Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Azure Native v2
  3. API Docs
  4. cdn
  5. Policy
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
pulumi/pulumi-azure-native

azure-native-v2.cdn.Policy

Explore with Pulumi AI

These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
pulumi/pulumi-azure-native

Defines web application firewall policy for Azure CDN. Azure REST API version: 2023-05-01. Prior API version in Azure Native 1.x: 2020-09-01.

Other available API versions: 2023-07-01-preview, 2024-02-01, 2024-05-01-preview, 2024-06-01-preview, 2024-09-01.

Example Usage

Creates specific policy

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policy = new AzureNative.Cdn.Policy("policy", new()
    {
        CustomRules = new AzureNative.Cdn.Inputs.CustomRuleListArgs
        {
            Rules = new[]
            {
                new AzureNative.Cdn.Inputs.CustomRuleArgs
                {
                    Action = AzureNative.Cdn.ActionType.Block,
                    EnabledState = AzureNative.Cdn.CustomRuleEnabledState.Enabled,
                    MatchConditions = new[]
                    {
                        new AzureNative.Cdn.Inputs.MatchConditionArgs
                        {
                            MatchValue = new[]
                            {
                                "CH",
                            },
                            MatchVariable = AzureNative.Cdn.WafMatchVariable.RemoteAddr,
                            NegateCondition = false,
                            Operator = AzureNative.Cdn.Operator.GeoMatch,
                            Transforms = new() { },
                        },
                        new AzureNative.Cdn.Inputs.MatchConditionArgs
                        {
                            MatchValue = new[]
                            {
                                "windows",
                            },
                            MatchVariable = AzureNative.Cdn.WafMatchVariable.RequestHeader,
                            NegateCondition = false,
                            Operator = AzureNative.Cdn.Operator.Contains,
                            Selector = "UserAgent",
                            Transforms = new() { },
                        },
                        new AzureNative.Cdn.Inputs.MatchConditionArgs
                        {
                            MatchValue = new[]
                            {
                                "<?php",
                                "?>",
                            },
                            MatchVariable = AzureNative.Cdn.WafMatchVariable.QueryString,
                            NegateCondition = false,
                            Operator = AzureNative.Cdn.Operator.Contains,
                            Selector = "search",
                            Transforms = new[]
                            {
                                AzureNative.Cdn.TransformType.UrlDecode,
                                AzureNative.Cdn.TransformType.Lowercase,
                            },
                        },
                    },
                    Name = "CustomRule1",
                    Priority = 2,
                },
            },
        },
        Location = "global",
        ManagedRules = new AzureNative.Cdn.Inputs.ManagedRuleSetListArgs
        {
            ManagedRuleSets = new[]
            {
                new AzureNative.Cdn.Inputs.ManagedRuleSetArgs
                {
                    RuleGroupOverrides = new[]
                    {
                        new AzureNative.Cdn.Inputs.ManagedRuleGroupOverrideArgs
                        {
                            RuleGroupName = "Group1",
                            Rules = new[]
                            {
                                new AzureNative.Cdn.Inputs.ManagedRuleOverrideArgs
                                {
                                    Action = AzureNative.Cdn.ActionType.Redirect,
                                    EnabledState = AzureNative.Cdn.ManagedRuleEnabledState.Enabled,
                                    RuleId = "GROUP1-0001",
                                },
                                new AzureNative.Cdn.Inputs.ManagedRuleOverrideArgs
                                {
                                    EnabledState = AzureNative.Cdn.ManagedRuleEnabledState.Disabled,
                                    RuleId = "GROUP1-0002",
                                },
                            },
                        },
                    },
                    RuleSetType = "DefaultRuleSet",
                    RuleSetVersion = "preview-1.0",
                },
            },
        },
        PolicyName = "MicrosoftCdnWafPolicy",
        PolicySettings = new AzureNative.Cdn.Inputs.PolicySettingsArgs
        {
            DefaultCustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
            DefaultCustomBlockResponseStatusCode = 200,
            DefaultRedirectUrl = "http://www.bing.com",
        },
        RateLimitRules = new AzureNative.Cdn.Inputs.RateLimitRuleListArgs
        {
            Rules = new[]
            {
                new AzureNative.Cdn.Inputs.RateLimitRuleArgs
                {
                    Action = AzureNative.Cdn.ActionType.Block,
                    EnabledState = AzureNative.Cdn.CustomRuleEnabledState.Enabled,
                    MatchConditions = new[]
                    {
                        new AzureNative.Cdn.Inputs.MatchConditionArgs
                        {
                            MatchValue = new[]
                            {
                                "192.168.1.0/24",
                                "10.0.0.0/24",
                            },
                            MatchVariable = AzureNative.Cdn.WafMatchVariable.RemoteAddr,
                            NegateCondition = false,
                            Operator = AzureNative.Cdn.Operator.IPMatch,
                            Transforms = new() { },
                        },
                    },
                    Name = "RateLimitRule1",
                    Priority = 1,
                    RateLimitDurationInMinutes = 0,
                    RateLimitThreshold = 1000,
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Cdn.Inputs.SkuArgs
        {
            Name = AzureNative.Cdn.SkuName.Standard_Microsoft,
        },
    });

});
Copy
package main

import (
	cdn "github.com/pulumi/pulumi-azure-native-sdk/cdn/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cdn.NewPolicy(ctx, "policy", &cdn.PolicyArgs{
			CustomRules: &cdn.CustomRuleListArgs{
				Rules: cdn.CustomRuleArray{
					&cdn.CustomRuleArgs{
						Action:       pulumi.String(cdn.ActionTypeBlock),
						EnabledState: pulumi.String(cdn.CustomRuleEnabledStateEnabled),
						MatchConditions: cdn.MatchConditionArray{
							&cdn.MatchConditionArgs{
								MatchValue: pulumi.StringArray{
									pulumi.String("CH"),
								},
								MatchVariable:   pulumi.String(cdn.WafMatchVariableRemoteAddr),
								NegateCondition: pulumi.Bool(false),
								Operator:        pulumi.String(cdn.OperatorGeoMatch),
								Transforms:      pulumi.StringArray{},
							},
							&cdn.MatchConditionArgs{
								MatchValue: pulumi.StringArray{
									pulumi.String("windows"),
								},
								MatchVariable:   pulumi.String(cdn.WafMatchVariableRequestHeader),
								NegateCondition: pulumi.Bool(false),
								Operator:        pulumi.String(cdn.OperatorContains),
								Selector:        pulumi.String("UserAgent"),
								Transforms:      pulumi.StringArray{},
							},
							&cdn.MatchConditionArgs{
								MatchValue: pulumi.StringArray{
									pulumi.String("<?php"),
									pulumi.String("?>"),
								},
								MatchVariable:   pulumi.String(cdn.WafMatchVariableQueryString),
								NegateCondition: pulumi.Bool(false),
								Operator:        pulumi.String(cdn.OperatorContains),
								Selector:        pulumi.String("search"),
								Transforms: pulumi.StringArray{
									pulumi.String(cdn.TransformTypeUrlDecode),
									pulumi.String(cdn.TransformTypeLowercase),
								},
							},
						},
						Name:     pulumi.String("CustomRule1"),
						Priority: pulumi.Int(2),
					},
				},
			},
			Location: pulumi.String("global"),
			ManagedRules: &cdn.ManagedRuleSetListArgs{
				ManagedRuleSets: cdn.ManagedRuleSetArray{
					&cdn.ManagedRuleSetArgs{
						RuleGroupOverrides: cdn.ManagedRuleGroupOverrideArray{
							&cdn.ManagedRuleGroupOverrideArgs{
								RuleGroupName: pulumi.String("Group1"),
								Rules: cdn.ManagedRuleOverrideArray{
									&cdn.ManagedRuleOverrideArgs{
										Action:       pulumi.String(cdn.ActionTypeRedirect),
										EnabledState: pulumi.String(cdn.ManagedRuleEnabledStateEnabled),
										RuleId:       pulumi.String("GROUP1-0001"),
									},
									&cdn.ManagedRuleOverrideArgs{
										EnabledState: pulumi.String(cdn.ManagedRuleEnabledStateDisabled),
										RuleId:       pulumi.String("GROUP1-0002"),
									},
								},
							},
						},
						RuleSetType:    pulumi.String("DefaultRuleSet"),
						RuleSetVersion: pulumi.String("preview-1.0"),
					},
				},
			},
			PolicyName: pulumi.String("MicrosoftCdnWafPolicy"),
			PolicySettings: &cdn.PolicySettingsArgs{
				DefaultCustomBlockResponseBody:       pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
				DefaultCustomBlockResponseStatusCode: pulumi.Int(200),
				DefaultRedirectUrl:                   pulumi.String("http://www.bing.com"),
			},
			RateLimitRules: &cdn.RateLimitRuleListArgs{
				Rules: cdn.RateLimitRuleArray{
					&cdn.RateLimitRuleArgs{
						Action:       pulumi.String(cdn.ActionTypeBlock),
						EnabledState: pulumi.String(cdn.CustomRuleEnabledStateEnabled),
						MatchConditions: cdn.MatchConditionArray{
							&cdn.MatchConditionArgs{
								MatchValue: pulumi.StringArray{
									pulumi.String("192.168.1.0/24"),
									pulumi.String("10.0.0.0/24"),
								},
								MatchVariable:   pulumi.String(cdn.WafMatchVariableRemoteAddr),
								NegateCondition: pulumi.Bool(false),
								Operator:        pulumi.String(cdn.OperatorIPMatch),
								Transforms:      pulumi.StringArray{},
							},
						},
						Name:                       pulumi.String("RateLimitRule1"),
						Priority:                   pulumi.Int(1),
						RateLimitDurationInMinutes: pulumi.Int(0),
						RateLimitThreshold:         pulumi.Int(1000),
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &cdn.SkuArgs{
				Name: pulumi.String(cdn.SkuName_Standard_Microsoft),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.cdn.Policy;
import com.pulumi.azurenative.cdn.PolicyArgs;
import com.pulumi.azurenative.cdn.inputs.CustomRuleListArgs;
import com.pulumi.azurenative.cdn.inputs.ManagedRuleSetListArgs;
import com.pulumi.azurenative.cdn.inputs.PolicySettingsArgs;
import com.pulumi.azurenative.cdn.inputs.RateLimitRuleListArgs;
import com.pulumi.azurenative.cdn.inputs.SkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policy = new Policy("policy", PolicyArgs.builder()
            .customRules(CustomRuleListArgs.builder()
                .rules(CustomRuleArgs.builder()
                    .action("Block")
                    .enabledState("Enabled")
                    .matchConditions(                    
                        MatchConditionArgs.builder()
                            .matchValue("CH")
                            .matchVariable("RemoteAddr")
                            .negateCondition(false)
                            .operator("GeoMatch")
                            .transforms()
                            .build(),
                        MatchConditionArgs.builder()
                            .matchValue("windows")
                            .matchVariable("RequestHeader")
                            .negateCondition(false)
                            .operator("Contains")
                            .selector("UserAgent")
                            .transforms()
                            .build(),
                        MatchConditionArgs.builder()
                            .matchValue(                            
                                "<?php",
                                "?>")
                            .matchVariable("QueryString")
                            .negateCondition(false)
                            .operator("Contains")
                            .selector("search")
                            .transforms(                            
                                "UrlDecode",
                                "Lowercase")
                            .build())
                    .name("CustomRule1")
                    .priority(2)
                    .build())
                .build())
            .location("global")
            .managedRules(ManagedRuleSetListArgs.builder()
                .managedRuleSets(ManagedRuleSetArgs.builder()
                    .ruleGroupOverrides(ManagedRuleGroupOverrideArgs.builder()
                        .ruleGroupName("Group1")
                        .rules(                        
                            ManagedRuleOverrideArgs.builder()
                                .action("Redirect")
                                .enabledState("Enabled")
                                .ruleId("GROUP1-0001")
                                .build(),
                            ManagedRuleOverrideArgs.builder()
                                .enabledState("Disabled")
                                .ruleId("GROUP1-0002")
                                .build())
                        .build())
                    .ruleSetType("DefaultRuleSet")
                    .ruleSetVersion("preview-1.0")
                    .build())
                .build())
            .policyName("MicrosoftCdnWafPolicy")
            .policySettings(PolicySettingsArgs.builder()
                .defaultCustomBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
                .defaultCustomBlockResponseStatusCode(200)
                .defaultRedirectUrl("http://www.bing.com")
                .build())
            .rateLimitRules(RateLimitRuleListArgs.builder()
                .rules(RateLimitRuleArgs.builder()
                    .action("Block")
                    .enabledState("Enabled")
                    .matchConditions(MatchConditionArgs.builder()
                        .matchValue(                        
                            "192.168.1.0/24",
                            "10.0.0.0/24")
                        .matchVariable("RemoteAddr")
                        .negateCondition(false)
                        .operator("IPMatch")
                        .transforms()
                        .build())
                    .name("RateLimitRule1")
                    .priority(1)
                    .rateLimitDurationInMinutes(0)
                    .rateLimitThreshold(1000)
                    .build())
                .build())
            .resourceGroupName("rg1")
            .sku(SkuArgs.builder()
                .name("Standard_Microsoft")
                .build())
            .build());

