diff --git a/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.cs b/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.cs
index f1047d249983..6e91238e7e41 100644
--- a/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.cs
+++ b/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.cs
@@ -41,5 +41,12 @@ public void TestPolicyCrudWithPiping()
{
TestController.NewInstance.RunPowerShellTest(_logger, "Test-PolicyCrudWithPiping");
}
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.CheckIn)]
+ public void TestManagedRuleSetDefinitions()
+ {
+ TestController.NewInstance.RunPowerShellTest(_logger, "Test-ManagedRuleSetDefinition");
+ }
}
}
diff --git a/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.ps1 b/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.ps1
index ef39c36a1f3f..ffca7a6aaf4d 100644
--- a/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.ps1
+++ b/src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.ps1
@@ -114,4 +114,29 @@ function Test-PolicyCrudWithPiping
$removed = Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName | Remove-AzFrontDoorWafPolicy -PassThru
Assert-True { $removed }
Assert-ThrowsContains { Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName } "does not exist."
-}
\ No newline at end of file
+}
+
+<#
+.SYNOPSIS
+WAF managed rule set definitions retrieval
+#>
+function Test-ManagedRuleSetDefinition
+{
+ $definitions = Get-AzFrontDoorWafManagedRuleSetDefinition
+ Assert-AreEqual $definitions.Count 4
+ Assert-AreEqual $definitions[0].RuleSetType "DefaultRuleSet"
+ Assert-AreEqual $definitions[0].RuleSetVersion "1.0"
+ Assert-AreEqual $definitions[0].RuleGroups.Count 9
+
+ Assert-AreEqual $definitions[1].RuleSetType "Microsoft_BotManagerRuleSet"
+ Assert-AreEqual $definitions[1].RuleSetVersion "1.0"
+ Assert-AreEqual $definitions[1].RuleGroups.Count 3
+
+ Assert-AreEqual $definitions[2].RuleSetType "DefaultRuleSet"
+ Assert-AreEqual $definitions[2].RuleSetVersion "preview-0.1"
+ Assert-AreEqual $definitions[2].RuleGroups.Count 8
+
+ Assert-AreEqual $definitions[3].RuleSetType "BotProtection"
+ Assert-AreEqual $definitions[3].RuleSetVersion "preview-0.1"
+ Assert-AreEqual $definitions[3].RuleGroups.Count 1
+}
diff --git a/src/FrontDoor/FrontDoor.Test/SessionRecords/Microsoft.Azure.Commands.FrontDoor.Test.ScenarioTests.ScenarioTest.WebApplicationFireWallPolicyTests/TestManagedRuleSetDefinitions.json b/src/FrontDoor/FrontDoor.Test/SessionRecords/Microsoft.Azure.Commands.FrontDoor.Test.ScenarioTests.ScenarioTest.WebApplicationFireWallPolicyTests/TestManagedRuleSetDefinitions.json
new file mode 100644
index 000000000000..0b161c67bdb1
--- /dev/null
+++ b/src/FrontDoor/FrontDoor.Test/SessionRecords/Microsoft.Azure.Commands.FrontDoor.Test.ScenarioTests.ScenarioTest.WebApplicationFireWallPolicyTests/TestManagedRuleSetDefinitions.json
@@ -0,0 +1,83 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/47f4bc68-6fe4-43a2-be8b-dfd0e290efa2/providers/Microsoft.Network/FrontDoorWebApplicationFirewallManagedRuleSets?api-version=2019-10-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDdmNGJjNjgtNmZlNC00M2EyLWJlOGItZGZkMGUyOTBlZmEyL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9Gcm9udERvb3JXZWJBcHBsaWNhdGlvbkZpcmV3YWxsTWFuYWdlZFJ1bGVTZXRzP2FwaS12ZXJzaW9uPTIwMTktMTAtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "489776b6-662b-4209-b400-114d07087965"
+ ],
+ "Accept-Language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.28207.03",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.14393.",
+ "Microsoft.Azure.Management.FrontDoor.FrontDoorManagementClient/2.0.0.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "2bbe63b0-0310-4284-9d2e-fd8f462c93ad"
+ ],
+ "x-ms-client-request-id": [
+ "489776b6-662b-4209-b400-114d07087965"
+ ],
+ "OData-Version": [
+ "4.0"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "Server": [
+ "Microsoft-IIS/8.5"
+ ],
+ "X-AspNet-Version": [
+ "4.0.30319"
+ ],
+ "X-Powered-By": [
+ "ASP.NET"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "a81b8106-0e5a-43b1-9f51-61d69d7d426b"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200206T021627Z:a81b8106-0e5a-43b1-9f51-61d69d7d426b"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 06 Feb 2020 02:16:27 GMT"
+ ],
+ "Content-Length": [
+ "43395"
+ ],
+ "Content-Type": [
+ "application/json; odata.metadata=minimal; odata.streaming=true"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"name\": \"DefaultRuleSet_1.0\",\r\n \"id\": \"/subscriptions/47f4bc68-6fe4-43a2-be8b-dfd0e290efa2/providers/Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets/DefaultRuleSet_1.0\",\r\n \"type\": \"Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"ruleSetId\": \"8125d145-ddc5-4d90-9bc3-24c5f2de69a2\",\r\n \"ruleSetType\": \"DefaultRuleSet\",\r\n \"ruleSetVersion\": \"1.0\",\r\n \"ruleGroups\": [\r\n {\r\n \"ruleGroupName\": \"PROTOCOL-ATTACK\",\r\n \"description\": \"Protocol attack\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"921110\",\r\n \"description\": \"HTTP Request Smuggling Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"921120\",\r\n \"description\": \"HTTP Response Splitting Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"921130\",\r\n \"description\": \"HTTP Response Splitting Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"921140\",\r\n \"description\": \"HTTP Header Injection Attack via headers\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"921150\",\r\n \"description\": \"HTTP Header Injection Attack via payload (CR/LF detected)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"921160\",\r\n \"description\": \"HTTP Header Injection Attack via payload (CR/LF and header-name detected)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"921151\",\r\n \"description\": \"HTTP Header Injection Attack via payload (CR/LF detected)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"LFI\",\r\n \"description\": \"Local file inclusion\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"930100\",\r\n \"description\": \"Path Traversal Attack (/../)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"930110\",\r\n \"description\": \"Path Traversal Attack (/../)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"930120\",\r\n \"description\": \"OS File Access Attempt\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"930130\",\r\n \"description\": \"Restricted File Access Attempt\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"RFI\",\r\n \"description\": \"Remote file inclusion\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"931100\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"931110\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"931120\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"931130\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"RCE\",\r\n \"description\": \"Remote Command Execution attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"932100\",\r\n \"description\": \"Remote Command Execution: Unix Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932105\",\r\n \"description\": \"Remote Command Execution: Unix Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932110\",\r\n \"description\": \"Remote Command Execution: Windows Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932115\",\r\n \"description\": \"Remote Command Execution: Windows Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932120\",\r\n \"description\": \"Remote Command Execution: Windows PowerShell Command Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932130\",\r\n \"description\": \"Remote Command Execution: Unix Shell Expression Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932140\",\r\n \"description\": \"Remote Command Execution: Windows FOR/IF Command Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932150\",\r\n \"description\": \"Remote Command Execution: Direct Unix Command Execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932160\",\r\n \"description\": \"Remote Command Execution: Unix Shell Code Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932170\",\r\n \"description\": \"Remote Command Execution: Shellshock (CVE-2014-6271)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932171\",\r\n \"description\": \"Remote Command Execution: Shellshock (CVE-2014-6271)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932180\",\r\n \"description\": \"Restricted File Upload Attempt\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"PHP\",\r\n \"description\": \"PHP attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"933100\",\r\n \"description\": \"PHP Injection Attack: PHP Open Tag Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933110\",\r\n \"description\": \"PHP Injection Attack: PHP Script File Upload Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933120\",\r\n \"description\": \"PHP Injection Attack: Configuration Directive Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933130\",\r\n \"description\": \"PHP Injection Attack: Variables Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933140\",\r\n \"description\": \"PHP Injection Attack: I/O Stream Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933150\",\r\n \"description\": \"PHP Injection Attack: High-Risk PHP Function Name Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933151\",\r\n \"description\": \"PHP Injection Attack: Medium-Risk PHP Function Name Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933160\",\r\n \"description\": \"PHP Injection Attack: High-Risk PHP Function Call Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933170\",\r\n \"description\": \"PHP Injection Attack: Serialized Object Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933180\",\r\n \"description\": \"PHP Injection Attack: Variable Function Call Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"XSS\",\r\n \"description\": \"Cross-site scripting\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"941100\",\r\n \"description\": \"XSS Attack Detected via libinjection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941101\",\r\n \"description\": \"XSS Attack Detected via libinjection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941110\",\r\n \"description\": \"XSS Filter - Category 1: Script Tag Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941120\",\r\n \"description\": \"XSS Filter - Category 2: Event Handler Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941130\",\r\n \"description\": \"XSS Filter - Category 3: Attribute Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941140\",\r\n \"description\": \"XSS Filter - Category 4: Javascript URI Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941150\",\r\n \"description\": \"XSS Filter - Category 5: Disallowed HTML Attributes\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941160\",\r\n \"description\": \"NoScript XSS InjectionChecker: HTML Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941170\",\r\n \"description\": \"NoScript XSS InjectionChecker: Attribute Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941180\",\r\n \"description\": \"Node-Validator Blacklist Keywords\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941190\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941200\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941210\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941220\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941230\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941240\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941250\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941260\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941270\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941280\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941290\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941300\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941310\",\r\n \"description\": \"US-ASCII Malformed Encoding XSS Filter - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941320\",\r\n \"description\": \"Possible XSS Attack Detected - HTML Tag Handler\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941330\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941340\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941350\",\r\n \"description\": \"UTF-7 Encoding IE XSS - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"SQLI\",\r\n \"description\": \"SQL injection\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"942100\",\r\n \"description\": \"SQL Injection Attack Detected via libinjection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942110\",\r\n \"description\": \"SQL Injection Attack: Common Injection Testing Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942120\",\r\n \"description\": \"SQL Injection Attack: SQL Operator Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942140\",\r\n \"description\": \"SQL Injection Attack: Common DB Names Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942150\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942160\",\r\n \"description\": \"Detects blind sqli tests using sleep() or benchmark().