Ddos Custom Policies - Create Or Update

Service:: Virtual Networks

API Version:: 2025-03-01

Creates or updates a DDoS custom policy.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ddosCustomPolicies/{ddosCustomPolicyName}?api-version=2025-03-01

URI Parameters

Name	In	Required	Type	Description
ddosCustomPolicyName	path	True	string	The name of the DDoS custom policy.
resourceGroupName	path	True	string	The name of the resource group.
subscriptionId	path	True	string	The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version	query	True	string	Client API version.

Request Body

Name	Type	Description
id	string	Resource ID.
location	string	Resource location.
properties.detectionRules	DdosDetectionRule[]	The list of DDoS detection rules associated with the custom policy.
properties.frontEndIpConfiguration	SubResource[]	The list of frontend IP configurations associated with the custom policy.
tags	object	Resource tags.

Responses

Name	Type	Description
200 OK	DdosCustomPolicy	Update successful. The operation returns the resulting DDoS custom policy resource.
201 Created	DdosCustomPolicy	Create successful. The operation returns the resulting DDoS custom policy resource.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create DDoS custom policy

Sample request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ddosCustomPolicies/test-ddos-custom-policy?api-version=2025-03-01

{
  "location": "centraluseuap",
  "properties": {
    "detectionRules": [
      {
        "name": "detectionRuleTcp",
        "properties": {
          "detectionMode": "TrafficThreshold",
          "trafficDetectionRule": {
            "trafficType": "Tcp",
            "packetsPerSecond": 1000000
          }
        }
      }
    ]
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python ddos_custom_policy_create.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.ddos_custom_policies.begin_create_or_update(
        resource_group_name="rg1",
        ddos_custom_policy_name="test-ddos-custom-policy",
        parameters={
            "location": "centraluseuap",
            "properties": {
                "detectionRules": [
                    {
                        "name": "detectionRuleTcp",
                        "properties": {
                            "detectionMode": "TrafficThreshold",
                            "trafficDetectionRule": {"packetsPerSecond": 1000000, "trafficType": "Tcp"},
                        },
                    }
                ]
            },
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/DdosCustomPolicyCreate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Creates or updates a DDoS custom policy.
 *
 * @summary Creates or updates a DDoS custom policy.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/DdosCustomPolicyCreate.json
 */
async function createDDoSCustomPolicy() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const ddosCustomPolicyName = "test-ddos-custom-policy";
  const parameters = {
    detectionRules: [
      {
        name: "detectionRuleTcp",
        detectionMode: "TrafficThreshold",
        trafficDetectionRule: { packetsPerSecond: 1000000, trafficType: "Tcp" },
      },
    ],
    location: "centraluseuap",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.ddosCustomPolicies.beginCreateOrUpdateAndWait(
    resourceGroupName,
    ddosCustomPolicyName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/DdosCustomPolicyCreate.json
// this example is just showing the usage of "DdosCustomPolicies_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this DdosCustomPolicyResource
DdosCustomPolicyCollection collection = resourceGroupResource.GetDdosCustomPolicies();

// invoke the operation
string ddosCustomPolicyName = "test-ddos-custom-policy";
DdosCustomPolicyData data = new DdosCustomPolicyData
{
    DetectionRules = {new DdosDetectionRule
    {
    DetectionMode = DdosDetectionMode.TrafficThreshold,
    TrafficDetectionRule = new TrafficDetectionRule
    {
    TrafficType = DdosTrafficType.Tcp,
    PacketsPerSecond = 1000000,
    },
    Name = "detectionRuleTcp",
    }},
    Location = new AzureLocation("centraluseuap"),
};
ArmOperation<DdosCustomPolicyResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, ddosCustomPolicyName, data);
DdosCustomPolicyResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DdosCustomPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "name": "test-ddos-custom-policy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ddosCustomPolicies/test-ddos-custom-policy",
  "type": "Microsoft.Network/ddosCustomPolicies",
  "location": "centraluseuap",
  "properties": {
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000",
    "detectionRules": [
      {
        "name": "detectionRuleTcp",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ddosCustomPolicies/test-ddos-custom-policy/ddosDetectionRules/detectionRuleTcp",
        "etag": "W/\"00000000-0000-0000-0000-00000000\"",
        "type": "Microsoft.Network/ddosCustomPolicies/ddosDetectionRules",
        "properties": {
          "provisioningState": "Succeeded",
          "detectionMode": "TrafficThreshold",
          "trafficDetectionRule": {
            "trafficType": "Tcp",
            "packetsPerSecond": 1000000
          }
        }
      }
    ]
  }
}