    }
}
Copy
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policy = new azure_native.cdn.Policy("policy", {
    customRules: {
        rules: [{
            action: azure_native.cdn.ActionType.Block,
            enabledState: azure_native.cdn.CustomRuleEnabledState.Enabled,
            matchConditions: [
                {
                    matchValue: ["CH"],
                    matchVariable: azure_native.cdn.WafMatchVariable.RemoteAddr,
                    negateCondition: false,
                    operator: azure_native.cdn.Operator.GeoMatch,
                    transforms: [],
                },
                {
                    matchValue: ["windows"],
                    matchVariable: azure_native.cdn.WafMatchVariable.RequestHeader,
                    negateCondition: false,
                    operator: azure_native.cdn.Operator.Contains,
                    selector: "UserAgent",
                    transforms: [],
                },
                {
                    matchValue: [
                        "<?php",
                        "?>",
                    ],
                    matchVariable: azure_native.cdn.WafMatchVariable.QueryString,
                    negateCondition: false,
                    operator: azure_native.cdn.Operator.Contains,
                    selector: "search",
                    transforms: [
                        azure_native.cdn.TransformType.UrlDecode,
                        azure_native.cdn.TransformType.Lowercase,
                    ],
                },
            ],
            name: "CustomRule1",
            priority: 2,
        }],
    },
    location: "global",
    managedRules: {
        managedRuleSets: [{
            ruleGroupOverrides: [{
                ruleGroupName: "Group1",
                rules: [
                    {
                        action: azure_native.cdn.ActionType.Redirect,
                        enabledState: azure_native.cdn.ManagedRuleEnabledState.Enabled,
                        ruleId: "GROUP1-0001",
                    },
                    {
                        enabledState: azure_native.cdn.ManagedRuleEnabledState.Disabled,
                        ruleId: "GROUP1-0002",
                    },
                ],
            }],
            ruleSetType: "DefaultRuleSet",
            ruleSetVersion: "preview-1.0",
        }],
    },
    policyName: "MicrosoftCdnWafPolicy",
    policySettings: {
        defaultCustomBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        defaultCustomBlockResponseStatusCode: 200,
        defaultRedirectUrl: "http://www.bing.com",
    },
    rateLimitRules: {
        rules: [{
            action: azure_native.cdn.ActionType.Block,
            enabledState: azure_native.cdn.CustomRuleEnabledState.Enabled,
            matchConditions: [{
                matchValue: [
                    "192.168.1.0/24",
                    "10.0.0.0/24",
                ],
                matchVariable: azure_native.cdn.WafMatchVariable.RemoteAddr,
                negateCondition: false,
                operator: azure_native.cdn.Operator.IPMatch,
                transforms: [],
            }],
            name: "RateLimitRule1",
            priority: 1,
            rateLimitDurationInMinutes: 0,
            rateLimitThreshold: 1000,
        }],
    },
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.cdn.SkuName.Standard_Microsoft,
    },
});
Copy
import pulumi
import pulumi_azure_native as azure_native

policy = azure_native.cdn.Policy("policy",
    custom_rules={
        "rules": [{
            "action": azure_native.cdn.ActionType.BLOCK,
            "enabled_state": azure_native.cdn.CustomRuleEnabledState.ENABLED,
            "match_conditions": [
                {
                    "match_value": ["CH"],
                    "match_variable": azure_native.cdn.WafMatchVariable.REMOTE_ADDR,
                    "negate_condition": False,
                    "operator": azure_native.cdn.Operator.GEO_MATCH,
                    "transforms": [],
                },
                {
                    "match_value": ["windows"],
                    "match_variable": azure_native.cdn.WafMatchVariable.REQUEST_HEADER,
                    "negate_condition": False,
                    "operator": azure_native.cdn.Operator.CONTAINS,
                    "selector": "UserAgent",
                    "transforms": [],
                },
                {
                    "match_value": [
                        "<?php",
                        "?>",
                    ],
                    "match_variable": azure_native.cdn.WafMatchVariable.QUERY_STRING,
                    "negate_condition": False,
                    "operator": azure_native.cdn.Operator.CONTAINS,
                    "selector": "search",
                    "transforms": [
                        azure_native.cdn.TransformType.URL_DECODE,
                        azure_native.cdn.TransformType.LOWERCASE,
                    ],
                },
            ],
            "name": "CustomRule1",
            "priority": 2,
        }],
    },
    location="global",
    managed_rules={
        "managed_rule_sets": [{
            "rule_group_overrides": [{
                "rule_group_name": "Group1",
                "rules": [
                    {
                        "action": azure_native.cdn.ActionType.REDIRECT,
                        "enabled_state": azure_native.cdn.ManagedRuleEnabledState.ENABLED,
                        "rule_id": "GROUP1-0001",
                    },
                    {
                        "enabled_state": azure_native.cdn.ManagedRuleEnabledState.DISABLED,
                        "rule_id": "GROUP1-0002",
                    },
                ],
            }],
            "rule_set_type": "DefaultRuleSet",
            "rule_set_version": "preview-1.0",
        }],
    },
    policy_name="MicrosoftCdnWafPolicy",
    policy_settings={
        "default_custom_block_response_body": "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
        "default_custom_block_response_status_code": 200,
        "default_redirect_url": "http://www.bing.com",
    },
    rate_limit_rules={
        "rules": [{
            "action": azure_native.cdn.ActionType.BLOCK,
            "enabled_state": azure_native.cdn.CustomRuleEnabledState.ENABLED,
            "match_conditions": [{
                "match_value": [
                    "192.168.1.0/24",
                    "10.0.0.0/24",
                ],
                "match_variable": azure_native.cdn.WafMatchVariable.REMOTE_ADDR,
                "negate_condition": False,
                "operator": azure_native.cdn.Operator.IP_MATCH,
                "transforms": [],
            }],
            "name": "RateLimitRule1",
            "priority": 1,
            "rate_limit_duration_in_minutes": 0,
            "rate_limit_threshold": 1000,
        }],
    },
    resource_group_name="rg1",
    sku={
        "name": azure_native.cdn.SkuName.STANDARD_MICROSOFT,
    })
Copy
resources:
  policy:
    type: azure-native:cdn:Policy
    properties:
      customRules:
        rules:
          - action: Block
            enabledState: Enabled
            matchConditions:
              - matchValue:
                  - CH
                matchVariable: RemoteAddr
                negateCondition: false
                operator: GeoMatch
                transforms: []
              - matchValue:
                  - windows
                matchVariable: RequestHeader
                negateCondition: false
                operator: Contains
                selector: UserAgent
                transforms: []
              - matchValue:
                  - <?php
                  - ?>
                matchVariable: QueryString
                negateCondition: false
                operator: Contains
                selector: search
                transforms:
                  - UrlDecode
                  - Lowercase                
            name: CustomRule1
            priority: 2
      location: global
      managedRules:
        managedRuleSets:
          - ruleGroupOverrides:
              - ruleGroupName: Group1
                rules:
                  - action: Redirect
                    enabledState: Enabled
                    ruleId: GROUP1-0001
                  - enabledState: Disabled
                    ruleId: GROUP1-0002
            ruleSetType: DefaultRuleSet
            ruleSetVersion: preview-1.0
      policyName: MicrosoftCdnWafPolicy
      policySettings:
        defaultCustomBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
        defaultCustomBlockResponseStatusCode: 200
        defaultRedirectUrl: http://www.bing.com
      rateLimitRules:
        rules:
          - action: Block
            enabledState: Enabled
            matchConditions:
              - matchValue:
                  - 192.168.1.0/24
                  - 10.0.0.0/24
                matchVariable: RemoteAddr
                negateCondition: false
                operator: IPMatch
                transforms: []
            name: RateLimitRule1
            priority: 1
            rateLimitDurationInMinutes: 0
            rateLimitThreshold: 1000
      resourceGroupName: rg1
      sku:
        name: Standard_Microsoft
Copy

