last sync: 2020-Dec-01 15:11:26 UTC

Azure Policy definition

[Deprecated]: Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service

Name [Deprecated]: Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service
Azure Portal
Id f6b68e5a-7207-4638-a1fb-47d90404209e
Version 1.0.0-deprecated
details on versioning
Category Network
Microsoft docs
Description Mandates detect or prevent mode to be active on all Web Application Firewall policies for Azure Front Door and Application Gateway. Web Application Firewall policies can have a consistent mode configuration across a resource group.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: Deny
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-07-08 14:28:08 change Previous DisplayName: Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service
2020-06-11 19:46:04 add f6b68e5a-7207-4638-a1fb-47d90404209e
Used in Initiatives none
Json
{
  "properties": {
  "displayName": "[Deprecated]: Web Application Firewall should be a set mode for Application Gateway and Azure Front Door Service",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Mandates detect or prevent mode to be active on all Web Application Firewall policies for Azure Front Door and Application Gateway. Web Application Firewall policies can have a consistent mode configuration across a resource group.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Network",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Deny"
      },
      "modeRequirement": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Mode Requirement",
          "description": "Mode required for all WAF policies"
        },
        "allowedValues": [
          "Prevention",
          "Detection"
        ],
        "defaultValue": "Detection"
      }
    },
    "policyRule": {
      "if": {
        "anyOf": [
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Network/frontdoorwebapplicationfirewallpolicies"
              },
              {
                "field": "Microsoft.Network/frontdoorWebApplicationFirewallPolicies/policySettings.mode",
              "notEquals": "[parameters('modeRequirement')]"
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies"
              },
              {
                "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.mode",
              "notEquals": "[parameters('modeRequirement')]"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/f6b68e5a-7207-4638-a1fb-47d90404209e",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "f6b68e5a-7207-4638-a1fb-47d90404209e"
}