Update-AzFrontDoorWafPolicy
Update policy with specified rule set name within a resource group.
Syntax
UpdateExpanded (Default)
Update-AzFrontDoorWafPolicy
-Name <String>
-ResourceGroupName <String>
[-SubscriptionId <String>]
[-Customrule <ICustomRule[]>]
[-Etag <String>]
[-ManagedRuleSet <IManagedRuleSet[]>]
[-CustomBlockResponseBody <String>]
[-CustomBlockResponseStatusCode <Int32>]
[-EnabledState <String>]
[-LogScrubbingSetting <IPolicySettingsLogScrubbing>]
[-Mode <String>]
[-RedirectUrl <String>]
[-RequestBodyCheck <String>]
[-JavascriptChallengeExpirationInMinutes <Int32>]
[-CaptchaExpirationInMinutes <Int32>]
[-SkuName <String>]
[-Tag <Hashtable>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ByFieldsParameterSet
Update-AzFrontDoorWafPolicy
[-Name <String>]
[-ResourceGroupName <String>]
[-SubscriptionId <String>]
[-Customrule <ICustomRule[]>]
[-Etag <String>]
[-ManagedRuleSet <IManagedRuleSet[]>]
[-CustomBlockResponseBody <String>]
[-CustomBlockResponseStatusCode <Int32>]
[-EnabledState <String>]
[-LogScrubbingSetting <IPolicySettingsLogScrubbing>]
[-Mode <String>]
[-RedirectUrl <String>]
[-RequestBodyCheck <String>]
[-JavascriptChallengeExpirationInMinutes <Int32>]
[-CaptchaExpirationInMinutes <Int32>]
[-SkuName <String>]
[-Tag <Hashtable>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityExpanded
Update-AzFrontDoorWafPolicy
-InputObject <IFrontDoorIdentity>
[-Customrule <ICustomRule[]>]
[-Etag <String>]
[-ManagedRuleSet <IManagedRuleSet[]>]
[-CustomBlockResponseBody <String>]
[-CustomBlockResponseStatusCode <Int32>]
[-EnabledState <String>]
[-LogScrubbingSetting <IPolicySettingsLogScrubbing>]
[-Mode <String>]
[-RedirectUrl <String>]
[-RequestBodyCheck <String>]
[-JavascriptChallengeExpirationInMinutes <Int32>]
[-CaptchaExpirationInMinutes <Int32>]
[-SkuName <String>]
[-Tag <Hashtable>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update policy with specified rule set name within a resource group.
Examples
Example 1: Updates an existing WAF policy custom status code.
Update-AzFrontDoorWafPolicy -Name $policyName -ResourceGroupName $resourceGroupName -CustomBlockResponseStatusCode 403
Customrule : {customrule0, customrule01}
Etag :
FrontendEndpointLink : {}
Id : /subscriptions/{subid}/resourcegroups/{rg}/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/{policyName}
Location : Global
ManagedRuleSet : {{
"ruleSetType": "Microsoft_DefaultRuleSet",
"ruleSetVersion": "2.0",
"ruleSetAction": "Block",
"exclusions": [ ],
"ruleGroupOverrides": [ ]
}}
Name : {policyName}
PolicySetting : {
"enabledState": "Enabled",
"mode": "Detection",
"customBlockResponseStatusCode": 403,
"requestBodyCheck": "Enabled"
}
ProvisioningState : Succeeded
ResourceGroupName : {rg}
ResourceState : Enabled
RoutingRuleLink :
SecurityPolicyLink : {{
"id": "/subscriptions/{subid}/resourcegroups/{rg}/providers/Microsoft.Cdn/profiles/hdis-fe/securitypolicies/premium"
}}
SkuName : Premium_AzureFrontDoor
Tag : {
}
Type : Microsoft.Network/frontdoorwebapplicationfirewallpolicies
Update an existing WAF policy custom status code.
Example 2: Update an existing WAF policy mode.