\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942170\",\r\n \"description\": \"Detects SQL benchmark and sleep injection attempts including conditional queries\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942180\",\r\n \"description\": \"Detects basic SQL authentication bypass attempts 1/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942190\",\r\n \"description\": \"Detects MSSQL code execution and information gathering attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942200\",\r\n \"description\": \"Detects MySQL comment-/space-obfuscated injections and backtick termination\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942210\",\r\n \"description\": \"Detects chained SQL injection attempts 1/2\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942220\",\r\n \"description\": \"Looking for integer overflow attacks, these are taken from skipfish, except 3.0.00738585072007e-308 is the \\\"magic number\\\" crash\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942230\",\r\n \"description\": \"Detects conditional SQL injection attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942240\",\r\n \"description\": \"Detects MySQL charset switch and MSSQL DoS attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942250\",\r\n \"description\": \"Detects MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942260\",\r\n \"description\": \"Detects basic SQL authentication bypass attempts 2/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942270\",\r\n \"description\": \"Looking for basic sql injection. Common attack string for mysql, oracle and others.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942280\",\r\n \"description\": \"Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942290\",\r\n \"description\": \"Finds basic MongoDB SQL injection attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942300\",\r\n \"description\": \"Detects MySQL comments, conditions and ch(a)r injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942310\",\r\n \"description\": \"Detects chained SQL injection attempts 2/2\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942320\",\r\n \"description\": \"Detects MySQL and PostgreSQL stored procedure/function injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942330\",\r\n \"description\": \"Detects classic SQL injection probings 1/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942340\",\r\n \"description\": \"Detects basic SQL authentication bypass attempts 3/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942350\",\r\n \"description\": \"Detects MySQL UDF injection and other data/structure manipulation attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942360\",\r\n \"description\": \"Detects concatenated basic SQL injection and SQLLFI attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942361\",\r\n \"description\": \"Detects basic SQL injection based on keyword alter or union\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942370\",\r\n \"description\": \"Detects classic SQL injection probings 2/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942380\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942390\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942400\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942410\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942430\",\r\n \"description\": \"Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942440\",\r\n \"description\": \"SQL Comment Sequence Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942450\",\r\n \"description\": \"SQL Hex Encoding Identified\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942470\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942480\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"FIX\",\r\n \"description\": \"Session Fixation attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"943100\",\r\n \"description\": \"Possible Session Fixation Attack: Setting Cookie Values in HTML\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"943110\",\r\n \"description\": \"Possible Session Fixation Attack: SessionID Parameter Name with Off-Domain Referer\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"943120\",\r\n \"description\": \"Possible Session Fixation Attack: SessionID Parameter Name with No Referer\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"JAVA\",\r\n \"description\": \"Java attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"944100\",\r\n \"description\": \"Remote Command Execution: Suspicious Java class detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944110\",\r\n \"description\": \"Remote Command Execution: Java process spawn (CVE-2017-9805)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944120\",\r\n \"description\": \"Remote Command Execution: Java serialization (CVE-2015-5842)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944130\",\r\n \"description\": \"Suspicious Java class detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944200\",\r\n \"description\": \"Magic bytes Detected, probable java serialization in use\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944210\",\r\n \"description\": \"Magic bytes Detected Base64 Encoded, probable java serialization in use\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944240\",\r\n \"description\": \"Remote Command Execution: Java serialization (CVE-2015-5842)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944250\",\r\n \"description\": \"Remote Command Execution: Suspicious Java method detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"name\": \"Microsoft_BotManagerRuleSet_1.0\",\r\n \"id\": \"/subscriptions/47f4bc68-6fe4-43a2-be8b-dfd0e290efa2/providers/Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets/Microsoft_BotManagerRuleSet_1.0\",\r\n \"type\": \"Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"ruleSetId\": \"e44514af-018d-49e9-8070-c9edac0f3a0d\",\r\n \"ruleSetType\": \"Microsoft_BotManagerRuleSet\",\r\n \"ruleSetVersion\": \"1.0\",\r\n \"ruleGroups\": [\r\n {\r\n \"ruleGroupName\": \"BadBots\",\r\n \"description\": \"Bad bots\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"Bot100100\",\r\n \"description\": \"Malicious bots detected by threat intelligence\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot100200\",\r\n \"description\": \"Malicious bots that have falsified their identity\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"GoodBots\",\r\n \"description\": \"Good bots\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"Bot200100\",\r\n \"description\": \"Search engine crawlers\",\r\n \"defaultAction\": \"Allow\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot200200\",\r\n \"description\": \"Unverified search engine crawlers\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"UnknownBots\",\r\n \"description\": \"Unknown bots\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"Bot300100\",\r\n \"description\": \"Unspecified identity\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot300200\",\r\n \"description\": \"Tools and frameworks for web crawling and attacks\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot300300\",\r\n \"description\": \"General purpose HTTP clients and SDKs\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot300400\",\r\n \"description\": \"Service agents\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot300500\",\r\n \"description\": \"Site health monitoring services\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot300600\",\r\n \"description\": \"Unknown bots detected by threat intelligence\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"Bot300700\",\r\n \"description\": \"Other bots\",\r\n \"defaultAction\": \"Log\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"name\": \"DefaultRuleSet_preview-0.1\",\r\n \"id\": \"/subscriptions/47f4bc68-6fe4-43a2-be8b-dfd0e290efa2/providers/Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets/DefaultRuleSet_preview-0.1\",\r\n \"type\": \"Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"ruleSetId\": \"8125d145-ddc5-4d90-9bc3-24c5f2de69a2\",\r\n \"ruleSetType\": \"DefaultRuleSet\",\r\n \"ruleSetVersion\": \"preview-0.1\",\r\n \"ruleGroups\": [\r\n {\r\n \"ruleGroupName\": \"LFI\",\r\n \"description\": \"Local file inclusion\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"930100\",\r\n \"description\": \"Path Traversal Attack (/../) using Encoded Payloads\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"930110\",\r\n \"description\": \"Path Traversal Attack (/../) using Decoded Payloads\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"930130\",\r\n \"description\": \"Restricted File Access Attempt\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"RFI\",\r\n \"description\": \"Remote file inclusion\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"931100\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"931110\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"931120\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"931130\",\r\n \"description\": \"Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"RCE\",\r\n \"description\": \"Remote Command Execution attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"932100\",\r\n \"description\": \"Remote Command Execution: Unix Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932105\",\r\n \"description\": \"Remote Command Execution: Unix Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932106\",\r\n \"description\": \"Remote Command Execution: Unix Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932110\",\r\n \"description\": \"Remote Command Execution: Windows Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932115\",\r\n \"description\": \"Remote Command Execution: Windows Command Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932130\",\r\n \"description\": \"Remote Command Execution: Unix Shell Expression Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932140\",\r\n \"description\": \"Remote Command Execution: Windows FOR/IF Command Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932150\",\r\n \"description\": \"Remote Command Execution: Direct Unix Command Execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932170\",\r\n \"description\": \"Remote Command Execution: Shellshock (CVE-2014-6271)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932171\",\r\n \"description\": \"Remote Command Execution: Shellshock (CVE-2014-6271)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"932190\",\r\n \"description\": \"Remote Command Execution: Wildcard\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"PHP\",\r\n \"description\": \"PHP attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"933100\",\r\n \"description\": \"PHP Injection Attack: Opening/Closing Tag Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933110\",\r\n \"description\": \"PHP Injection Attack: PHP Script File Upload Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933111\",\r\n \"description\": \"PHP Injection Attack: PHP Script File Upload Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933131\",\r\n \"description\": \"PHP Injection Attack: Variables Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933140\",\r\n \"description\": \"PHP Injection Attack: I/O Stream Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933160\",\r\n \"description\": \"PHP Injection Attack: High-Risk PHP Function Call Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933161\",\r\n \"description\": \"PHP Injection Attack: Low-Value PHP Function Call Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933170\",\r\n \"description\": \"PHP Injection Attack: Serialized Object Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933180\",\r\n \"description\": \"PHP Injection Attack: Variable Function Call Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933190\",\r\n \"description\": \"PHP Injection Attack: PHP Closing Tag Found\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933200\",\r\n \"description\": \"PHP Injection Attack: Abusing of PHP wrappers could lead to RCE\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"933210\",\r\n \"description\": \"PHP Injection Attack: Variable Function Call Found (bypass 933180)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"XSS\",\r\n \"description\": \"Cross-site scripting\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"941100\",\r\n \"description\": \"XSS Attack Detected via libinjection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941101\",\r\n \"description\": \"XSS Attack Detected via libinjection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941110\",\r\n \"description\": \"XSS Filter - Category 1: Script Tag Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941120\",\r\n \"description\": \"XSS Filter - Category 2: Event Handler Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941130\",\r\n \"description\": \"XSS Filter - Category 3: Attribute Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941140\",\r\n \"description\": \"XSS Filter - Category 4: Javascript URI Vector\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941150\",\r\n \"description\": \"XSS Filter - Category 5: Disallowed HTML Attributes\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941160\",\r\n \"description\": \"NoScript XSS InjectionChecker: HTML Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941170\",\r\n \"description\": \"NoScript XSS InjectionChecker: Attribute Injection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941180\",\r\n \"description\": \"Node-Validator Blacklist Keywords\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941190\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941200\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941210\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941220\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941230\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941240\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941250\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941260\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941270\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941280\",\r\n \"description\": \"IE XSS Filters - Attack Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941290\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941300\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941310\",\r\n \"description\": \"US-ASCII Malformed Encoding XSS Filter - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941320\",\r\n \"description\": \"Possible XSS Attack Detected - HTML Tag Handler\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941330\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941340\",\r\n \"description\": \"IE XSS Filters - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941350\",\r\n \"description\": \"UTF-7 Encoding IE XSS - Attack Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"941360\",\r\n \"description\": \"JSFuck / Hieroglyphy obfuscation detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"SQLI\",\r\n \"description\": \"SQL injection\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"942100\",\r\n \"description\": \"SQL Injection Attack Detected via libinjection\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942110\",\r\n \"description\": \"SQL Injection Attack: Common Injection Testing Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942120\",\r\n \"description\": \"SQL Injection Attack: SQL Operator Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942140\",\r\n \"description\": \"SQL Injection Attack: Common DB Names Detected\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942160\",\r\n \"description\": \"Detects blind sqli tests using sleep() or benchmark().\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942170\",\r\n \"description\": \"Detects SQL benchmark and sleep injection attempts including conditional queries\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942180\",\r\n \"description\": \"Detects basic SQL authentication bypass attempts 1/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942190\",\r\n \"description\": \"Detects MSSQL code execution and information gathering attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942200\",\r\n \"description\": \"Detects MySQL comment-/space-obfuscated injections and backtick termination\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942210\",\r\n \"description\": \"Detects chained SQL injection attempts 1/2\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942220\",\r\n \"description\": \"Looking for integer overflow attacks, these are taken from skipfish, except 3.0.00738585072007e-308 is the \\\"magic number\\\" crash\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942230\",\r\n \"description\": \"Detects conditional SQL injection attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942240\",\r\n \"description\": \"Detects MySQL charset switch and MSSQL DoS attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942250\",\r\n \"description\": \"Detects MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942251\",\r\n \"description\": \"Detects HAVING injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942260\",\r\n \"description\": \"Detects basic SQL authentication bypass attempts 2/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942270\",\r\n \"description\": \"Looking for basic sql injection. Common attack string for mysql, oracle and others.