Merge pull request #90396 from itechedit/application-gateway

edit pass: application-gateway

Author: ShawnJackson

articles/application-gateway/configure-waf-custom-rules.md

@@ -1,6 +1,6 @@
 ---
-title: Configure Web Application Firewall v2 custom rules using Azure PowerShell
-description: Learn how to configure WAF v2 custom rules using Azure PowerShell
+title: Configure web application firewall v2 custom rules by using Azure PowerShell
+description: Learn how to configure web application firewall v2 custom rules by using Azure PowerShell
 services: application-gateway
 author: vhorne
 ms.service: application-gateway
@@ -9,33 +9,32 @@ ms.date: 6/18/2019
 ms.author: victorh
 ---
 
-# Configure Web Application Firewall v2  with a custom rule using Azure PowerShell
+# Configure web application firewall v2 custom rules by using Azure PowerShell
 
 <!--- If you make any changes to the PowerShell in this article, also make the change in the corresponding Sample file: azure-docs-powershell-samples/application-gateway/waf-rules/waf-custom-rules.ps1 --->
 
-Custom rules allow you to create your own rules evaluated for each request that passes through the Web Application Firewall (WAF) v2. These rules hold a higher priority than the rest of the rules in the managed rule sets. The custom rules have an action (to allow or block), a match condition, and an operator to allow full customization.
+With custom rules, you can create your own rules, which are evaluated for each request that passes through the web application firewall (WAF). These rules hold a higher priority than the rest of the rules in the managed rule sets. To allow full customization, the custom rules have an action (to allow or block), a match condition, and an operator.
 
-This article creates an Application Gateway WAF v2 that uses a custom rule. The custom rule blocks traffic if the request header contains User-Agent *evilbot*.
+This article creates an Azure Application Gateway WAF v2 that uses a custom rule. The custom rule blocks traffic if the request header contains User-Agent *evilbot*.
 
-To see more custom rule examples, see [Create and use custom web application firewall rules](create-custom-waf-rules.md)
+To view more custom rule examples, see [Create and use custom web application firewall rules](create-custom-waf-rules.md).
 
-If you want run the Azure PowerShell in this article in one continuous script that you can copy, paste, and run, see [Azure Application Gateway PowerShell samples](powershell-samples.md).
+To run the Azure PowerShell code in this article in one continuous script that you can copy, paste, and run, see [Azure Application Gateway PowerShell samples](powershell-samples.md).
 
 ## Prerequisites
+* [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
 
-### Azure PowerShell module
+* You need an Azure PowerShell module. If you choose to install and use Azure PowerShell locally, this script requires Azure PowerShell module version 2.1.0 or later. Do the following:
 
-If you choose to install and use Azure PowerShell locally, this script requires the Azure PowerShell module version 2.1.0 or later.
-
-1. To find the version, run `Get-Module -ListAvailable Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).
-2. To create a connection with Azure, run `Connect-AzAccount`.
-
-[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
+  1. To find the version, run `Get-Module -ListAvailable Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).
+  2. To create a connection with Azure, run `Connect-AzAccount`.
 
 ## Example script
 
 ### Set up variables
 
+Run the following code:
+
 ```azurepowershell
 $rgname = "CustomRulesTest"
 
@@ -46,11 +45,15 @@ $appgwName = "WAFCustomRules"
 
 ### Create a resource group
 
+Run the following code:
+
 ```azurepowershell
 $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location
 ```
 
-### Create a VNet
+### Create a virtual network
+
+Run the following code:
 
 ```azurepowershell
 $sub1 = New-AzVirtualNetworkSubnetConfig -Name "appgwSubnet" -AddressPrefix "10.0.0.0/24"
@@ -61,14 +64,18 @@ $vnet = New-AzvirtualNetwork -Name "Vnet1" -ResourceGroupName $rgname -Location
   -AddressPrefix "10.0.0.0/16" -Subnet @($sub1, $sub2)
 ```
 
-### Create a Static Public VIP
+### Create a static public VIP
+
+Run the following code:
 
 ```azurepowershell
 $publicip = New-AzPublicIpAddress -ResourceGroupName $rgname -name "AppGwIP" `
   -location $location -AllocationMethod Static -Sku Standard
 ```
 
-### Create pool and frontend port
+### Create a pool and front-end port
+
+Run the following code:
 