Status code:: 201

{
  "name": "test-ddos-custom-policy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ddosCustomPolicies/test-ddos-custom-policy",
  "type": "Microsoft.Network/ddosCustomPolicies",
  "location": "centraluseuap",
  "properties": {
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000",
    "detectionRules": [
      {
        "name": "detectionRuleTcp",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/ddosCustomPolicies/test-ddos-custom-policy/ddosDetectionRules/detectionRuleTcp",
        "etag": "W/\"00000000-0000-0000-0000-00000000\"",
        "type": "Microsoft.Network/ddosCustomPolicies/ddosDetectionRules",
        "properties": {
          "provisioningState": "Succeeded",
          "detectionMode": "TrafficThreshold",
          "trafficDetectionRule": {
            "trafficType": "Tcp",
            "packetsPerSecond": 1000000
          }
        }
      }
    ]
  }
}

Definitions

Name	Description
CloudError	An error response from the service.
CloudErrorBody	An error response from the service.
DdosCustomPolicy	A DDoS custom policy in a resource group.
DdosDetectionMode	The detection mode for the DDoS detection rule.
DdosDetectionRule	A DDoS detection rule resource.
DdosTrafficType	The traffic type (one of Tcp, Udp, TcpSyn) that the detection rule will be applied upon.
ProvisioningState	The current provisioning state.
SubResource	Reference to another subresource.
TrafficDetectionRule	Ddos Custom Policy traffic detection rule.

CloudError

Object

An error response from the service.

Name	Type	Description
error	CloudErrorBody	Cloud error body.

CloudErrorBody

Object

An error response from the service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

DdosCustomPolicy

Object

A DDoS custom policy in a resource group.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
location	string	Resource location.
name	string	Resource name.
properties.detectionRules	DdosDetectionRule[]	The list of DDoS detection rules associated with the custom policy.
properties.frontEndIpConfiguration	SubResource[]	The list of frontend IP configurations associated with the custom policy.
properties.provisioningState	ProvisioningState	The provisioning state of the DDoS custom policy resource.
properties.resourceGuid	string	The resource GUID property of the DDoS custom policy resource. It uniquely identifies the resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
tags	object	Resource tags.
type	string	Resource type.

DdosDetectionMode

Enumeration

The detection mode for the DDoS detection rule.

Value	Description
TrafficThreshold

DdosDetectionRule

Object

A DDoS detection rule resource.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	The resource ID of the DDoS detection rule.
name	string	The name of the DDoS detection rule.
properties.detectionMode	DdosDetectionMode	The detection mode for the DDoS detection rule.
properties.provisioningState	ProvisioningState	The provisioning state of the DDoS detection rule.
properties.trafficDetectionRule	TrafficDetectionRule	The traffic detection rule details.
type	string	The resource type.

DdosTrafficType

Enumeration

The traffic type (one of Tcp, Udp, TcpSyn) that the detection rule will be applied upon.

Value	Description
Tcp
Udp
TcpSyn

ProvisioningState

Enumeration

The current provisioning state.

Value	Description
Succeeded
Updating
Deleting
Failed

SubResource

Object

Reference to another subresource.

Name	Type	Description
id	string	Resource ID.

TrafficDetectionRule

Object

Ddos Custom Policy traffic detection rule.

Name	Type	Description
packetsPerSecond	integer (int32)	The customized packets per second threshold.
trafficType	DdosTrafficType	The traffic type (one of Tcp, Udp, TcpSyn) that the detection rule will be applied upon.

Share via

Ddos Custom Policies - Create Or Update

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

Create DDoS custom policy

Sample request

Sample response

Definitions

CloudError

CloudErrorBody

DdosCustomPolicy

DdosDetectionMode

DdosDetectionRule

DdosTrafficType

ProvisioningState

SubResource

TrafficDetectionRule