last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service

Policy DisplayName Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service
Policy Id f6b68e5a-7207-4638-a1fb-47d90404209e
Policy Category Network
Policy Description Mandates detect or prevent mode to be active on all Web Application Firewall policies for Azure Front Door and Application Gateway. Web Application Firewall policies can have a consistent mode configuration across a resource group.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Deny
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-06-11 19:46:04 add: Policy f6b68e5a-7207-4638-a1fb-47d90404209e
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Mandates detect or prevent mode to be active on all Web Application Firewall policies for Azure Front Door and Application Gateway. Web Application Firewall policies can have a consistent mode configuration across a resource group.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Deny"
      },
      "modeRequirement": {
        "type": "String",
        "metadata": {
          "displayName": "Mode Requirement",
          "description": "Mode required for all WAF policies"
        },
        "allowedValues": [
          "Prevention",
          "Detection"
        ],
        "defaultValue": "Detection"
      }
    },
    "policyRule": {
      "if": {
        "anyOf": [
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
              },
              {
                "field": "Microsoft.Network/frontdoorWebApplicationFirewallPolicies/policySettings.mode",
              "notEquals": "[parameters('modeRequirement')]"
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies"
              },
              {
                "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.mode",
              "notEquals": "[parameters('modeRequirement')]"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/f6b68e5a-7207-4638-a1fb-47d90404209e",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "f6b68e5a-7207-4638-a1fb-47d90404209e"
}