Create Policy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
           args: PolicyArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           resource_group_name: Optional[str] = None,
           sku: Optional[SkuArgs] = None,
           custom_rules: Optional[CustomRuleListArgs] = None,
           extended_properties: Optional[Mapping[str, str]] = None,
           location: Optional[str] = None,
           managed_rules: Optional[ManagedRuleSetListArgs] = None,
           policy_name: Optional[str] = None,
           policy_settings: Optional[PolicySettingsArgs] = None,
           rate_limit_rules: Optional[RateLimitRuleListArgs] = None,
           tags: Optional[Mapping[str, str]] = None)
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)

type: azure-native:cdn:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. PolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azure_nativePolicyResource = new AzureNative.Cdn.Policy("azure-nativePolicyResource", new()
{
    ResourceGroupName = "string",
    Sku = 
    {
        { "name", "string" },
    },
    CustomRules = 
    {
        { "rules", new[]
        {
            
            {
                { "action", "string" },
                { "matchConditions", new[]
                {
                    
                    {
                        { "matchValue", new[]
                        {
                            "string",
                        } },
                        { "matchVariable", "string" },
                        { "operator", "string" },
                        { "negateCondition", false },
                        { "selector", "string" },
                        { "transforms", new[]
                        {
                            "string",
                        } },
                    },
                } },
                { "name", "string" },
                { "priority", 0 },
                { "enabledState", "string" },
            },
        } },
    },
    ExtendedProperties = 
    {
        { "string", "string" },
    },
    Location = "string",
    ManagedRules = 
    {
        { "managedRuleSets", new[]
        {
            
            {
                { "ruleSetType", "string" },
                { "ruleSetVersion", "string" },
                { "anomalyScore", 0 },
                { "ruleGroupOverrides", new[]
                {
                    
                    {
                        { "ruleGroupName", "string" },
                        { "rules", new[]
                        {
                            
                            {
                                { "ruleId", "string" },
                                { "action", "string" },
                                { "enabledState", "string" },
                            },
                        } },
                    },
                } },
            },
        } },
    },
    PolicyName = "string",
    PolicySettings = 
    {
        { "defaultCustomBlockResponseBody", "string" },
        { "defaultCustomBlockResponseStatusCode", 0 },
        { "defaultRedirectUrl", "string" },
        { "enabledState", "string" },
        { "mode", "string" },
    },
    RateLimitRules = 
    {
        { "rules", new[]
        {
            
            {
                { "action", "string" },
                { "matchConditions", new[]
                {
                    
                    {
                        { "matchValue", new[]
                        {
                            "string",
                        } },
                        { "matchVariable", "string" },
                        { "operator", "string" },
                        { "negateCondition", false },
                        { "selector", "string" },
                        { "transforms", new[]
                        {
                            "string",
                        } },
                    },
                } },
                { "name", "string" },
                { "priority", 0 },
                { "rateLimitDurationInMinutes", 0 },
                { "rateLimitThreshold", 0 },
                { "enabledState", "string" },
            },
        } },
    },
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := cdn.NewPolicy(ctx, "azure-nativePolicyResource", &cdn.PolicyArgs{
	ResourceGroupName: "string",
	Sku: map[string]interface{}{
		"name": "string",
	},
	CustomRules: map[string]interface{}{
		"rules": []map[string]interface{}{
			map[string]interface{}{
				"action": "string",
				"matchConditions": []map[string]interface{}{
					map[string]interface{}{
						"matchValue": []string{
							"string",
						},
						"matchVariable":   "string",
						"operator":        "string",
						"negateCondition": false,
						"selector":        "string",
						"transforms": []string{
							"string",
						},
					},
				},
				"name":         "string",
				"priority":     0,
				"enabledState": "string",
			},
		},
	},
	ExtendedProperties: map[string]interface{}{
		"string": "string",
	},
	Location: "string",
	ManagedRules: map[string]interface{}{
		"managedRuleSets": []map[string]interface{}{
			map[string]interface{}{
				"ruleSetType":    "string",
				"ruleSetVersion": "string",
				"anomalyScore":   0,
				"ruleGroupOverrides": []map[string]interface{}{
					map[string]interface{}{
						"ruleGroupName": "string",
						"rules": []map[string]interface{}{
							map[string]interface{}{
								"ruleId":       "string",
								"action":       "string",
								"enabledState": "string",
							},
						},
					},
				},
			},
		},
	},
	PolicyName: "string",
	PolicySettings: map[string]interface{}{
		"defaultCustomBlockResponseBody":       "string",
		"defaultCustomBlockResponseStatusCode": 0,
		"defaultRedirectUrl":                   "string",
		"enabledState":                         "string",
		"mode":                                 "string",
	},
	RateLimitRules: map[string]interface{}{
		"rules": []map[string]interface{}{
			map[string]interface{}{
				"action": "string",
				"matchConditions": []map[string]interface{}{
					map[string]interface{}{
						"matchValue": []string{
							"string",
						},
						"matchVariable":   "string",
						"operator":        "string",
						"negateCondition": false,
						"selector":        "string",
						"transforms": []string{
							"string",
						},
					},
				},
				"name":                       "string",
				"priority":                   0,
				"rateLimitDurationInMinutes": 0,
				"rateLimitThreshold":         0,
				"enabledState":               "string",
			},
		},
	},
	Tags: map[string]interface{}{
		"string": "string",
	},
})
Copy
var azure_nativePolicyResource = new Policy("azure-nativePolicyResource", PolicyArgs.builder()
    .resourceGroupName("string")
    .sku(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .customRules(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .extendedProperties(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .location("string")
    .managedRules(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .policyName("string")
    .policySettings(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .rateLimitRules(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .tags(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .build());
Copy
azure_native_policy_resource = azure_native.cdn.Policy("azure-nativePolicyResource",
    resource_group_name=string,
    sku={
        name: string,
    },
    custom_rules={
        rules: [{
            action: string,
            matchConditions: [{
                matchValue: [string],
                matchVariable: string,
                operator: string,
                negateCondition: False,
                selector: string,
                transforms: [string],
            }],
            name: string,
            priority: 0,
            enabledState: string,
        }],
    },
    extended_properties={
        string: string,
    },
    location=string,
    managed_rules={
        managedRuleSets: [{
            ruleSetType: string,
            ruleSetVersion: string,
            anomalyScore: 0,
            ruleGroupOverrides: [{
                ruleGroupName: string,
                rules: [{
                    ruleId: string,
                    action: string,
                    enabledState: string,
                }],
            }],
        }],
    },
    policy_name=string,
    policy_settings={
        defaultCustomBlockResponseBody: string,
        defaultCustomBlockResponseStatusCode: 0,
        defaultRedirectUrl: string,
        enabledState: string,
        mode: string,
    },
    rate_limit_rules={
        rules: [{
            action: string,
            matchConditions: [{
                matchValue: [string],
                matchVariable: string,
                operator: string,
                negateCondition: False,
                selector: string,
                transforms: [string],
            }],
            name: string,
            priority: 0,
            rateLimitDurationInMinutes: 0,
            rateLimitThreshold: 0,
            enabledState: string,
        }],
    },
    tags={
        string: string,
    })
Copy
const azure_nativePolicyResource = new azure_native.cdn.Policy("azure-nativePolicyResource", {
    resourceGroupName: "string",
    sku: {
        name: "string",
    },
    customRules: {
        rules: [{
            action: "string",
            matchConditions: [{
                matchValue: ["string"],
                matchVariable: "string",
                operator: "string",
                negateCondition: false,
                selector: "string",
                transforms: ["string"],
            }],
            name: "string",
            priority: 0,
            enabledState: "string",
        }],
    },
    extendedProperties: {
        string: "string",
    },
    location: "string",
    managedRules: {
        managedRuleSets: [{
            ruleSetType: "string",
            ruleSetVersion: "string",
            anomalyScore: 0,
            ruleGroupOverrides: [{
                ruleGroupName: "string",
                rules: [{
                    ruleId: "string",
                    action: "string",
                    enabledState: "string",
                }],
            }],
        }],
    },
    policyName: "string",
    policySettings: {
        defaultCustomBlockResponseBody: "string",
        defaultCustomBlockResponseStatusCode: 0,
        defaultRedirectUrl: "string",
        enabledState: "string",
        mode: "string",
    },
    rateLimitRules: {
        rules: [{
            action: "string",
            matchConditions: [{
                matchValue: ["string"],
                matchVariable: "string",
                operator: "string",
                negateCondition: false,
                selector: "string",
                transforms: ["string"],
            }],
            name: "string",
            priority: 0,
            rateLimitDurationInMinutes: 0,
            rateLimitThreshold: 0,
            enabledState: "string",
        }],
    },
    tags: {
        string: "string",
    },
});
Copy
type: azure-native:cdn:Policy
properties:
    customRules:
        rules:
            - action: string
              enabledState: string
              matchConditions:
                - matchValue:
                    - string
                  matchVariable: string
                  negateCondition: false
                  operator: string
                  selector: string
                  transforms:
                    - string
              name: string
              priority: 0
    extendedProperties:
        string: string
    location: string
    managedRules:
        managedRuleSets:
            - anomalyScore: 0
              ruleGroupOverrides:
                - ruleGroupName: string
                  rules:
                    - action: string
                      enabledState: string
                      ruleId: string
              ruleSetType: string
              ruleSetVersion: string
    policyName: string
    policySettings:
        defaultCustomBlockResponseBody: string
        defaultCustomBlockResponseStatusCode: 0
        defaultRedirectUrl: string
        enabledState: string
        mode: string
    rateLimitRules:
        rules:
            - action: string
              enabledState: string
              matchConditions:
                - matchValue:
                    - string
                  matchVariable: string
                  negateCondition: false
                  operator: string
                  selector: string
                  transforms:
                    - string
              name: string
              priority: 0
              rateLimitDurationInMinutes: 0
              rateLimitThreshold: 0
    resourceGroupName: string
    sku:
        name: string
    tags:
        string: string
Copy