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942280\",\r\n \"description\": \"Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942290\",\r\n \"description\": \"Finds basic MongoDB SQL injection attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942300\",\r\n \"description\": \"Detects MySQL comments, conditions and ch(a)r injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942310\",\r\n \"description\": \"Detects chained SQL injection attempts 2/2\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942320\",\r\n \"description\": \"Detects MySQL and PostgreSQL stored procedure/function injections\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942330\",\r\n \"description\": \"Detects classic SQL injection probings 1/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942340\",\r\n \"description\": \"Detects basic SQL authentication bypass attempts 3/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942350\",\r\n \"description\": \"Detects MySQL UDF injection and other data/structure manipulation attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942360\",\r\n \"description\": \"Detects concatenated basic SQL injection and SQLLFI attempts\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942361\",\r\n \"description\": \"Detects basic SQL injection based on keyword alter or union\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942370\",\r\n \"description\": \"Detects classic SQL injection probings 2/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942380\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942390\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942400\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942410\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942430\",\r\n \"description\": \"Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942431\",\r\n \"description\": \"Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942432\",\r\n \"description\": \"Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2)\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942440\",\r\n \"description\": \"SQL Comment Sequence Detected.\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942450\",\r\n \"description\": \"SQL Hex Encoding Identified\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942470\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942480\",\r\n \"description\": \"SQL Injection Attack\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"942490\",\r\n \"description\": \"Detects classic SQL injection probings 3/3\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"FIX\",\r\n \"description\": \"Session Fixation attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"943100\",\r\n \"description\": \"Possible Session Fixation Attack: Setting Cookie Values in HTML\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n {\r\n \"ruleGroupName\": \"JAVA\",\r\n \"description\": \"Java attacks\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"944100\",\r\n \"description\": \"Java: possible payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944110\",\r\n \"description\": \"Java: possible payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944120\",\r\n \"description\": \"Java: possible payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944200\",\r\n \"description\": \"Java: deserialization that could lead to payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944210\",\r\n \"description\": \"Java: base64 attack that could lead to payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944240\",\r\n \"description\": \"Java: possible payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944250\",\r\n \"description\": \"Java: possible payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n },\r\n {\r\n \"ruleId\": \"944300\",\r\n \"description\": \"Java: base64 attack that could lead to payload execution\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"name\": \"BotProtection_preview-0.1\",\r\n \"id\": \"/subscriptions/47f4bc68-6fe4-43a2-be8b-dfd0e290efa2/providers/Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets/BotProtection_preview-0.1\",\r\n \"type\": \"Microsoft.Network/frontdoorwebapplicationfirewallmanagedrulesets\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"ruleSetId\": \"e44514af-018d-49e9-8070-c9edac0f3a0d\",\r\n \"ruleSetType\": \"BotProtection\",\r\n \"ruleSetVersion\": \"preview-0.1\",\r\n \"ruleGroups\": [\r\n {\r\n \"ruleGroupName\": \"KnownBadBots\",\r\n \"description\": \"\",\r\n \"rules\": [\r\n {\r\n \"ruleId\": \"Bot00001\",\r\n \"description\": \"Malicious Bots\",\r\n \"defaultAction\": \"Block\",\r\n \"defaultState\": \"Enabled\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "47f4bc68-6fe4-43a2-be8b-dfd0e290efa2"
+ }
+}
\ No newline at end of file
diff --git a/src/FrontDoor/FrontDoor/Az.FrontDoor.psd1 b/src/FrontDoor/FrontDoor/Az.FrontDoor.psd1
index 5ea5edafbe57..518284d9e7ab 100644
--- a/src/FrontDoor/FrontDoor/Az.FrontDoor.psd1
+++ b/src/FrontDoor/FrontDoor/Az.FrontDoor.psd1
@@ -85,6 +85,7 @@ CmdletsToExport = 'New-AzFrontDoor', 'Get-AzFrontDoor', 'Set-AzFrontDoor',
'New-AzFrontDoorWafCustomRuleObject',
'New-AzFrontDoorWafManagedRuleObject', 'New-AzFrontDoorWafPolicy',
'Get-AzFrontDoorWafPolicy', 'Update-AzFrontDoorWafPolicy',
+ 'Get-AzFrontDoorWafManagedRuleSetDefinition',
'Remove-AzFrontDoorWafPolicy',
'New-AzFrontDoorWafRuleGroupOverrideObject',
'Remove-AzFrontDoorContent', 'Enable-AzFrontDoorCustomDomainHttps',
diff --git a/src/FrontDoor/FrontDoor/ChangeLog.md b/src/FrontDoor/FrontDoor/ChangeLog.md
index 9e1cf94798e8..45a75fdc936c 100644
--- a/src/FrontDoor/FrontDoor/ChangeLog.md
+++ b/src/FrontDoor/FrontDoor/ChangeLog.md
@@ -18,6 +18,7 @@
- Additional information about change #1
-->
## Upcoming Release
+* Add cmdlet to get managed rule definitions that can be used in WAF
## Version 1.3.0
* Update references in .psd1 to use relative path
diff --git a/src/FrontDoor/FrontDoor/Cmdlets/GetAzureRmFrontDoorWafManagedRuleSetDefinition.cs b/src/FrontDoor/FrontDoor/Cmdlets/GetAzureRmFrontDoorWafManagedRuleSetDefinition.cs
new file mode 100644
index 000000000000..4c2e84661be1
--- /dev/null
+++ b/src/FrontDoor/FrontDoor/Cmdlets/GetAzureRmFrontDoorWafManagedRuleSetDefinition.cs
@@ -0,0 +1,47 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.FrontDoor.Common;
+using Microsoft.Azure.Commands.FrontDoor.Helpers;
+using Microsoft.Azure.Commands.FrontDoor.Models;
+using Microsoft.Azure.Management.FrontDoor.Models;
+using Microsoft.Rest.Azure;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.FrontDoor.Cmdlets
+{
+ ///
+ /// Defines the Get-AzFrontDoorWafManagedRuleSetDefinition cmdlet.