 ```azurepowershell
 $gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name "appgwSubnet" -VirtualNetwork $vnet
@@ -83,7 +90,9 @@ $pool = New-AzApplicationGatewayBackendAddressPool -Name "pool1" `
 $fp01 = New-AzApplicationGatewayFrontendPort -Name "port1" -Port 80
 ```
 
-### Create a listener, http setting, rule, and autoscale
+### Create a listener, HTTP setting, rule, and autoscale
+
+Run the following code:
 
 ```azurepowershell
 $listener01 = New-AzApplicationGatewayHttpListener -Name "listener1" -Protocol Http `
@@ -102,6 +111,8 @@ $sku = New-AzApplicationGatewaySku -Name WAF_v2 -Tier WAF_v2
 
 ### Create the custom rule and apply it to WAF policy
 
+Run the following code:
+
 ```azurepowershell
 $variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector User-Agent
 
@@ -114,7 +125,9 @@ $wafPolicy = New-AzApplicationGatewayFirewallPolicy -Name wafPolicy -ResourceGro
 $wafConfig = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
 ```
 
-### Create the Application Gateway
+### Create an application gateway
+
+Run the following code:
 
 ```azurepowershell
 $appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname `
@@ -129,4 +142,4 @@ $appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName $rgname `
 
 ## Next steps
 
-[Learn more about Web Application Firewall](waf-overview.md)
+[Learn more about web application firewall](waf-overview.md)

articles/application-gateway/create-custom-waf-rules.md

@@ -1,6 +1,6 @@
 ---
-title: Create and use Azure Web Application Firewall (WAF) v2 custom rules
-description: This article provides information on how to create Web Application Firewall (WAF) v2 custom rules in Azure Application Gateway.
+title: Create and use Azure web application firewall (WAF) v2 custom rules
+description: This article discusses how to create web application firewall (WAF) v2 custom rules in Azure Application Gateway.
 services: application-gateway
 ms.topic: article
 author: vhorne
@@ -9,20 +9,20 @@ ms.date: 6/18/2019
 ms.author: victorh
 ---
 
-# Create and use Web Application Firewall v2 custom rules
+# Create and use web application firewall v2 custom rules
 
-The Azure Application Gateway Web Application Firewall (WAF) v2 provides protection for web applications. This protection is provided by the Open Web Application Security Project (OWASP) Core Rule Set (CRS). In some cases, you may need to create your own custom rules to meet your specific needs. For more information about WAF custom rules, see [Custom web application firewall rules overview](custom-waf-rules-overview.md).
+Azure Application Gateway web application firewall (WAF) v2 provides protection for web applications. This protection is provided by the Open Web Application Security Project (OWASP) core rule set. In some cases, you might need to create your own custom rules to meet your specific needs. For more information about WAF custom rules, see [Overview: Custom web application firewall rules](custom-waf-rules-overview.md).
 
-This article shows you some example custom rules that you can create and use with your v2 WAF. To learn how to deploy a WAF with a custom rule using Azure PowerShell, see [Configure Web Application Firewall custom rules using Azure PowerShell](configure-waf-custom-rules.md).
+This article shows you some example custom rules that you can create and use with WAF v2. To learn how to deploy WAF with a custom rule by using Azure PowerShell, see [Configure web application firewall custom rules by using Azure PowerShell](configure-waf-custom-rules.md).
 
->[!NOTE]
-> If your application gateway is not using the WAF tier, the option to upgrade the application gateway to the WAF tier appears in the right pane.
+> [!NOTE]
+> If your application gateway isn't using the WAF tier, the option to upgrade the application gateway to the WAF tier appears in the right pane.
 
 ![Enable WAF][fig1]
 
 ## Example 1
 
-You know there's a bot named *evilbot* that you want to block from crawling your website. In this case, you’ll block on the User-Agent *evilbot* in the request headers.
+You know there's a bot named *evilbot* that you want to block from crawling your website. In this example, you block the User-Agent *evilbot* in the request headers.
 
 Logic: p
 
@@ -46,7 +46,7 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Action Block
 ```
 
-And here is the corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
   {
@@ -70,11 +70,11 @@ And here is the corresponding JSON:
   }
 ```
 
-To see a WAF deployed using this custom rule, see [Configure a Web Application Firewall custom rule using Azure PowerShell](configure-waf-custom-rules.md).
+To view a WAF that's deployed by using this custom rule, see [Configure a web application firewall custom rule by using Azure PowerShell](configure-waf-custom-rules.md).
 
 ### Example 1a
 
-You can accomplish the same thing using a regular expression:
+You can accomplish the same thing by using a regular expression:
 