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Policy resource accepts the following input properties:

ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
Name of the Resource group within the Azure subscription.
Sku This property is required. Pulumi.AzureNative.Cdn.Inputs.Sku
The pricing tier (defines a CDN provider, feature list and rate) of the CdnWebApplicationFirewallPolicy.
CustomRules Pulumi.AzureNative.Cdn.Inputs.CustomRuleList
Describes custom rules inside the policy.
ExtendedProperties Dictionary<string, string>
Key-Value pair representing additional properties for Web Application Firewall policy.
Location string
Resource location.
ManagedRules Pulumi.AzureNative.Cdn.Inputs.ManagedRuleSetList
Describes managed rules inside the policy.
PolicyName Changes to this property will trigger replacement. string
The name of the CdnWebApplicationFirewallPolicy.
PolicySettings Pulumi.AzureNative.Cdn.Inputs.PolicySettings
Describes policySettings for policy
RateLimitRules Pulumi.AzureNative.Cdn.Inputs.RateLimitRuleList
Describes rate limit rules inside the policy.
Tags Dictionary<string, string>
Resource tags.
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
Name of the Resource group within the Azure subscription.
Sku This property is required. SkuArgs
The pricing tier (defines a CDN provider, feature list and rate) of the CdnWebApplicationFirewallPolicy.
CustomRules CustomRuleListArgs
Describes custom rules inside the policy.
ExtendedProperties map[string]string
Key-Value pair representing additional properties for Web Application Firewall policy.
Location string
Resource location.
ManagedRules ManagedRuleSetListArgs
Describes managed rules inside the policy.
PolicyName Changes to this property will trigger replacement. string
The name of the CdnWebApplicationFirewallPolicy.
PolicySettings PolicySettingsArgs
Describes policySettings for policy
RateLimitRules RateLimitRuleListArgs
Describes rate limit rules inside the policy.
Tags map[string]string
Resource tags.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
Name of the Resource group within the Azure subscription.
sku This property is required. Sku
The pricing tier (defines a CDN provider, feature list and rate) of the CdnWebApplicationFirewallPolicy.
customRules CustomRuleList
Describes custom rules inside the policy.
extendedProperties Map<String,String>
Key-Value pair representing additional properties for Web Application Firewall policy.
location String
Resource location.
managedRules ManagedRuleSetList
Describes managed rules inside the policy.
policyName Changes to this property will trigger replacement. String
The name of the CdnWebApplicationFirewallPolicy.
policySettings PolicySettings
Describes policySettings for policy
rateLimitRules RateLimitRuleList
Describes rate limit rules inside the policy.
tags Map<String,String>
Resource tags.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
Name of the Resource group within the Azure subscription.
sku This property is required. Sku
The pricing tier (defines a CDN provider, feature list and rate) of the CdnWebApplicationFirewallPolicy.
customRules CustomRuleList
Describes custom rules inside the policy.
extendedProperties {[key: string]: string}
Key-Value pair representing additional properties for Web Application Firewall policy.
location string
Resource location.
managedRules ManagedRuleSetList
Describes managed rules inside the policy.
policyName Changes to this property will trigger replacement. string
The name of the CdnWebApplicationFirewallPolicy.
policySettings PolicySettings
Describes policySettings for policy
rateLimitRules RateLimitRuleList
Describes rate limit rules inside the policy.
tags {[key: string]: string}
Resource tags.
resource_group_name
This property is required.
Changes to this property will trigger replacement.
str
Name of the Resource group within the Azure subscription.
sku This property is required. SkuArgs
The pricing tier (defines a CDN provider, feature list and rate) of the CdnWebApplicationFirewallPolicy.
custom_rules CustomRuleListArgs
Describes custom rules inside the policy.
extended_properties Mapping[str, str]
Key-Value pair representing additional properties for Web Application Firewall policy.
location str
Resource location.
managed_rules ManagedRuleSetListArgs
Describes managed rules inside the policy.
policy_name Changes to this property will trigger replacement. str
The name of the CdnWebApplicationFirewallPolicy.
policy_settings PolicySettingsArgs
Describes policySettings for policy
rate_limit_rules RateLimitRuleListArgs
Describes rate limit rules inside the policy.
tags Mapping[str, str]
Resource tags.
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
Name of the Resource group within the Azure subscription.
sku This property is required. Property Map
The pricing tier (defines a CDN provider, feature list and rate) of the CdnWebApplicationFirewallPolicy.
customRules Property Map
Describes custom rules inside the policy.
extendedProperties Map<String>
Key-Value pair representing additional properties for Web Application Firewall policy.
location String
Resource location.
managedRules Property Map
Describes managed rules inside the policy.
policyName Changes to this property will trigger replacement. String
The name of the CdnWebApplicationFirewallPolicy.
policySettings Property Map
Describes policySettings for policy
rateLimitRules Property Map
Describes rate limit rules inside the policy.
tags Map<String>
Resource tags.

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

EndpointLinks List<Pulumi.AzureNative.Cdn.Outputs.CdnEndpointResponse>
Describes Azure CDN endpoints associated with this Web Application Firewall policy.
Id string
The provider-assigned unique ID for this managed resource.
Name string
Resource name.
ProvisioningState string
Provisioning state of the WebApplicationFirewallPolicy.
ResourceState string
SystemData Pulumi.AzureNative.Cdn.Outputs.SystemDataResponse
Read only system data
Type string
Resource type.
Etag string
Gets a unique read-only string that changes whenever the resource is updated.
EndpointLinks []CdnEndpointResponse
Describes Azure CDN endpoints associated with this Web Application Firewall policy.
Id string
The provider-assigned unique ID for this managed resource.
Name string
Resource name.
ProvisioningState string
Provisioning state of the WebApplicationFirewallPolicy.
ResourceState string
SystemData SystemDataResponse
Read only system data
Type string
Resource type.
Etag string
Gets a unique read-only string that changes whenever the resource is updated.
endpointLinks List<CdnEndpointResponse>
Describes Azure CDN endpoints associated with this Web Application Firewall policy.
id String
The provider-assigned unique ID for this managed resource.
name String
Resource name.
provisioningState String
Provisioning state of the WebApplicationFirewallPolicy.
resourceState String
systemData SystemDataResponse
Read only system data
type String
Resource type.
etag String
Gets a unique read-only string that changes whenever the resource is updated.
endpointLinks CdnEndpointResponse[]
Describes Azure CDN endpoints associated with this Web Application Firewall policy.
id string
The provider-assigned unique ID for this managed resource.
name string
Resource name.
provisioningState string
Provisioning state of the WebApplicationFirewallPolicy.
resourceState string
systemData SystemDataResponse
Read only system data
type string
Resource type.
etag string
Gets a unique read-only string that changes whenever the resource is updated.
endpoint_links Sequence[CdnEndpointResponse]
Describes Azure CDN endpoints associated with this Web Application Firewall policy.
id str
The provider-assigned unique ID for this managed resource.
name str
Resource name.
provisioning_state str
Provisioning state of the WebApplicationFirewallPolicy.
resource_state str
system_data SystemDataResponse
Read only system data
type str
Resource type.
etag str
Gets a unique read-only string that changes whenever the resource is updated.
endpointLinks List<Property Map>
Describes Azure CDN endpoints associated with this Web Application Firewall policy.
id String
The provider-assigned unique ID for this managed resource.
name String
Resource name.
provisioningState String
Provisioning state of the WebApplicationFirewallPolicy.
resourceState String
systemData Property Map
Read only system data
type String
Resource type.
etag String
Gets a unique read-only string that changes whenever the resource is updated.

Supporting Types

ActionType
, ActionTypeArgs

Allow
Allow
Block
Block
Log
Log
Redirect
Redirect
ActionTypeAllow
Allow
ActionTypeBlock
Block
ActionTypeLog
Log
ActionTypeRedirect
Redirect
Allow
Allow
Block
Block
Log
Log
Redirect
Redirect
Allow
Allow
Block
Block
Log
Log
Redirect
Redirect
ALLOW
Allow
BLOCK
Block
LOG
Log
REDIRECT
Redirect
"Allow"
Allow
"Block"
Block
"Log"
Log
"Redirect"
Redirect

CdnEndpointResponse
, CdnEndpointResponseArgs

Id string
ARM Resource ID string.
Id string
ARM Resource ID string.
id String
ARM Resource ID string.
id string
ARM Resource ID string.
id str
ARM Resource ID string.
id String
ARM Resource ID string.