+ ///
+ [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "FrontDoorWafManagedRuleSetDefinition"), OutputType(typeof(PSManagedRuleSetDefinition))]
+ public class GetAzureRmFrontDoorWafManagedRuleSetDefinition : AzureFrontDoorCmdletBase
+ {
+ public override void ExecuteCmdlet()
+ {
+ AzureOperationResponse> managedSets = FrontDoorManagementClient.ManagedRuleSets.ListWithHttpMessagesAsync().GetAwaiter().GetResult();
+ List managedRuleSetDefinitions = managedSets.Body?.Select(managedRuleSetDefinition => managedRuleSetDefinition.ToPSManagedRuleSetDefinition()).ToList();
+ string nextLink = managedSets.Body.NextPageLink;
+ while (nextLink != null)
+ {
+ var nextLinkSets = FrontDoorManagementClient.ManagedRuleSets.ListNextWithHttpMessagesAsync(nextLink).GetAwaiter().GetResult();
+ managedRuleSetDefinitions.AddRange(nextLinkSets.Body?.Select(managedRuleSetDefinition => managedRuleSetDefinition.ToPSManagedRuleSetDefinition()));
+ nextLink = nextLinkSets.Body.NextPageLink;
+ }
+
+ WriteObject(managedRuleSetDefinitions.ToArray(), true);
+ }
+ }
+}
diff --git a/src/FrontDoor/FrontDoor/Helpers/ModelExtensions.cs b/src/FrontDoor/FrontDoor/Helpers/ModelExtensions.cs
index f244f2d8549e..078a438cf4a1 100644
--- a/src/FrontDoor/FrontDoor/Helpers/ModelExtensions.cs
+++ b/src/FrontDoor/FrontDoor/Helpers/ModelExtensions.cs
@@ -38,7 +38,10 @@
using SdkHttpsConfig = Microsoft.Azure.Management.FrontDoor.Models.CustomHttpsConfiguration;
using SdkLoadBalancingSetting = Microsoft.Azure.Management.FrontDoor.Models.LoadBalancingSettingsModel;
using SdkManagedRule = Microsoft.Azure.Management.FrontDoor.Models.ManagedRuleSet;
+using SdkManagedRuleDefinition = Microsoft.Azure.Management.FrontDoor.Models.ManagedRuleDefinition;
+using SdkManagedRuleGroupDefinition = Microsoft.Azure.Management.FrontDoor.Models.ManagedRuleGroupDefinition;
using SdkManagedRuleList = Microsoft.Azure.Management.FrontDoor.Models.ManagedRuleSetList;
+using SdkManagedRuleSetDefinition = Microsoft.Azure.Management.FrontDoor.Models.ManagedRuleSetDefinition;
using sdkMatchCondition = Microsoft.Azure.Management.FrontDoor.Models.MatchCondition;
using sdkPolicySetting = Microsoft.Azure.Management.FrontDoor.Models.PolicySettings;
using SdkRedirectConfiguration = Microsoft.Azure.Management.FrontDoor.Models.RedirectConfiguration;
@@ -431,6 +434,38 @@ public static PSPolicy ToPSPolicy(this SdkFirewallPolicy sdkPolicy)
};
}
+ public static PSManagedRuleSetDefinition ToPSManagedRuleSetDefinition(this SdkManagedRuleSetDefinition sdkManagedRuleSetDefinition)
+ {
+ return new PSManagedRuleSetDefinition
+ {
+ ProvisioningState = sdkManagedRuleSetDefinition.ProvisioningState,
+ RuleSetType = sdkManagedRuleSetDefinition.RuleSetType,
+ RuleSetVersion = sdkManagedRuleSetDefinition.RuleSetVersion,
+ RuleGroups = sdkManagedRuleSetDefinition.RuleGroups?.Select(ruleGroup => ruleGroup.ToPSManagedRuleGroupDefinition()).ToList()
+ };
+ }
+
+ public static PSManagedRuleGroupDefinition ToPSManagedRuleGroupDefinition(this SdkManagedRuleGroupDefinition sdkManagedRuleGroupDefinition)
+ {
+ return new PSManagedRuleGroupDefinition
+ {
+ RuleGroupName = sdkManagedRuleGroupDefinition.RuleGroupName,
+ Description = sdkManagedRuleGroupDefinition.Description,
+ Rules = sdkManagedRuleGroupDefinition.Rules?.Select(rule => rule.ToPSManagedRuleDefinition()).ToList()
+ };
+ }
+
+ public static PSManagedRuleDefinition ToPSManagedRuleDefinition(this SdkManagedRuleDefinition sdkManagedRuleDefinition)
+ {
+ return new PSManagedRuleDefinition
+ {
+ RuleId = sdkManagedRuleDefinition.RuleId,
+ DefaultAction = sdkManagedRuleDefinition.DefaultAction,
+ DefaultState = sdkManagedRuleDefinition.DefaultState,
+ Description = sdkManagedRuleDefinition.Description
+ };
+ }
+
public static PSMatchCondition ToPSMatchCondition(this sdkMatchCondition sdkMatchCondition)
{
return new PSMatchCondition
diff --git a/src/FrontDoor/FrontDoor/Models/PSManagedRuleDefinition.cs b/src/FrontDoor/FrontDoor/Models/PSManagedRuleDefinition.cs
