Merge pull request #102799 from vhorne/waf-geo

Start geomatch overview article

Author: Kellylorenebaker

articles/web-application-firewall/ag/custom-waf-rules-overview.md

@@ -5,7 +5,7 @@ services: web-application-firewall
 ms.topic: article
 author: vhorne
 ms.service: web-application-firewall
-ms.date: 10/04/2019
+ms.date: 01/30/2020
 ms.author: victorh
 ---
 
@@ -17,7 +17,7 @@ Custom rules allow you to create your own rules that are evaluated for each requ
 
 For example, you can block all requests from an IP address in the range 192.168.5.4/24. In this rule, the operator is *IPMatch*, the matchValues is the IP address range (192.168.5.4/24), and the action is to block the traffic. You also set the rule’s name and priority.
 
-Custom rules support using compounding logic to make more advanced rules that address your security needs. For example, (Condition 1 **and** Condition 2) **or** Condition 3).  This example means that if Condition 1 **and** Condition 2 are met, **or** if Condition 3 is met, the WAF should take the action specified in the custom rule.
+Custom rules support using compounding logic to make more advanced rules that address your security needs. For example, (Condition 1 **and** Condition 2) **or** Condition 3). This means that if Condition 1 **and** Condition 2 are met, **or** if Condition 3 is met, the WAF should take the action specified in the custom rule.
 
 Different matching conditions within the same rule are always compounded using **and**. For example, block traffic from a specific IP address, and only if they’re using a certain browser.
 
@@ -26,7 +26,7 @@ If you want to **or** two different conditions, the two conditions must be in di
 > [!NOTE]
 > The maximum number of WAF custom rules is 100. For more information about Application Gateway limits, see [Azure subscription and service limits, quotas, and constraints](../../azure-resource-manager/management/azure-subscription-service-limits.md#application-gateway-limits).
 
-Regular expressions are also supported in custom rules, just like in the CRS rulesets. For examples of these, see Examples 3 and 5 in [Create and use custom web application firewall rules](create-custom-waf-rules.md).
+Regular expressions are also supported in custom rules, just like in the CRS rulesets. For examples, see Examples 3 and 5 in [Create and use custom web application firewall rules](create-custom-waf-rules.md).
 
 ## Allowing vs. blocking
 
@@ -87,7 +87,7 @@ This custom rule contains a name, priority, an action, and the array of matching
 
 ### Name [optional]
 
-This is the name of the rule. This name appears in the logs.
+The name of the rule.  It appears in the logs.
 
 ### Priority [required]
 
@@ -152,198 +152,13 @@ List of values to match against, which can be thought of as being *OR*'ed. For e
 
 ### Action [required]
 
-- Allow – Authorizes the transaction, skipping all subsequent rules. This means that the specified request is added to the allow list and once matched, the request stops further evaluation and is sent to the backend pool. Rules that are on the allow list aren't evaluated for any further custom rules or managed rules.
-- Block – Blocks the transaction based on *SecDefaultAction* (detection/prevention mode). Just like the Allow action, once the request is evaluated and added to the block list, evaluation is stopped and the request is blocked. Any request after that meets the same conditions will not be evaluated and will just be blocked. 
-- Log – Lets the rule write to the log, but lets the rest of the rules run for evaluation. Subsequent custom rules are evaluated in order of priority, followed by the managed rules.
+- Allow – Authorizes the transaction, skipping all other rules. The specified request is added to the allow list and once matched, the request stops further evaluation and is sent to the backend pool. Rules that are on the allow list aren't evaluated for any further custom rules or managed rules.
+- Block – Blocks the transaction based on *SecDefaultAction* (detection/prevention mode). Just like the Allow action, once the request is evaluated and added to the block list, evaluation is stopped and the request is blocked. Any request after that meets the same conditions won't be evaluated and will just be blocked. 
+- Log – Lets the rule write to the log, but lets the rest of the rules run for evaluation. The other custom rules are evaluated in order of priority, followed by the managed rules.
 
