
@@ -175,6 +180,7 @@ And the corresponding JSON:
       "priority": 2,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -201,7 +207,7 @@ And the corresponding JSON:
 
 You want to block all requests from IP addresses in the range 198.168.5.0/24.
 
-In this example, you'll block all traffic that comes from an IP addresses range. The name of the rule is *myrule1* and the priority is set to 10.
+In this example, you block all traffic that comes from an IP addresses range. The name of the rule is *myrule1* and the priority is set to 10.
 
 Logic: p
 
@@ -220,7 +226,8 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 10 `
    -RuleType MatchRule `
    -MatchCondition $condition1 `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
 Here's the corresponding JSON:
@@ -233,6 +240,7 @@ Here's the corresponding JSON:
       "priority": 10,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -258,7 +266,7 @@ Corresponding CRS rule:
 
 ## Example 4
 
-For this example, you want to block User-Agent *evilbot*, and traffic in the range 192.168.5.0/24. To accomplish this, you can create two separate match conditions, and put them both in the same rule. This ensures that if both *evilbot* in the User-Agent header **and** IP addresses from the range 192.168.5.0/24 are matched, then the request is blocked.
+For this example, you want to block User-Agent *evilbot*, and traffic in the range 192.168.5.0/24. To accomplish this action, you can create two separate match conditions, and put them both in the same rule. This configuration ensures that if both *evilbot* in the User-Agent header **and** IP addresses from the range 192.168.5.0/24 are matched, then the request is blocked.
 
 Logic: p **and** q
 
@@ -288,7 +296,8 @@ $condition2 = New-AzApplicationGatewayFirewallCondition `
    -Priority 10 `
    -RuleType MatchRule `
    -MatchCondition $condition1, $condition2 `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
 Here's the corresponding JSON:
@@ -301,6 +310,7 @@ Here's the corresponding JSON:
       "priority": 10,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -369,14 +379,16 @@ $rule1 = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 10 `
    -RuleType MatchRule `
    -MatchCondition $condition1 `
-   -Action Block
+   -Action Block `
+   -State Enabled
 
 $rule2 = New-AzApplicationGatewayFirewallCustomRule `
    -Name myrule2 `
    -Priority 20 `
    -RuleType MatchRule `
    -MatchCondition $condition2 `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
 And the corresponding JSON:
@@ -389,6 +401,7 @@ And the corresponding JSON:
       "priority": 10,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -410,6 +423,7 @@ And the corresponding JSON:
       "priority": 20,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -456,7 +470,8 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 2 `
    -RuleType MatchRule `
    -MatchCondition $condition `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
 Corresponding JSON:
@@ -469,6 +484,7 @@ Corresponding JSON:
       "priority": 2,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [
@@ -493,7 +509,7 @@ Corresponding JSON:
 
 ## Example 7
 
-It is not uncommon to see Azure Front Door deployed in front of Application Gateway. In order to make sure the traffic received by Application Gateway comes from the Front Door deployment, the best practice is to check if the `X-Azure-FDID` header contains the expected unique value.  For more information on this, please see [How to lock down the access to my backend to only Azure Front Door](../../frontdoor/front-door-faq.yml#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door-)
+It isn't uncommon to see Azure Front Door deployed in front of Application Gateway. In order to make sure the traffic received by Application Gateway comes from the Front Door deployment, the best practice is to check if the `X-Azure-FDID` header contains the expected unique value.  For more information on securing access to your application using Azure Front Door, see [How to lock down the access to my backend to only Azure Front Door](../../frontdoor/front-door-faq.yml#how-do-i-lock-down-the-access-to-my-backend-to-only-azure-front-door-)
 
 Logic: **not** p
 
@@ -515,10 +531,11 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Priority 2 `
    -RuleType MatchRule `
    -MatchCondition $condition `
-   -Action Block
+   -Action Block `
+   -State Enabled
 ```
 
-And here is the corresponding JSON:
+And here's the corresponding JSON:
 
 ```json
 {
@@ -528,6 +545,7 @@ And here is the corresponding JSON:
       "priority": 2,
       "ruleType": "MatchRule",
       "action": "Block",
+      "state": "Enabled",
       "matchConditions": [
         {
           "matchVariables": [