CustomRule
, CustomRuleArgs

Action This property is required. string | Pulumi.AzureNative.Cdn.ActionType
Describes what action to be applied when rule matches
MatchConditions This property is required. List<Pulumi.AzureNative.Cdn.Inputs.MatchCondition>
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
EnabledState string | Pulumi.AzureNative.Cdn.CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
Action This property is required. string | ActionType
Describes what action to be applied when rule matches
MatchConditions This property is required. []MatchCondition
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
EnabledState string | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String | ActionType
Describes what action to be applied when rule matches
matchConditions This property is required. List<MatchCondition>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Integer
Defines in what order this rule be evaluated in the overall list of custom rules
enabledState String | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. string | ActionType
Describes what action to be applied when rule matches
matchConditions This property is required. MatchCondition[]
List of match conditions.
name This property is required. string
Defines the name of the custom rule
priority This property is required. number
Defines in what order this rule be evaluated in the overall list of custom rules
enabledState string | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. str | ActionType
Describes what action to be applied when rule matches
match_conditions This property is required. Sequence[MatchCondition]
List of match conditions.
name This property is required. str
Defines the name of the custom rule
priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
enabled_state str | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String | "Allow" | "Block" | "Log" | "Redirect"
Describes what action to be applied when rule matches
matchConditions This property is required. List<Property Map>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Number
Defines in what order this rule be evaluated in the overall list of custom rules
enabledState String | "Disabled" | "Enabled"
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

CustomRuleEnabledState
, CustomRuleEnabledStateArgs

Disabled
Disabled
Enabled
Enabled
CustomRuleEnabledStateDisabled
Disabled
CustomRuleEnabledStateEnabled
Enabled
Disabled
Disabled
Enabled
Enabled
Disabled
Disabled
Enabled
Enabled
DISABLED
Disabled
ENABLED
Enabled
"Disabled"
Disabled
"Enabled"
Enabled

CustomRuleList
, CustomRuleListArgs

Rules []CustomRule
List of rules
rules List<CustomRule>
List of rules
rules CustomRule[]
List of rules

CustomRuleListResponse
, CustomRuleListResponseArgs

CustomRuleResponse
, CustomRuleResponseArgs

Action This property is required. string
Describes what action to be applied when rule matches
MatchConditions This property is required. List<Pulumi.AzureNative.Cdn.Inputs.MatchConditionResponse>
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
EnabledState string
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
Action This property is required. string
Describes what action to be applied when rule matches
MatchConditions This property is required. []MatchConditionResponse
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
EnabledState string
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String
Describes what action to be applied when rule matches
matchConditions This property is required. List<MatchConditionResponse>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Integer
Defines in what order this rule be evaluated in the overall list of custom rules
enabledState String
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. string
Describes what action to be applied when rule matches
matchConditions This property is required. MatchConditionResponse[]
List of match conditions.
name This property is required. string
Defines the name of the custom rule
priority This property is required. number
Defines in what order this rule be evaluated in the overall list of custom rules
enabledState string
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. str
Describes what action to be applied when rule matches
match_conditions This property is required. Sequence[MatchConditionResponse]
List of match conditions.
name This property is required. str
Defines the name of the custom rule
priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
enabled_state str
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String
Describes what action to be applied when rule matches
matchConditions This property is required. List<Property Map>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Number
Defines in what order this rule be evaluated in the overall list of custom rules
enabledState String
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

ManagedRuleEnabledState
, ManagedRuleEnabledStateArgs

Disabled
Disabled
Enabled
Enabled
ManagedRuleEnabledStateDisabled
Disabled
ManagedRuleEnabledStateEnabled
Enabled
Disabled
Disabled
Enabled
Enabled
Disabled
Disabled
Enabled
Enabled
DISABLED
Disabled
ENABLED
Enabled
"Disabled"
Disabled
"Enabled"
Enabled

ManagedRuleGroupOverride
, ManagedRuleGroupOverrideArgs

RuleGroupName This property is required. string
Describes the managed rule group within the rule set to override
Rules List<Pulumi.AzureNative.Cdn.Inputs.ManagedRuleOverride>
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
RuleGroupName This property is required. string
Describes the managed rule group within the rule set to override
Rules []ManagedRuleOverride
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
ruleGroupName This property is required. String
Describes the managed rule group within the rule set to override
rules List<ManagedRuleOverride>
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
ruleGroupName This property is required. string
Describes the managed rule group within the rule set to override
rules ManagedRuleOverride[]
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
rule_group_name This property is required. str
Describes the managed rule group within the rule set to override
rules Sequence[ManagedRuleOverride]
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
ruleGroupName This property is required. String
Describes the managed rule group within the rule set to override
rules List<Property Map>
List of rules that will be enabled. If none specified, all rules in the group will be disabled.

ManagedRuleGroupOverrideResponse
, ManagedRuleGroupOverrideResponseArgs

RuleGroupName This property is required. string
Describes the managed rule group within the rule set to override
Rules List<Pulumi.AzureNative.Cdn.Inputs.ManagedRuleOverrideResponse>
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
RuleGroupName This property is required. string
Describes the managed rule group within the rule set to override
Rules []ManagedRuleOverrideResponse
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
ruleGroupName This property is required. String
Describes the managed rule group within the rule set to override
rules List<ManagedRuleOverrideResponse>
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
ruleGroupName This property is required. string
Describes the managed rule group within the rule set to override
rules ManagedRuleOverrideResponse[]
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
rule_group_name This property is required. str
Describes the managed rule group within the rule set to override
rules Sequence[ManagedRuleOverrideResponse]
List of rules that will be enabled. If none specified, all rules in the group will be disabled.
ruleGroupName This property is required. String
Describes the managed rule group within the rule set to override
rules List<Property Map>
List of rules that will be enabled. If none specified, all rules in the group will be disabled.

ManagedRuleOverride
, ManagedRuleOverrideArgs

RuleId This property is required. string
Identifier for the managed rule.
Action string | Pulumi.AzureNative.Cdn.ActionType
Describes the override action to be applied when rule matches.
EnabledState string | Pulumi.AzureNative.Cdn.ManagedRuleEnabledState
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
RuleId This property is required. string
Identifier for the managed rule.
Action string | ActionType
Describes the override action to be applied when rule matches.
EnabledState string | ManagedRuleEnabledState
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
ruleId This property is required. String
Identifier for the managed rule.
action String | ActionType
Describes the override action to be applied when rule matches.
enabledState String | ManagedRuleEnabledState
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
ruleId This property is required. string
Identifier for the managed rule.
action string | ActionType
Describes the override action to be applied when rule matches.
enabledState string | ManagedRuleEnabledState
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
rule_id This property is required. str
Identifier for the managed rule.
action str | ActionType
Describes the override action to be applied when rule matches.
enabled_state str | ManagedRuleEnabledState
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
ruleId This property is required. String
Identifier for the managed rule.
action String | "Allow" | "Block" | "Log" | "Redirect"
Describes the override action to be applied when rule matches.
enabledState String | "Disabled" | "Enabled"
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.

ManagedRuleOverrideResponse
, ManagedRuleOverrideResponseArgs

RuleId This property is required. string
Identifier for the managed rule.
Action string
Describes the override action to be applied when rule matches.
EnabledState string
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
RuleId This property is required. string
Identifier for the managed rule.
Action string
Describes the override action to be applied when rule matches.
EnabledState string
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
ruleId This property is required. String
Identifier for the managed rule.
action String
Describes the override action to be applied when rule matches.
enabledState String
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
ruleId This property is required. string
Identifier for the managed rule.
action string
Describes the override action to be applied when rule matches.
enabledState string
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
rule_id This property is required. str
Identifier for the managed rule.
action str
Describes the override action to be applied when rule matches.
enabled_state str
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.
ruleId This property is required. String
Identifier for the managed rule.
action String
Describes the override action to be applied when rule matches.
enabledState String
Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.

ManagedRuleSet
, ManagedRuleSetArgs

RuleSetType This property is required. string
Defines the rule set type to use.
RuleSetVersion This property is required. string
Defines the version of the rule set to use.
AnomalyScore int
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
RuleGroupOverrides List<Pulumi.AzureNative.Cdn.Inputs.ManagedRuleGroupOverride>
Defines the rule overrides to apply to the rule set.
RuleSetType This property is required. string
Defines the rule set type to use.
RuleSetVersion This property is required. string
Defines the version of the rule set to use.
AnomalyScore int
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
RuleGroupOverrides []ManagedRuleGroupOverride
Defines the rule overrides to apply to the rule set.
ruleSetType This property is required. String
Defines the rule set type to use.
ruleSetVersion This property is required. String
Defines the version of the rule set to use.
anomalyScore Integer
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
ruleGroupOverrides List<ManagedRuleGroupOverride>
Defines the rule overrides to apply to the rule set.
ruleSetType This property is required. string
Defines the rule set type to use.
ruleSetVersion This property is required. string
Defines the version of the rule set to use.
anomalyScore number
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
ruleGroupOverrides ManagedRuleGroupOverride[]
Defines the rule overrides to apply to the rule set.
rule_set_type This property is required. str
Defines the rule set type to use.
rule_set_version This property is required. str
Defines the version of the rule set to use.
anomaly_score int
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
rule_group_overrides Sequence[ManagedRuleGroupOverride]
Defines the rule overrides to apply to the rule set.
ruleSetType This property is required. String
Defines the rule set type to use.
ruleSetVersion This property is required. String
Defines the version of the rule set to use.
anomalyScore Number
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
ruleGroupOverrides List<Property Map>
Defines the rule overrides to apply to the rule set.

ManagedRuleSetList
, ManagedRuleSetListArgs

ManagedRuleSetListResponse
, ManagedRuleSetListResponseArgs

ManagedRuleSetResponse
, ManagedRuleSetResponseArgs

RuleSetType This property is required. string
Defines the rule set type to use.
RuleSetVersion This property is required. string
Defines the version of the rule set to use.
AnomalyScore int
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
RuleGroupOverrides List<Pulumi.AzureNative.Cdn.Inputs.ManagedRuleGroupOverrideResponse>
Defines the rule overrides to apply to the rule set.
RuleSetType This property is required. string
Defines the rule set type to use.
RuleSetVersion This property is required. string
Defines the version of the rule set to use.
AnomalyScore int
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
RuleGroupOverrides []ManagedRuleGroupOverrideResponse
Defines the rule overrides to apply to the rule set.
ruleSetType This property is required. String
Defines the rule set type to use.
ruleSetVersion This property is required. String
Defines the version of the rule set to use.
anomalyScore Integer
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
ruleGroupOverrides List<ManagedRuleGroupOverrideResponse>
Defines the rule overrides to apply to the rule set.
ruleSetType This property is required. string
Defines the rule set type to use.
ruleSetVersion This property is required. string
Defines the version of the rule set to use.
anomalyScore number
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
ruleGroupOverrides ManagedRuleGroupOverrideResponse[]
Defines the rule overrides to apply to the rule set.
rule_set_type This property is required. str
Defines the rule set type to use.
rule_set_version This property is required. str
Defines the version of the rule set to use.
anomaly_score int
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
rule_group_overrides Sequence[ManagedRuleGroupOverrideResponse]
Defines the rule overrides to apply to the rule set.
ruleSetType This property is required. String
Defines the rule set type to use.
ruleSetVersion This property is required. String
Defines the version of the rule set to use.
anomalyScore Number
Verizon only : If the rule set supports anomaly detection mode, this describes the threshold for blocking requests.
ruleGroupOverrides List<Property Map>
Defines the rule overrides to apply to the rule set.

