diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyCreateOrUpdate.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyCreateOrUpdate.json index 39d8d0dc7762..0392cca9e9be 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyCreateOrUpdate.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyCreateOrUpdate.json @@ -9,6 +9,7 @@ "properties": { "policySettings": { "jsChallengeCookieExpirationInMins": 100, + "captchaCookieExpirationInMins": 100, "logScrubbing": { "state": "Enabled", "scrubbingRules": [ @@ -60,6 +61,11 @@ "ruleId": "300700", "state": "Enabled", "action": "JSChallenge" + }, + { + "ruleId": "300600", + "state": "Enabled", + "action": "CAPTCHA" } ] } @@ -312,6 +318,41 @@ } ], "action": "JSChallenge" + }, + { + "name": "Rule5", + "priority": 5, + "state": "Enabled", + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariables": [ + { + "variableName": "RemoteAddr", + "selector": null + } + ], + "operator": "IPMatch", + "negationConditon": false, + "matchValues": [ + "192.168.2.0/24" + ] + }, + { + "matchVariables": [ + { + "variableName": "RequestHeaders", + "selector": "UserAgent" + } + ], + "operator": "Contains", + "negationConditon": false, + "matchValues": [ + "Bot" + ] + } + ], + "action": "CAPTCHA" } ] } @@ -343,6 +384,7 @@ "customBlockResponseStatusCode": 405, "customBlockResponseBody": "SGVsbG8=", "jsChallengeCookieExpirationInMins": 100, + "captchaCookieExpirationInMins": 100, "logScrubbing": { "state": "Enabled", "scrubbingRules": [ @@ -394,6 +436,11 @@ "ruleId": "300700", "state": "Enabled", "action": "JSChallenge" + }, + { + "ruleId": "300600", + "state": "Enabled", + "action": "CAPTCHA" } ] } @@ -655,6 +702,41 @@ } ], "action": "JSChallenge" + }, + { + "name": "Rule5", + "priority": 5, + "state": "Enabled", + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariables": [ + { + "variableName": "RemoteAddr", + "selector": null + } + ], + "operator": "IPMatch", + "negationConditon": false, + "matchValues": [ + "192.168.2.0/24" + ] + }, + { + "matchVariables": [ + { + "variableName": "RequestHeaders", + "selector": "UserAgent" + } + ], + "operator": "Contains", + "negationConditon": false, + "matchValues": [ + "Bot" + ] + } + ], + "action": "CAPTCHA" } ] } @@ -684,7 +766,8 @@ "requestBodyCheck": true, "customBlockResponseStatusCode": 405, "customBlockResponseBody": "SGVsbG8=", - "jsChallengeCookieExpirationInMins": 100 + "jsChallengeCookieExpirationInMins": 100, + "captchaCookieExpirationInMins": 100 }, "managedRules": { "managedRuleSets": [ @@ -720,6 +803,11 @@ "ruleId": "300700", "state": "Enabled", "action": "JSChallenge" + }, + { + "ruleId": "300600", + "state": "Enabled", + "action": "CAPTCHA" } ] } @@ -981,6 +1069,41 @@ } ], "action": "JSChallenge" + }, + { + "name": "Rule5", + "priority": 5, + "state": "Enabled", + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariables": [ + { + "variableName": "RemoteAddr", + "selector": null + } + ], + "operator": "IPMatch", + "negationConditon": false, + "matchValues": [ + "192.168.2.0/24" + ] + }, + { + "matchVariables": [ + { + "variableName": "RequestHeaders", + "selector": "UserAgent" + } + ], + "operator": "Contains", + "negationConditon": false, + "matchValues": [ + "Bot" + ] + } + ], + "action": "CAPTCHA" } ] } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyGet.json index c17e468e8885..576a8dea5fb3 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/examples/WafPolicyGet.json @@ -31,6 +31,7 @@ "customBlockResponseStatusCode": 405, "customBlockResponseBody": "SGVsbG8=", "jsChallengeCookieExpirationInMins": 100, + "captchaCookieExpirationInMins": 100, "logScrubbing": { "state": "Enabled", "scrubbingRules": [ @@ -175,6 +176,41 @@ } ], "action": "JSChallenge" + }, + { + "name": "Rule5", + "priority": 5, + "state": "Enabled", + "ruleType": "MatchRule", + "matchConditions": [ + { + "matchVariables": [ + { + "variableName": "RemoteAddr", + "selector": null + } + ], + "operator": "IPMatch", + "negationConditon": false, + "matchValues": [ + "192.168.2.0/24" + ] + }, + { + "matchVariables": [ + { + "variableName": "RequestHeaders", + "selector": "UserAgent" + } + ], + "operator": "Contains", + "negationConditon": false, + "matchValues": [ + "Bot" + ] + } + ], + "action": "CAPTCHA" } ], "managedRules": { @@ -255,9 +291,9 @@ "ruleGroupName": "UnknownBots", "rules": [ { - "ruleId": "300700", + "ruleId": "300600", "state": "Enabled", - "action": "JSChallenge" + "action": "CAPTCHA" } ] } diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/webapplicationfirewall.json b/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/webapplicationfirewall.json index 4beecc1d8af5..1ef69469b3b1 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/webapplicationfirewall.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2025-05-01/webapplicationfirewall.json @@ -541,6 +541,13 @@ "format": "int32", "minimum": 5, "maximum": 1440 + }, + "captchaCookieExpirationInMins": { + "description": "Web Application Firewall CAPTCHA Cookie Expiration time in minutes.", + "type": "integer", + "format": "int32", + "minimum": 5, + "maximum": 1440 } } }, @@ -631,7 +638,8 @@ "Allow", "Block", "Log", - "JSChallenge" + "JSChallenge", + "CAPTCHA" ], "x-ms-enum": { "name": "WebApplicationFirewallAction", @@ -1082,7 +1090,8 @@ "Allow", "Block", "Log", - "JSChallenge" + "JSChallenge", + "CAPTCHA" ], "x-ms-enum": { "name": "ActionType",