new file mode 100644
index 000000000000..ec4bc2766f7a
--- /dev/null
+++ b/src/FrontDoor/FrontDoor/Models/PSManagedRuleDefinition.cs
@@ -0,0 +1,29 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.Commands.FrontDoor.Models
+{
+ public class PSManagedRuleDefinition
+ {
+ public string RuleId { get; set; }
+
+ public string DefaultState { get; set; }
+
+ public string DefaultAction { get; set; }
+
+ public string Description { get; set; }
+ }
+}
diff --git a/src/FrontDoor/FrontDoor/Models/PSManagedRuleGroupDefinition.cs b/src/FrontDoor/FrontDoor/Models/PSManagedRuleGroupDefinition.cs
new file mode 100644
index 000000000000..73dd93b08216
--- /dev/null
+++ b/src/FrontDoor/FrontDoor/Models/PSManagedRuleGroupDefinition.cs
@@ -0,0 +1,27 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.Commands.FrontDoor.Models
+{
+ public class PSManagedRuleGroupDefinition
+ {
+ public string RuleGroupName { get; set; }
+
+ public string Description { get; set; }
+
+ public IList Rules { get; set; }
+ }
+}
diff --git a/src/FrontDoor/FrontDoor/Models/PSManagedRuleSetDefinition.cs b/src/FrontDoor/FrontDoor/Models/PSManagedRuleSetDefinition.cs
new file mode 100644
index 000000000000..3de9d0a52141
--- /dev/null
+++ b/src/FrontDoor/FrontDoor/Models/PSManagedRuleSetDefinition.cs
@@ -0,0 +1,29 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.Commands.FrontDoor.Models
+{
+ public class PSManagedRuleSetDefinition
+ {
+ public string ProvisioningState { get; set; }
+
+ public string RuleSetType { get; set; }
+
+ public string RuleSetVersion { get; set; }
+
+ public IList RuleGroups { get; set; }
+ }
+}
diff --git a/src/FrontDoor/FrontDoor/help/Az.FrontDoor.md b/src/FrontDoor/FrontDoor/help/Az.FrontDoor.md
index 0f92c82c347a..b8b175d74160 100644
--- a/src/FrontDoor/FrontDoor/help/Az.FrontDoor.md
+++ b/src/FrontDoor/FrontDoor/help/Az.FrontDoor.md
@@ -23,6 +23,9 @@ Get Front Door load balancer
### [Get-AzFrontDoorFrontendEndpoint](Get-AzFrontDoorFrontendEndpoint.md)
Get a front door frontend endpoint.
+### [Get-AzFrontDoorWafManagedRuleSetDefinition](Get-AzFrontDoorWafManagedRuleSetDefinition.md)
+Get WAF managed rule set definitions
+
### [Get-AzFrontDoorWafPolicy](Get-AzFrontDoorWafPolicy.md)
Get WAF policy
diff --git a/src/FrontDoor/FrontDoor/help/Get-AzFrontDoorWafManagedRuleSetDefinition.md b/src/FrontDoor/FrontDoor/help/Get-AzFrontDoorWafManagedRuleSetDefinition.md
new file mode 100644
index 000000000000..1479b5ae6dca
--- /dev/null
+++ b/src/FrontDoor/FrontDoor/help/Get-AzFrontDoorWafManagedRuleSetDefinition.md
@@ -0,0 +1,72 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.FrontDoor.dll-Help.xml
+Module Name: Az.FrontDoor
+online version: https://docs.microsoft.com/en-us/powershell/module/az.frontdoor/get-azfrontdoorwafmanagedrulesetdefinition
+schema: 2.0.0
+---
+
+# Get-AzFrontDoorWafManagedRuleSetDefinition
+
+## SYNOPSIS
+Get WAF managed rule set definitions
+
+## SYNTAX
+
+```
+Get-AzFrontDoorWafManagedRuleSetDefinition [-DefaultProfile ] []
+```
+
+## DESCRIPTION
+Gets the list of WAF managed rule set definitions to use as reference
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:> Get-AzFrontDoorWafManagedRuleSetDefinition
+
+ProvisioningState RuleSetType RuleSetVersion RuleGroups
+----------------- ----------- -------------- ----------
+Succeeded DefaultRuleSet 1.0 {PROTOCOL-ATTACK, LFI, RFI, RCE...}
+Succeeded Microsoft_BotManagerRuleSet 1.0 {BadBots, GoodBots, UnknownBots}
+Succeeded DefaultRuleSet preview-0.1 {LFI, RFI, RCE, PHP...}
+Succeeded BotProtection preview-0.1 {KnownBadBots}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.FrontDoor.Models.PSManagedRuleSetDefinition
+
+## NOTES
+
+## RELATED LINKS
+
+[New-AzFrontDoorWafManagedRuleObject](./New-AzFrontDoorWafManagedRuleObject.md)
+[New-AzFrontDoorWafManagedRuleOverrideObject](./New-AzFrontDoorWafManagedRuleOverrideObject.md)
+[New-AzFrontDoorWafRuleGroupOverrideObject](./New-AzFrontDoorWafRuleGroupOverrideObject.md)