634 строки
19 KiB
JSON
634 строки
19 KiB
JSON
{
|
|
"id": "https://schema.management.azure.com/schemas/2019-10-01/Microsoft.Network.FrontDoor.json#",
|
|
"title": "Microsoft.Network",
|
|
"description": "Microsoft Network Resource Types",
|
|
"$schema": "http://json-schema.org/draft-04/schema#",
|
|
"resourceDefinitions": {
|
|
"FrontDoorWebApplicationFirewallPolicies": {
|
|
"description": "Microsoft.Network/FrontDoorWebApplicationFirewallPolicies",
|
|
"properties": {
|
|
"apiVersion": {
|
|
"enum": [
|
|
"2019-10-01"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"etag": {
|
|
"description": "Gets a unique read-only string that changes whenever the resource is updated.",
|
|
"type": "string"
|
|
},
|
|
"location": {
|
|
"description": "Resource location.",
|
|
"type": "string"
|
|
},
|
|
"name": {
|
|
"description": "The name of the Web Application Firewall Policy.",
|
|
"maxLength": 128,
|
|
"type": "string"
|
|
},
|
|
"properties": {
|
|
"description": "Properties of the web application firewall policy.",
|
|
"oneOf": [
|
|
{
|
|
"$ref": "#/definitions/WebApplicationFirewallPolicyProperties"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"tags": {
|
|
"description": "Resource tags.",
|
|
"oneOf": [
|
|
{
|
|
"additionalProperties": {
|
|
"type": "string"
|
|
},
|
|
"properties": {},
|
|
"type": "object"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"Microsoft.Network/FrontDoorWebApplicationFirewallPolicies"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"name",
|
|
"properties",
|
|
"apiVersion",
|
|
"type"
|
|
],
|
|
"type": "object"
|
|
}
|
|
},
|
|
"definitions": {
|
|
"CustomRule": {
|
|
"description": "Defines contents of a web application rule",
|
|
"properties": {
|
|
"action": {
|
|
"description": "Describes what action to be applied when rule matches.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Allow",
|
|
"Block",
|
|
"Log",
|
|
"Redirect"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"enabledState": {
|
|
"description": "Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Disabled",
|
|
"Enabled"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"matchConditions": {
|
|
"description": "List of match conditions.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/MatchCondition"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"name": {
|
|
"description": "Describes the name of the rule.",
|
|
"maxLength": 128,
|
|
"type": "string"
|
|
},
|
|
"priority": {
|
|
"description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.",
|
|
"oneOf": [
|
|
{
|
|
"type": "integer"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"rateLimitDurationInMinutes": {
|
|
"description": "Time window for resetting the rate limit count. Default is 1 minute.",
|
|
"oneOf": [
|
|
{
|
|
"maximum": 5,
|
|
"minimum": 0,
|
|
"type": "integer"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"rateLimitThreshold": {
|
|
"description": "Number of allowed requests per client within the time window.",
|
|
"oneOf": [
|
|
{
|
|
"minimum": 0,
|
|
"type": "integer"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"ruleType": {
|
|
"description": "Describes type of rule.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"MatchRule",
|
|
"RateLimitRule"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"priority",
|
|
"ruleType",
|
|
"matchConditions",
|
|
"action"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"CustomRuleList": {
|
|
"description": "Defines contents of custom rules",
|
|
"properties": {
|
|
"rules": {
|
|
"description": "List of rules",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/CustomRule"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"ManagedRuleExclusion": {
|
|
"description": "Exclude variables from managed rule evaluation.",
|
|
"properties": {
|
|
"matchVariable": {
|
|
"description": "The variable type to be excluded.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"RequestHeaderNames",
|
|
"RequestCookieNames",
|
|
"QueryStringArgNames",
|
|
"RequestBodyPostArgNames"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"selector": {
|
|
"description": "Selector value for which elements in the collection this exclusion applies to.",
|
|
"type": "string"
|
|
},
|
|
"selectorMatchOperator": {
|
|
"description": "Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Equals",
|
|
"Contains",
|
|
"StartsWith",
|
|
"EndsWith",
|
|
"EqualsAny"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"matchVariable",
|
|
"selectorMatchOperator",
|
|
"selector"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"ManagedRuleGroupOverride": {
|
|
"description": "Defines a managed rule group override setting.",
|
|
"properties": {
|
|
"exclusions": {
|
|
"description": "Describes the exclusions that are applied to all rules in the group.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/ManagedRuleExclusion"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"ruleGroupName": {
|
|
"description": "Describes the managed rule group to override.",
|
|
"type": "string"
|
|
},
|
|
"rules": {
|
|
"description": "List of rules that will be disabled. If none specified, all rules in the group will be disabled.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/ManagedRuleOverride"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"ruleGroupName"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"ManagedRuleOverride": {
|
|
"description": "Defines a managed rule group override setting.",
|
|
"properties": {
|
|
"action": {
|
|
"description": "Describes the override action to be applied when rule matches.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Allow",
|
|
"Block",
|
|
"Log",
|
|
"Redirect"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"enabledState": {