MatchCondition
, MatchConditionArgs

MatchValue This property is required. List<string>
List of possible match values.
MatchVariable This property is required. string | Pulumi.AzureNative.Cdn.WafMatchVariable
Match variable to compare against.
Operator This property is required. string | Pulumi.AzureNative.Cdn.Operator
Describes operator to be matched
NegateCondition bool
Describes if the result of this condition should be negated.
Selector string
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
Transforms List<Union<string, Pulumi.AzureNative.Cdn.TransformType>>
List of transforms.
MatchValue This property is required. []string
List of possible match values.
MatchVariable This property is required. string | WafMatchVariable
Match variable to compare against.
Operator This property is required. string | Operator
Describes operator to be matched
NegateCondition bool
Describes if the result of this condition should be negated.
Selector string
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
Transforms []string
List of transforms.
matchValue This property is required. List<String>
List of possible match values.
matchVariable This property is required. String | WafMatchVariable
Match variable to compare against.
operator This property is required. String | Operator
Describes operator to be matched
negateCondition Boolean
Describes if the result of this condition should be negated.
selector String
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms List<Either<String,TransformType>>
List of transforms.
matchValue This property is required. string[]
List of possible match values.
matchVariable This property is required. string | WafMatchVariable
Match variable to compare against.
operator This property is required. string | Operator
Describes operator to be matched
negateCondition boolean
Describes if the result of this condition should be negated.
selector string
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms (string | TransformType)[]
List of transforms.
match_value This property is required. Sequence[str]
List of possible match values.
match_variable This property is required. str | WafMatchVariable
Match variable to compare against.
operator This property is required. str | Operator
Describes operator to be matched
negate_condition bool
Describes if the result of this condition should be negated.
selector str
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms Sequence[Union[str, TransformType]]
List of transforms.
matchValue This property is required. List<String>
List of possible match values.
matchVariable This property is required. String | "RemoteAddr" | "SocketAddr" | "RequestMethod" | "RequestHeader" | "RequestUri" | "QueryString" | "RequestBody" | "Cookies" | "PostArgs"
Match variable to compare against.
operator This property is required. String | "Any" | "IPMatch" | "GeoMatch" | "Equal" | "Contains" | "LessThan" | "GreaterThan" | "LessThanOrEqual" | "GreaterThanOrEqual" | "BeginsWith" | "EndsWith" | "RegEx"
Describes operator to be matched
negateCondition Boolean
Describes if the result of this condition should be negated.
selector String
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms List<String | "Lowercase" | "Uppercase" | "Trim" | "UrlDecode" | "UrlEncode" | "RemoveNulls">
List of transforms.

MatchConditionResponse
, MatchConditionResponseArgs

MatchValue This property is required. List<string>
List of possible match values.
MatchVariable This property is required. string
Match variable to compare against.
Operator This property is required. string
Describes operator to be matched
NegateCondition bool
Describes if the result of this condition should be negated.
Selector string
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
Transforms List<string>
List of transforms.
MatchValue This property is required. []string
List of possible match values.
MatchVariable This property is required. string
Match variable to compare against.
Operator This property is required. string
Describes operator to be matched
NegateCondition bool
Describes if the result of this condition should be negated.
Selector string
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
Transforms []string
List of transforms.
matchValue This property is required. List<String>
List of possible match values.
matchVariable This property is required. String
Match variable to compare against.
operator This property is required. String
Describes operator to be matched
negateCondition Boolean
Describes if the result of this condition should be negated.
selector String
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms List<String>
List of transforms.
matchValue This property is required. string[]
List of possible match values.
matchVariable This property is required. string
Match variable to compare against.
operator This property is required. string
Describes operator to be matched
negateCondition boolean
Describes if the result of this condition should be negated.
selector string
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms string[]
List of transforms.
match_value This property is required. Sequence[str]
List of possible match values.
match_variable This property is required. str
Match variable to compare against.
operator This property is required. str
Describes operator to be matched
negate_condition bool
Describes if the result of this condition should be negated.
selector str
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms Sequence[str]
List of transforms.
matchValue This property is required. List<String>
List of possible match values.
matchVariable This property is required. String
Match variable to compare against.
operator This property is required. String
Describes operator to be matched
negateCondition Boolean
Describes if the result of this condition should be negated.
selector String
Selector can used to match a specific key for QueryString, Cookies, RequestHeader or PostArgs.
transforms List<String>
List of transforms.

Operator
, OperatorArgs

Any
Any
IPMatch
IPMatch
GeoMatch
GeoMatch
Equal
Equal
Contains
Contains
LessThan
LessThan
GreaterThan
GreaterThan
LessThanOrEqual
LessThanOrEqual
GreaterThanOrEqual
GreaterThanOrEqual
BeginsWith
BeginsWith
EndsWith
EndsWith
RegEx
RegEx
OperatorAny
Any
OperatorIPMatch
IPMatch
OperatorGeoMatch
GeoMatch
OperatorEqual
Equal
OperatorContains
Contains
OperatorLessThan
LessThan
OperatorGreaterThan
GreaterThan
OperatorLessThanOrEqual
LessThanOrEqual
OperatorGreaterThanOrEqual
GreaterThanOrEqual
OperatorBeginsWith
BeginsWith
OperatorEndsWith
EndsWith
OperatorRegEx
RegEx
Any
Any
IPMatch
IPMatch
GeoMatch
GeoMatch
Equal
Equal
Contains
Contains
LessThan
LessThan
GreaterThan
GreaterThan
LessThanOrEqual
LessThanOrEqual
GreaterThanOrEqual
GreaterThanOrEqual
BeginsWith
BeginsWith
EndsWith
EndsWith
RegEx
RegEx
Any
Any
IPMatch
IPMatch
GeoMatch
GeoMatch
Equal
Equal
Contains
Contains
LessThan
LessThan
GreaterThan
GreaterThan
LessThanOrEqual
LessThanOrEqual
GreaterThanOrEqual
GreaterThanOrEqual
BeginsWith
BeginsWith
EndsWith
EndsWith
RegEx
RegEx
ANY
Any
IP_MATCH
IPMatch
GEO_MATCH
GeoMatch
EQUAL
Equal
CONTAINS
Contains
LESS_THAN
LessThan
GREATER_THAN
GreaterThan
LESS_THAN_OR_EQUAL
LessThanOrEqual
GREATER_THAN_OR_EQUAL
GreaterThanOrEqual
BEGINS_WITH
BeginsWith
ENDS_WITH
EndsWith
REG_EX
RegEx
"Any"
Any
"IPMatch"
IPMatch
"GeoMatch"
GeoMatch
"Equal"
Equal
"Contains"
Contains
"LessThan"
LessThan
"GreaterThan"
GreaterThan
"LessThanOrEqual"
LessThanOrEqual
"GreaterThanOrEqual"
GreaterThanOrEqual
"BeginsWith"
BeginsWith
"EndsWith"
EndsWith
"RegEx"
RegEx

PolicyEnabledState
, PolicyEnabledStateArgs

Disabled
Disabled
Enabled
Enabled
PolicyEnabledStateDisabled
Disabled
PolicyEnabledStateEnabled
Enabled
Disabled
Disabled
Enabled
Enabled
Disabled
Disabled
Enabled
Enabled
DISABLED
Disabled
ENABLED
Enabled
"Disabled"
Disabled
"Enabled"
Enabled

PolicyMode
, PolicyModeArgs

Prevention
Prevention
Detection
Detection
PolicyModePrevention
Prevention
PolicyModeDetection
Detection
Prevention
Prevention
Detection
Detection
Prevention
Prevention
Detection
Detection
PREVENTION
Prevention
DETECTION
Detection
"Prevention"
Prevention
"Detection"
Detection

PolicySettings
, PolicySettingsArgs

DefaultCustomBlockResponseBody string
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
DefaultCustomBlockResponseStatusCode int
If the action type is block, this field defines the default customer overridable http response status code.
DefaultRedirectUrl string
If action type is redirect, this field represents the default redirect URL for the client.
EnabledState string | Pulumi.AzureNative.Cdn.PolicyEnabledState
describes if the policy is in enabled state or disabled state
Mode string | Pulumi.AzureNative.Cdn.PolicyMode
Describes if it is in detection mode or prevention mode at policy level.
DefaultCustomBlockResponseBody string
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
DefaultCustomBlockResponseStatusCode int
If the action type is block, this field defines the default customer overridable http response status code.
DefaultRedirectUrl string
If action type is redirect, this field represents the default redirect URL for the client.
EnabledState string | PolicyEnabledState
describes if the policy is in enabled state or disabled state
Mode string | PolicyMode
Describes if it is in detection mode or prevention mode at policy level.
defaultCustomBlockResponseBody String
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
defaultCustomBlockResponseStatusCode Integer
If the action type is block, this field defines the default customer overridable http response status code.
defaultRedirectUrl String
If action type is redirect, this field represents the default redirect URL for the client.
enabledState String | PolicyEnabledState
describes if the policy is in enabled state or disabled state
mode String | PolicyMode
Describes if it is in detection mode or prevention mode at policy level.
defaultCustomBlockResponseBody string
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
defaultCustomBlockResponseStatusCode number
If the action type is block, this field defines the default customer overridable http response status code.
defaultRedirectUrl string
If action type is redirect, this field represents the default redirect URL for the client.
enabledState string | PolicyEnabledState
describes if the policy is in enabled state or disabled state
mode string | PolicyMode
Describes if it is in detection mode or prevention mode at policy level.
default_custom_block_response_body str
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
default_custom_block_response_status_code int
If the action type is block, this field defines the default customer overridable http response status code.
default_redirect_url str
If action type is redirect, this field represents the default redirect URL for the client.
enabled_state str | PolicyEnabledState
describes if the policy is in enabled state or disabled state
mode str | PolicyMode
Describes if it is in detection mode or prevention mode at policy level.
defaultCustomBlockResponseBody String
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
defaultCustomBlockResponseStatusCode Number
If the action type is block, this field defines the default customer overridable http response status code.
defaultRedirectUrl String
If action type is redirect, this field represents the default redirect URL for the client.
enabledState String | "Disabled" | "Enabled"
describes if the policy is in enabled state or disabled state
mode String | "Prevention" | "Detection"
Describes if it is in detection mode or prevention mode at policy level.