 ```azurepowershell
 $variable = New-AzApplicationGatewayFirewallMatchVariable `
@@ -96,7 +96,7 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Action Block
 ```
 
-And the corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
   {
@@ -124,7 +124,7 @@ And the corresponding JSON:
 
 You want to block all requests from IP addresses in the range 198.168.5.0/24.
 
-In this example, you'll block all traffic that comes from an IP addresses range. The name of the rule is *myrule1* and the priority is set to 100.
+In this example, you block all traffic that comes from a range of IP addresses. The name of the rule is *myrule1*, and the priority is set to 100.
 
 Logic: p
 
@@ -146,7 +146,7 @@ $rule = New-AzApplicationGatewayFirewallCustomRule `
    -Action Block
 ```
 
-Here's the corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
   {
@@ -170,14 +170,15 @@ Here's the corresponding JSON:
   }
 ```
 
-Corresponding CRS rule:
+Here's the corresponding core rule set rule:
+
   `SecRule REMOTE_ADDR "@ipMatch 192.168.5.0/24" "id:7001,deny"`
 
 ## Example 3
 
-For this example, you want to block User-Agent *evilbot*, and traffic in the range 192.168.5.0/24. To accomplish this, you can create two separate match conditions, and put them both in the same rule. This ensures that if both *evilbot* in the User-Agent header **and** IP addresses from the range 192.168.5.0/24 are matched, then the request is blocked.
+For this example, you want to block User-Agent *evilbot*, and traffic in the range 192.168.5.0/24. To achieve this result, you can create two separate match conditions and put them both in the same rule. This approach ensures that if both *evilbot* in the User-Agent header *and* IP addresses from the range 192.168.5.0/24 are matched, the request is blocked.
 
-Logic: p **and** q
+Logic: p *and* q
 
 ```azurepowershell
 $variable1 = New-AzApplicationGatewayFirewallMatchVariable `
@@ -208,7 +209,7 @@ $condition2 = New-AzApplicationGatewayFirewallCondition `
    -Action Block
 ```
 
-Here's the corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
 { 
@@ -247,9 +248,9 @@ Here's the corresponding JSON:
 
 ## Example 4
 
-For this example, you want to block if the request is either outside of the IP address range *192.168.5.0/24*, or the user agent string isn't *chrome* (meaning the user isn’t using the Chrome browser). Since this logic uses **or**, the two conditions are in separate rules as seen in the following example. *myrule1* and *myrule2* both need to match to block the traffic.
+For this example, you want to block if the request is either outside of the IP address range *192.168.5.0/24*, or the user agent string isn't *chrome* (that is, the user isn’t using the Chrome browser). Because this logic uses *or*, the two conditions are in separate rules, as shown in the following example. To block the traffic, both *myrule1* and *myrule2* need to match.
 
-Logic: **not** (p **and** q) = **not** p **or not** q.
+Logic: *not* (p *and* q) = *not* p *or not* q.
 
 ```azurepowershell
 $variable1 = New-AzApplicationGatewayFirewallMatchVariable `
@@ -287,7 +288,7 @@ $rule2 = New-AzApplicationGatewayFirewallCustomRule `
    -Action Block
 ```
 
-And the corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
 {
@@ -334,9 +335,9 @@ And the corresponding JSON:
 
 ## Example 5
 
-You want to block custom SQLI. Since the logic used here is **or**, and all the values are in the *RequestUri*, all of the *MatchValues* can be in a comma-separated list.
+You want to block custom SQLI. Because the logic used here is *or* and all the values are in the *RequestUri*, all the *MatchValues* can be in a comma-separated list.
 
-Logic: p **or** q **or** r
+Logic: p *or* q *or* r
 
 ```azurepowershell
 $variable1 = New-AzApplicationGatewayFirewallMatchVariable `
@@ -355,7 +356,7 @@ $rule1 = New-AzApplicationGatewayFirewallCustomRule `
    -Action Block
 ```
 
-Corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
   {
@@ -381,7 +382,7 @@ Corresponding JSON:
   }
 ```
 
-Alternative Azure PowerShell:
+Here's the alternative Azure PowerShell code:
 
 ```azurepowershell
 $variable1 = New-AzApplicationGatewayFirewallMatchVariable `
@@ -432,7 +433,7 @@ $rule3 = New-AzApplicationGatewayFirewallCustomRule `
    -Action Block
 ```
 
-Corresponding JSON:
+Here's the corresponding JSON code:
 
 ```json
   {