|
|
"description": "Describes if the managed rule is in enabled or disabled state. Defaults to Disabled if not specified.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Disabled",
|
|
"Enabled"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"exclusions": {
|
|
"description": "Describes the exclusions that are applied to this specific rule.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/ManagedRuleExclusion"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"ruleId": {
|
|
"description": "Identifier for the managed rule.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"ruleId"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"ManagedRuleSet": {
|
|
"description": "Defines a managed rule set.",
|
|
"properties": {
|
|
"exclusions": {
|
|
"description": "Describes the exclusions that are applied to all rules in the set.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/ManagedRuleExclusion"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"ruleGroupOverrides": {
|
|
"description": "Defines the rule group overrides to apply to the rule set.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/ManagedRuleGroupOverride"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"ruleSetType": {
|
|
"description": "Defines the rule set type to use.",
|
|
"type": "string"
|
|
},
|
|
"ruleSetVersion": {
|
|
"description": "Defines the version of the rule set to use.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"ruleSetType",
|
|
"ruleSetVersion"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"ManagedRuleSetList": {
|
|
"description": "Defines the list of managed rule sets for the policy.",
|
|
"properties": {
|
|
"managedRuleSets": {
|
|
"description": "List of rule sets.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"$ref": "#/definitions/ManagedRuleSet"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"MatchCondition": {
|
|
"description": "Define a match condition.",
|
|
"properties": {
|
|
"matchValue": {
|
|
"description": "List of possible match values.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"matchVariable": {
|
|
"description": "Request variable to compare with.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"RemoteAddr",
|
|
"RequestMethod",
|
|
"QueryString",
|
|
"PostArgs",
|
|
"RequestUri",
|
|
"RequestHeader",
|
|
"RequestBody",
|
|
"Cookies",
|
|
"SocketAddr"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"negateCondition": {
|
|
"description": "Describes if the result of this condition should be negated.",
|
|
"oneOf": [
|
|
{
|
|
"type": "boolean"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"operator": {
|
|
"description": "Comparison type to use for matching with the variable value.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Any",
|
|
"IPMatch",
|
|
"GeoMatch",
|
|
"Equal",
|
|
"Contains",
|
|
"LessThan",
|
|
"GreaterThan",
|
|
"LessThanOrEqual",
|
|
"GreaterThanOrEqual",
|
|
"BeginsWith",
|
|
"EndsWith",
|
|
"RegEx"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"selector": {
|
|
"description": "Match against a specific key from the QueryString, PostArgs, RequestHeader or Cookies variables. Default is null.",
|
|
"type": "string"
|
|
},
|
|
"transforms": {
|
|
"description": "List of transforms.",
|
|
"oneOf": [
|
|
{
|
|
"items": {
|
|
"enum": [
|
|
"Lowercase",
|
|
"Uppercase",
|
|
"Trim",
|
|
"UrlDecode",
|
|
"UrlEncode",
|
|
"RemoveNulls"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"type": "array"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"matchVariable",
|
|
"operator",
|
|
"matchValue"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"PolicySettings": {
|
|
"description": "Defines top-level WebApplicationFirewallPolicy configuration settings.",
|
|
"properties": {
|
|
"customBlockResponseBody": {
|
|
"description": "If the action type is block, customer can override the response body. The body must be specified in base64 encoding.",
|
|
"oneOf": [
|
|
{
|
|
"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$",
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"customBlockResponseStatusCode": {
|
|
"description": "If the action type is block, customer can override the response status code.",
|
|
"oneOf": [
|
|
{
|
|
"type": "integer"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"enabledState": {
|
|
"description": "Describes if the policy is in enabled or disabled state. Defaults to Enabled if not specified.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Disabled",
|
|
"Enabled"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"mode": {
|
|
"description": "Describes if it is in detection mode or prevention mode at policy level.",
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"Prevention",
|
|
"Detection"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"redirectUrl": {
|
|
"description": "If action type is redirect, this field represents redirect URL for the client.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"WebApplicationFirewallPolicyProperties": {
|
|
"description": "Defines web application firewall policy properties.",
|
|
"properties": {
|
|
"customRules": {
|
|
"description": "Describes custom rules inside the policy.",
|
|
"oneOf": [
|
|
{
|
|
"$ref": "#/definitions/CustomRuleList"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"managedRules": {
|
|
"description": "Describes managed rules inside the policy.",
|
|
"oneOf": [
|
|
{
|
|
"$ref": "#/definitions/ManagedRuleSetList"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
},
|
|
"policySettings": {
|
|
"description": "Describes settings for the policy.",
|
|
"oneOf": [
|
|
{
|
|
"$ref": "#/definitions/PolicySettings"
|
|
},
|
|
{
|
|
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
}
|
|
}
|
|
} |