PolicySettingsResponse
, PolicySettingsResponseArgs

DefaultCustomBlockResponseBody string
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
DefaultCustomBlockResponseStatusCode int
If the action type is block, this field defines the default customer overridable http response status code.
DefaultRedirectUrl string
If action type is redirect, this field represents the default redirect URL for the client.
EnabledState string
describes if the policy is in enabled state or disabled state
Mode string
Describes if it is in detection mode or prevention mode at policy level.
DefaultCustomBlockResponseBody string
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
DefaultCustomBlockResponseStatusCode int
If the action type is block, this field defines the default customer overridable http response status code.
DefaultRedirectUrl string
If action type is redirect, this field represents the default redirect URL for the client.
EnabledState string
describes if the policy is in enabled state or disabled state
Mode string
Describes if it is in detection mode or prevention mode at policy level.
defaultCustomBlockResponseBody String
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
defaultCustomBlockResponseStatusCode Integer
If the action type is block, this field defines the default customer overridable http response status code.
defaultRedirectUrl String
If action type is redirect, this field represents the default redirect URL for the client.
enabledState String
describes if the policy is in enabled state or disabled state
mode String
Describes if it is in detection mode or prevention mode at policy level.
defaultCustomBlockResponseBody string
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
defaultCustomBlockResponseStatusCode number
If the action type is block, this field defines the default customer overridable http response status code.
defaultRedirectUrl string
If action type is redirect, this field represents the default redirect URL for the client.
enabledState string
describes if the policy is in enabled state or disabled state
mode string
Describes if it is in detection mode or prevention mode at policy level.
default_custom_block_response_body str
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
default_custom_block_response_status_code int
If the action type is block, this field defines the default customer overridable http response status code.
default_redirect_url str
If action type is redirect, this field represents the default redirect URL for the client.
enabled_state str
describes if the policy is in enabled state or disabled state
mode str
Describes if it is in detection mode or prevention mode at policy level.
defaultCustomBlockResponseBody String
If the action type is block, customer can override the response body. The body must be specified in base64 encoding.
defaultCustomBlockResponseStatusCode Number
If the action type is block, this field defines the default customer overridable http response status code.
defaultRedirectUrl String
If action type is redirect, this field represents the default redirect URL for the client.
enabledState String
describes if the policy is in enabled state or disabled state
mode String
Describes if it is in detection mode or prevention mode at policy level.

RateLimitRule
, RateLimitRuleArgs

Action This property is required. string | Pulumi.AzureNative.Cdn.ActionType
Describes what action to be applied when rule matches
MatchConditions This property is required. List<Pulumi.AzureNative.Cdn.Inputs.MatchCondition>
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
RateLimitDurationInMinutes This property is required. int
Defines rate limit duration. Default is 1 minute.
RateLimitThreshold This property is required. int
Defines rate limit threshold.
EnabledState string | Pulumi.AzureNative.Cdn.CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
Action This property is required. string | ActionType
Describes what action to be applied when rule matches
MatchConditions This property is required. []MatchCondition
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
RateLimitDurationInMinutes This property is required. int
Defines rate limit duration. Default is 1 minute.
RateLimitThreshold This property is required. int
Defines rate limit threshold.
EnabledState string | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String | ActionType
Describes what action to be applied when rule matches
matchConditions This property is required. List<MatchCondition>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Integer
Defines in what order this rule be evaluated in the overall list of custom rules
rateLimitDurationInMinutes This property is required. Integer
Defines rate limit duration. Default is 1 minute.
rateLimitThreshold This property is required. Integer
Defines rate limit threshold.
enabledState String | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. string | ActionType
Describes what action to be applied when rule matches
matchConditions This property is required. MatchCondition[]
List of match conditions.
name This property is required. string
Defines the name of the custom rule
priority This property is required. number
Defines in what order this rule be evaluated in the overall list of custom rules
rateLimitDurationInMinutes This property is required. number
Defines rate limit duration. Default is 1 minute.
rateLimitThreshold This property is required. number
Defines rate limit threshold.
enabledState string | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. str | ActionType
Describes what action to be applied when rule matches
match_conditions This property is required. Sequence[MatchCondition]
List of match conditions.
name This property is required. str
Defines the name of the custom rule
priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
rate_limit_duration_in_minutes This property is required. int
Defines rate limit duration. Default is 1 minute.
rate_limit_threshold This property is required. int
Defines rate limit threshold.
enabled_state str | CustomRuleEnabledState
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String | "Allow" | "Block" | "Log" | "Redirect"
Describes what action to be applied when rule matches
matchConditions This property is required. List<Property Map>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Number
Defines in what order this rule be evaluated in the overall list of custom rules
rateLimitDurationInMinutes This property is required. Number
Defines rate limit duration. Default is 1 minute.
rateLimitThreshold This property is required. Number
Defines rate limit threshold.
enabledState String | "Disabled" | "Enabled"
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

RateLimitRuleList
, RateLimitRuleListArgs

Rules []RateLimitRule
List of rules
rules RateLimitRule[]
List of rules

RateLimitRuleListResponse
, RateLimitRuleListResponseArgs

RateLimitRuleResponse
, RateLimitRuleResponseArgs

Action This property is required. string
Describes what action to be applied when rule matches
MatchConditions This property is required. List<Pulumi.AzureNative.Cdn.Inputs.MatchConditionResponse>
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
RateLimitDurationInMinutes This property is required. int
Defines rate limit duration. Default is 1 minute.
RateLimitThreshold This property is required. int
Defines rate limit threshold.
EnabledState string
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
Action This property is required. string
Describes what action to be applied when rule matches
MatchConditions This property is required. []MatchConditionResponse
List of match conditions.
Name This property is required. string
Defines the name of the custom rule
Priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
RateLimitDurationInMinutes This property is required. int
Defines rate limit duration. Default is 1 minute.
RateLimitThreshold This property is required. int
Defines rate limit threshold.
EnabledState string
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String
Describes what action to be applied when rule matches
matchConditions This property is required. List<MatchConditionResponse>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Integer
Defines in what order this rule be evaluated in the overall list of custom rules
rateLimitDurationInMinutes This property is required. Integer
Defines rate limit duration. Default is 1 minute.
rateLimitThreshold This property is required. Integer
Defines rate limit threshold.
enabledState String
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. string
Describes what action to be applied when rule matches
matchConditions This property is required. MatchConditionResponse[]
List of match conditions.
name This property is required. string
Defines the name of the custom rule
priority This property is required. number
Defines in what order this rule be evaluated in the overall list of custom rules
rateLimitDurationInMinutes This property is required. number
Defines rate limit duration. Default is 1 minute.
rateLimitThreshold This property is required. number
Defines rate limit threshold.
enabledState string
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. str
Describes what action to be applied when rule matches
match_conditions This property is required. Sequence[MatchConditionResponse]
List of match conditions.
name This property is required. str
Defines the name of the custom rule
priority This property is required. int
Defines in what order this rule be evaluated in the overall list of custom rules
rate_limit_duration_in_minutes This property is required. int
Defines rate limit duration. Default is 1 minute.
rate_limit_threshold This property is required. int
Defines rate limit threshold.
enabled_state str
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.
action This property is required. String
Describes what action to be applied when rule matches
matchConditions This property is required. List<Property Map>
List of match conditions.
name This property is required. String
Defines the name of the custom rule
priority This property is required. Number
Defines in what order this rule be evaluated in the overall list of custom rules
rateLimitDurationInMinutes This property is required. Number
Defines rate limit duration. Default is 1 minute.
rateLimitThreshold This property is required. Number
Defines rate limit threshold.
enabledState String
Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.

Sku
, SkuArgs

Name Changes to this property will trigger replacement. string | Pulumi.AzureNative.Cdn.SkuName
Name of the pricing tier.
Name Changes to this property will trigger replacement. string | SkuName
Name of the pricing tier.
name Changes to this property will trigger replacement. String | SkuName
Name of the pricing tier.
name Changes to this property will trigger replacement. string | SkuName
Name of the pricing tier.
name Changes to this property will trigger replacement. str | SkuName
Name of the pricing tier.