Update-AzFrontDoorWafPolicy -Name $policyName -ResourceGroupName $resourceGroupName -Mode Detection
Customrule : {customrule0, customrule01}
Etag :
FrontendEndpointLink : {}
Id : /subscriptions/{subid}/resourcegroups/{rg}/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/{policyName}
Location : Global
ManagedRuleSet : {{
"ruleSetType": "Microsoft_DefaultRuleSet",
"ruleSetVersion": "2.0",
"ruleSetAction": "Block",
"exclusions": [ ],
"ruleGroupOverrides": [ ]
}}
Name : {policyName}
PolicySetting : {
"enabledState": "Enabled",
"mode": "Detection",
"customBlockResponseStatusCode": 403,
"requestBodyCheck": "Enabled"
}
ProvisioningState : Succeeded
ResourceGroupName : {rg}
ResourceState : Enabled
RoutingRuleLink :
SecurityPolicyLink : {{
"id": "/subscriptions/{subid}/resourcegroups/{rg}/providers/Microsoft.Cdn/profiles/hdis-fe/securitypolicies/premium"
}}
SkuName : Premium_AzureFrontDoor
Tag : {
}
Type : Microsoft.Network/frontdoorwebapplicationfirewallpolicies
Update an existing WAF policy mode.
Example 3: Update an existing WAF policy enabled state and mode.
Update-AzFrontDoorWafPolicy -Name $policyName -ResourceGroupName $resourceGroupName -Mode Detection -EnabledState Disabled
Customrule : {customrule0, customrule01}
Etag :
FrontendEndpointLink : {}
Id : /subscriptions/{subid}/resourcegroups/{rg}/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/{policyName}
Location : Global
ManagedRuleSet : {{
"ruleSetType": "Microsoft_DefaultRuleSet",
"ruleSetVersion": "2.0",
"ruleSetAction": "Block",
"exclusions": [ ],
"ruleGroupOverrides": [ ]
}}
Name : {policyName}
PolicySetting : {
"enabledState": "Enabled",
"mode": "Detection",
"customBlockResponseStatusCode": 403,
"requestBodyCheck": "Enabled"
}
ProvisioningState : Succeeded
ResourceGroupName : {rg}
ResourceState : Disabled
RoutingRuleLink :
SecurityPolicyLink : {{
"id": "/subscriptions/{subid}/resourcegroups/{rg}/providers/Microsoft.Cdn/profiles/hdis-fe/securitypolicies/premium"
}}
SkuName : Premium_AzureFrontDoor
Tag : {
}
Type : Microsoft.Network/frontdoorwebapplicationfirewallpolicies
Update an existing WAF policy enabled state and mode.
Example 4: Update all WAF policies in $resourceGroupName
Get-AzFrontDoorWafPolicy -ResourceGroupName $resourceGroupName | Update-AzFrontDoorWafPolicy -Mode Detection -EnabledState Disabled
Update all WAF policies in $resourceGroupName
Parameters
-AsJob
Run the command as a job
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CaptchaExpirationInMinutes
Defines the Captcha cookie validity lifetime in minutes.
This setting is only applicable to Premium_AzureFrontDoor.
Value must be an integer between 5 and 1440 with the default value being 30.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CustomBlockResponseBody
If the action type is block, customer can override the response body.
The body must be specified in base64 encoding.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CustomBlockResponseStatusCode
If the action type is block, customer can override the response status code.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Customrule
List of rules
Parameter properties
Type: ICustomRule [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnabledState
Describes if the policy is in enabled or disabled state.
Defaults to Enabled if not specified.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Etag
Gets a unique read-only string that changes whenever the resource is updated.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Identity Parameter
UpdateViaIdentityExpanded
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-JavascriptChallengeExpirationInMinutes
Defines the JavaScript challenge cookie validity lifetime in minutes.
This setting is only applicable to Premium_AzureFrontDoor.
Value must be an integer between 5 and 1440 with the default value being 30.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-LogScrubbingSetting
Defines rules that scrub sensitive fields in the Web Application Firewall logs.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ManagedRuleSet
List of rule sets.
Parameter properties
Type: IManagedRuleSet [ ]
Default value: None Supports wildcards: False DontShow: False Aliases: ManagedRule
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Mode
Describes if it is in detection mode or prevention mode at policy level.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
The name of the Web Application Firewall Policy.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: PolicyName
Parameter sets
UpdateExpanded
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NoWait
Run the command asynchronously
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RedirectUrl
If action type is redirect, this field represents redirect URL for the client.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RequestBodyCheck
Describes if policy managed rules will inspect the request body content.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
Name of the Resource group within the Azure subscription.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SkuName
Name of the pricing tier.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
The subscription credentials which uniquely identify the Microsoft Azure subscription.
The subscription ID forms part of the URI for every service call.
Parameter properties
Type: String
Default value: (Get-AzContext).Subscription.Id Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByFieldsParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Tag
Resource tags.
Parameter properties
Type: Hashtable
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