 ## Geomatch custom rules (preview)
 
-Custom rules allow for the creation of tailored rules to suit the exact needs of your applications, and your security policies. Now, you are able restrict access to your web applications by country/region, which is available in public preview. As with all custom rules, this logic can be compounded with other rules to suit the needs of your application. 
-
-   > [!NOTE]
-   > Geomatch custom rules are available in South Central US and North Europe. To access them in the portal, please use [this link](https://aka.ms/AppGWWAFGeoMatch) until it goes live for everyone. 
-
-If you are using the Geomatch operator, the selectors can be any of the following two-digit country codes. 
-
-|Country code | Country name |
-| ----- | ----- |
-| AD | Andorra |
-| AE | United Arab Emirates|
-| AF | Afghanistan|
-| AG | Antigua and Barbuda|
-| AL | Albania|
-| AM | Armenia|
-| AO | Angola|
-| AR | Argentina|
-| AS | American Samoa|
-| AT | Austria|
-| AU | Australia|
-| AZ | Azerbaijan|
-| BA | Bosnia and Herzegovina|
-| BB | Barbados|
-| BD | Bangladesh|
-| BE | Belgium|
-| BF | Burkina Faso|
-| BG | Bulgaria|
-| BH | Bahrain|
-| BI | Burundi|
-| BJ | Benin|
-| BL | Saint Barthélemy|
-| BN | Brunei Darussalam|
-| BO | Bolivia|
-| BR | Brazil|
-| BS | Bahamas|
-| BT | Bhutan|
-| BW | Botswana|
-| BY | Belarus|
-| BZ | Belize|
-| CA | Canada|
-| CD | Democratic Republic of the Congo|
-| CF | Central African Republic|
-| CH | Switzerland|
-| CI | Cote d'Ivoire|
-| CL | Chile|
-| CM | Cameroon|
-| CN | China|
-| CO | Colombia|
-| CR | Costa Rica|
-| CU | Cuba|
-| CV | Cabo Verde|
-| CY | Cyprus|
-| CZ | Czech Republic|
-| DE | Germany|
-| DK | Denmark|
-| DO | Dominican Republic|
-| DZ | Algeria|
-| EC | Ecuador|
-| EE | Estonia|
-| EG | Egypt|
-| ES | Spain|
-| ET | Ethiopia|
-| FI | Finland|
-| FJ | Fiji|
-| FM | Micronesia, Federated States of|
-| FR | France|
-| GB | United Kingdom|
-| GE | Georgia|
-| GF | French Guiana|
-| GH | Ghana|
-| GN | Guinea|
-| GP | Guadeloupe|
-| GR | Greece|
-| GT | Guatemala|
-| GY | Guyana|
-| HK | Hong Kong SAR|
-| HN | Honduras|
-| HR | Croatia|
-| HT | Haiti|
-| HU | Hungary|
-| ID | Indonesia|
-| IE | Ireland|
-| IL | Israel|
-| IN | India|
-| IQ | Iraq|
-| IR | Iran, Islamic Republic of|
-| IS | Iceland|
-| IT | Italy|
-| JM | Jamaica|
-| JO | Jordan|
-| JP | Japan|
-| KE | Kenya|
-| KG | Kyrgyzstan|
-| KH | Cambodia|
-| KI | Kiribati|
-| KN | Saint Kitts and Nevis|
-| KP | Korea, Democratic People's Republic of|
-| KR | Korea, Republic of|
-| KW | Kuwait|
-| KY | Cayman Islands|
-| KZ | Kazakhstan|
-| LA | Lao People's Democratic Republic|
-| LB | Lebanon|
-| LI | Liechtenstein|
-| LK | Sri Lanka|
-| LR | Liberia|
-| LS | Lesotho|
-| LT | Lithuania|
-| LU | Luxembourg|
-| LV | Latvia|
-| LY | Libya |
-| MA | Morocco|
-| MD | Moldova, Republic of|
-| MG | Madagascar|
-| MK | North Macedonia|
-| ML | Mali|
-| MM | Myanmar|
-| MN | Mongolia|
-| MO | Macao SAR|
-| MQ | Martinique|
-| MR | Mauritania|
-| MT | Malta|
-| MV | Maldives|
-| MW | Malawi|
-| MX | Mexico|
-| MY | Malaysia|
-| MZ | Mozambique|
-| NA | Namibia|
-| NE | Niger|
-| NG | Nigeria|
-| NI | Nicaragua|
-| NL | Netherlands|
-| NO | Norway|
-| NP | Nepal|
-| NR | Nauru|
-| NZ | New Zealand|
-| OM | Oman|
-| PA | Panama|
-| PE | Peru|
-| PH | Philippines|
-| PK | Pakistan|
-| PL | Poland|
-| PR | Puerto Rico|
-| PT | Portugal|
-| PW | Palau|
-| PY | Paraguay|
-| QA | Qatar|
-| RE | Reunion|
-| RO | Romania|
-| RS | Serbia|
-| RU | Russian Federation|
-| RW | Rwanda|
-| SA | Saudi Arabia|
-| SD | Sudan|
-| SE | Sweden|
-| SG | Singapore|
-| SI | Slovenia|
-| SK | Slovakia|
-| SN | Senegal|
-| SO | Somalia|
-| SR | Suriname|
-| SS | South Sedan|
-| SV | El Salvador|
-| SY | Syrian Arab Republic|
-| SZ | Swaziland|
-| TC | Turks and Caicos Islands|
-| TG | Togo|
-| TH | Thailand|
-| TN | Tunisia|
-| TR | Turkey|
-| TT | Trinidad and Tobago|
-| TW | Taiwan|
-| TZ | Tanzania, United Republic of|
-| UA | Ukraine|
-| UG | Uganda|
-| US | United States|
-| UY | Uruguay|
-| UZ | Uzbekistan|
-| VC | Saint Vincent and the Grenadines|
-| VE | Venezuela|
-| VG | Virgin Islands, British|
-| VI | Virgin Islands, U.S.|
-| VN | Vietnam|
-| ZA | South Africa|
-| ZM | Zambia|
-| ZW | Zimbabwe|
+Custom rules let you create tailored rules to suit the exact needs of your applications and security policies. You can restrict access to your web applications by country/region. For more information, see [Geomatch custom rules (preview)](geomatch-custom-rules.md).
 
 ## Next steps