SkuName
, SkuNameArgs

Standard_Verizon
Standard_Verizon
Premium_Verizon
Premium_Verizon
Custom_Verizon
Custom_Verizon
Standard_Akamai
Standard_Akamai
Standard_ChinaCdn
Standard_ChinaCdn
Standard_Microsoft
Standard_Microsoft
Standard_AzureFrontDoor
Standard_AzureFrontDoor
Premium_AzureFrontDoor
Premium_AzureFrontDoor
Standard_955BandWidth_ChinaCdn
Standard_955BandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
StandardPlus_ChinaCdn
StandardPlus_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
SkuName_Standard_Verizon
Standard_Verizon
SkuName_Premium_Verizon
Premium_Verizon
SkuName_Custom_Verizon
Custom_Verizon
SkuName_Standard_Akamai
Standard_Akamai
SkuName_Standard_ChinaCdn
Standard_ChinaCdn
SkuName_Standard_Microsoft
Standard_Microsoft
SkuName_Standard_AzureFrontDoor
Standard_AzureFrontDoor
SkuName_Premium_AzureFrontDoor
Premium_AzureFrontDoor
SkuName_Standard_955BandWidth_ChinaCdn
Standard_955BandWidth_ChinaCdn
SkuName_Standard_AvgBandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
SkuName_StandardPlus_ChinaCdn
StandardPlus_ChinaCdn
SkuName_StandardPlus_955BandWidth_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
SkuName_StandardPlus_AvgBandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
Standard_Verizon
Standard_Verizon
Premium_Verizon
Premium_Verizon
Custom_Verizon
Custom_Verizon
Standard_Akamai
Standard_Akamai
Standard_ChinaCdn
Standard_ChinaCdn
Standard_Microsoft
Standard_Microsoft
Standard_AzureFrontDoor
Standard_AzureFrontDoor
Premium_AzureFrontDoor
Premium_AzureFrontDoor
Standard_955BandWidth_ChinaCdn
Standard_955BandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
StandardPlus_ChinaCdn
StandardPlus_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
Standard_Verizon
Standard_Verizon
Premium_Verizon
Premium_Verizon
Custom_Verizon
Custom_Verizon
Standard_Akamai
Standard_Akamai
Standard_ChinaCdn
Standard_ChinaCdn
Standard_Microsoft
Standard_Microsoft
Standard_AzureFrontDoor
Standard_AzureFrontDoor
Premium_AzureFrontDoor
Premium_AzureFrontDoor
Standard_955BandWidth_ChinaCdn
Standard_955BandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
Standard_AvgBandWidth_ChinaCdn
StandardPlus_ChinaCdn
StandardPlus_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
StandardPlus_955BandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
StandardPlus_AvgBandWidth_ChinaCdn
STANDARD_VERIZON
Standard_Verizon
PREMIUM_VERIZON
Premium_Verizon
CUSTOM_VERIZON
Custom_Verizon
STANDARD_AKAMAI
Standard_Akamai
STANDARD_CHINA_CDN
Standard_ChinaCdn
STANDARD_MICROSOFT
Standard_Microsoft
STANDARD_AZURE_FRONT_DOOR
Standard_AzureFrontDoor
PREMIUM_AZURE_FRONT_DOOR
Premium_AzureFrontDoor
STANDARD_955_BAND_WIDTH_CHINA_CDN
Standard_955BandWidth_ChinaCdn
STANDARD_AVG_BAND_WIDTH_CHINA_CDN
Standard_AvgBandWidth_ChinaCdn
STANDARD_PLUS_CHINA_CDN
StandardPlus_ChinaCdn
STANDARD_PLUS_955_BAND_WIDTH_CHINA_CDN
StandardPlus_955BandWidth_ChinaCdn
STANDARD_PLUS_AVG_BAND_WIDTH_CHINA_CDN
StandardPlus_AvgBandWidth_ChinaCdn
"Standard_Verizon"
Standard_Verizon
"Premium_Verizon"
Premium_Verizon
"Custom_Verizon"
Custom_Verizon
"Standard_Akamai"
Standard_Akamai
"Standard_ChinaCdn"
Standard_ChinaCdn
"Standard_Microsoft"
Standard_Microsoft
"Standard_AzureFrontDoor"
Standard_AzureFrontDoor
"Premium_AzureFrontDoor"
Premium_AzureFrontDoor
"Standard_955BandWidth_ChinaCdn"
Standard_955BandWidth_ChinaCdn
"Standard_AvgBandWidth_ChinaCdn"
Standard_AvgBandWidth_ChinaCdn
"StandardPlus_ChinaCdn"
StandardPlus_ChinaCdn
"StandardPlus_955BandWidth_ChinaCdn"
StandardPlus_955BandWidth_ChinaCdn
"StandardPlus_AvgBandWidth_ChinaCdn"
StandardPlus_AvgBandWidth_ChinaCdn

SkuResponse
, SkuResponseArgs

Name string
Name of the pricing tier.
Name string
Name of the pricing tier.
name String
Name of the pricing tier.
name string
Name of the pricing tier.
name str
Name of the pricing tier.
name String
Name of the pricing tier.

SystemDataResponse
, SystemDataResponseArgs

CreatedAt string
The timestamp of resource creation (UTC)
CreatedBy string
An identifier for the identity that created the resource
CreatedByType string
The type of identity that created the resource
LastModifiedAt string
The timestamp of resource last modification (UTC)
LastModifiedBy string
An identifier for the identity that last modified the resource
LastModifiedByType string
The type of identity that last modified the resource
CreatedAt string
The timestamp of resource creation (UTC)
CreatedBy string
An identifier for the identity that created the resource
CreatedByType string
The type of identity that created the resource
LastModifiedAt string
The timestamp of resource last modification (UTC)
LastModifiedBy string
An identifier for the identity that last modified the resource
LastModifiedByType string
The type of identity that last modified the resource
createdAt String
The timestamp of resource creation (UTC)
createdBy String
An identifier for the identity that created the resource
createdByType String
The type of identity that created the resource
lastModifiedAt String
The timestamp of resource last modification (UTC)
lastModifiedBy String
An identifier for the identity that last modified the resource
lastModifiedByType String
The type of identity that last modified the resource
createdAt string
The timestamp of resource creation (UTC)
createdBy string
An identifier for the identity that created the resource
createdByType string
The type of identity that created the resource
lastModifiedAt string
The timestamp of resource last modification (UTC)
lastModifiedBy string
An identifier for the identity that last modified the resource
lastModifiedByType string
The type of identity that last modified the resource
created_at str
The timestamp of resource creation (UTC)
created_by str
An identifier for the identity that created the resource
created_by_type str
The type of identity that created the resource
last_modified_at str
The timestamp of resource last modification (UTC)
last_modified_by str
An identifier for the identity that last modified the resource
last_modified_by_type str
The type of identity that last modified the resource
createdAt String
The timestamp of resource creation (UTC)
createdBy String
An identifier for the identity that created the resource
createdByType String
The type of identity that created the resource
lastModifiedAt String
The timestamp of resource last modification (UTC)
lastModifiedBy String
An identifier for the identity that last modified the resource
lastModifiedByType String
The type of identity that last modified the resource

TransformType
, TransformTypeArgs

Lowercase
Lowercase
Uppercase
Uppercase
Trim
Trim
UrlDecode
UrlDecode
UrlEncode
UrlEncode
RemoveNulls
RemoveNulls
TransformTypeLowercase
Lowercase
TransformTypeUppercase
Uppercase
TransformTypeTrim
Trim
TransformTypeUrlDecode
UrlDecode
TransformTypeUrlEncode
UrlEncode
TransformTypeRemoveNulls
RemoveNulls
Lowercase
Lowercase
Uppercase
Uppercase
Trim
Trim
UrlDecode
UrlDecode
UrlEncode
UrlEncode
RemoveNulls
RemoveNulls
Lowercase
Lowercase
Uppercase
Uppercase
Trim
Trim
UrlDecode
UrlDecode
UrlEncode
UrlEncode
RemoveNulls
RemoveNulls
LOWERCASE
Lowercase
UPPERCASE
Uppercase
TRIM
Trim
URL_DECODE
UrlDecode
URL_ENCODE
UrlEncode
REMOVE_NULLS
RemoveNulls
"Lowercase"
Lowercase
"Uppercase"
Uppercase
"Trim"
Trim
"UrlDecode"
UrlDecode
"UrlEncode"
UrlEncode
"RemoveNulls"
RemoveNulls

WafMatchVariable
, WafMatchVariableArgs

RemoteAddr
RemoteAddr
SocketAddr
SocketAddr
RequestMethod
RequestMethod
RequestHeader
RequestHeader
RequestUri
RequestUri
QueryString
QueryString
RequestBody
RequestBody
Cookies
Cookies
PostArgs
PostArgs
WafMatchVariableRemoteAddr
RemoteAddr
WafMatchVariableSocketAddr
SocketAddr
WafMatchVariableRequestMethod
RequestMethod
WafMatchVariableRequestHeader
RequestHeader
WafMatchVariableRequestUri
RequestUri
WafMatchVariableQueryString
QueryString
WafMatchVariableRequestBody
RequestBody
WafMatchVariableCookies
Cookies
WafMatchVariablePostArgs
PostArgs
RemoteAddr
RemoteAddr
SocketAddr
SocketAddr
RequestMethod
RequestMethod
RequestHeader
RequestHeader
RequestUri
RequestUri
QueryString
QueryString
RequestBody
RequestBody
Cookies
Cookies
PostArgs
PostArgs
RemoteAddr
RemoteAddr
SocketAddr
SocketAddr
RequestMethod
RequestMethod
RequestHeader
RequestHeader
RequestUri
RequestUri
QueryString
QueryString
RequestBody
RequestBody
Cookies
Cookies
PostArgs
PostArgs
REMOTE_ADDR
RemoteAddr
SOCKET_ADDR
SocketAddr
REQUEST_METHOD
RequestMethod
REQUEST_HEADER
RequestHeader
REQUEST_URI
RequestUri
QUERY_STRING
QueryString
REQUEST_BODY
RequestBody
COOKIES
Cookies
POST_ARGS
PostArgs
"RemoteAddr"
RemoteAddr
"SocketAddr"
SocketAddr
"RequestMethod"
RequestMethod
"RequestHeader"
RequestHeader
"RequestUri"
RequestUri
"QueryString"
QueryString
"RequestBody"
RequestBody
"Cookies"
Cookies
"PostArgs"
PostArgs

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:cdn:Policy MicrosoftCdnWafPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/cdnWebApplicationFirewallPolicies/{policyName}
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
azure-native-v2 pulumi/pulumi-azure-native
License
Apache-2.0
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
pulumi/pulumi-azure-native