diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/webapplicationfirewall.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/webapplicationfirewall.json index 04ce53640fe5..6079daec8ecf 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/webapplicationfirewall.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/webapplicationfirewall.json @@ -3,7 +3,7 @@ "info": { "version": "2019-04-01", "title": "WebApplicationFirewallManagement", - "description": "APIs to manage web application firewall rules" + "description": "APIs to manage web application firewall rules." }, "host": "management.azure.com", "schemes": [ @@ -27,7 +27,7 @@ "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", + "description": "Azure Active Directory OAuth2 Flow.", "scopes": { "user_impersonation": "impersonate your user account" } @@ -105,9 +105,9 @@ "x-ms-pageable": { "nextLinkName": "nextLink" } - } + } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/{policyName}": { "get": { "tags": [ "WebApplicationFirewallPolicies" @@ -133,7 +133,7 @@ "required": true, "type": "string", "maxLength": 128, - "description": "The name of the policy" + "description": "The name of the policy." }, { "$ref": "#/parameters/SubscriptionIdParameter" @@ -213,7 +213,7 @@ "tags": [ "WebApplicationFirewallPolicies" ], - "description": "Deletes Policy", + "description": "Deletes Policy.", "operationId": "WebApplicationFirewallPolicies_Delete", "x-ms-examples": { "Deletes a WAF policy within a resource group": { @@ -277,24 +277,32 @@ }, "allOf": [ { - "$ref": "./network.json#/definitions/Resource" + "$ref": "./network.json#/definitions/Resource" } ] }, "WebApplicationFirewallPolicyPropertiesFormat": { - "description": "Defines web application firewall policy properties", + "description": "Defines web application firewall policy properties.", "properties": { "policySettings": { - "description": "Describes policySettings for policy", + "description": "Describes policySettings for policy.", "$ref": "#/definitions/PolicySettings" }, + "policyDetailSettings": { + "description": "Describes policy detail settings for policy.", + "$ref": "#/definitions/PolicyDetailSettings" + }, "customRules": { - "description": "Describes custom rules inside the policy", + "description": "Describes custom rules inside the policy.", "type": "array", "items": { "$ref": "#/definitions/WebApplicationFirewallCustomRule" } }, + "managedRules": { + "description": "Describes managed rules inside the policy.", + "$ref": "#/definitions/ManagedRuleSets" + }, "applicationGateways": { "readOnly": true, "type": "array", @@ -347,10 +355,10 @@ } }, "PolicySettings": { - "description": "Defines contents of a web application firewall global configuration", + "description": "Defines contents of a web application firewall global configuration.", "properties": { "enabledState": { - "description": "Describes if the policy is in enabled state or disabled state", + "description": "Describes if the policy is in enabled state or disabled state.", "type": "string", "enum": [ "Disabled", @@ -362,7 +370,7 @@ } }, "mode": { - "description": "Describes if it is in detection mode or prevention mode at policy level", + "description": "Describes if it is in detection mode or prevention mode at policy level.", "type": "string", "enum": [ "Prevention", @@ -375,8 +383,33 @@ } } }, + "PolicyDetailSettings": { + "description": "Defines contents of a web application firewall global detail configuration.", + "properties": { + "requestBodyCheck": { + "type": "boolean", + "description": "Whether to allow WAF to check request Body." + }, + "maxRequestBodySizeInKb": { + "type": "integer", + "format": "int32", + "maximum": 128, + "exclusiveMaximum": false, + "minimum": 8, + "exclusiveMinimum": false, + "description": "Maximum request body size in Kb for WAF." + }, + "fileUploadLimitInMb": { + "type": "integer", + "format": "int32", + "minimum": 0, + "exclusiveMinimum": false, + "description": "Maximum file upload size in Mb for WAF." + } + } + }, "WebApplicationFirewallCustomRule": { - "description": "Defines contents of a web application rule", + "description": "Defines contents of a web application rule.", "required": [ "priority", "ruleType", @@ -395,11 +428,11 @@ "description": "Gets a unique read-only string that changes whenever the resource is updated." }, "priority": { - "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value", + "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.", "type": "integer" }, "ruleType": { - "description": "Describes type of rule", + "description": "Describes type of rule.", "type": "string", "enum": [ "MatchRule", @@ -411,14 +444,14 @@ } }, "matchConditions": { - "description": "List of match conditions", + "description": "List of match conditions.", "type": "array", "items": { "$ref": "#/definitions/MatchCondition" } }, "action": { - "description": "Type of Actions", + "description": "Type of Actions.", "type": "string", "enum": [ "Allow", @@ -433,7 +466,7 @@ } }, "Transform": { - "description": "Describes what transforms applied before matching", + "description": "Describes what transforms applied before matching.", "type": "string", "enum": [ "Lowercase", @@ -449,13 +482,13 @@ } }, "MatchVariable": { - "description": "Define match variables", + "description": "Define match variables.", "required": [ "variableName" ], "properties": { "variableName": { - "description": "Match Variable", + "description": "Match Variable.", "type": "string", "enum": [ "RemoteAddr", @@ -473,13 +506,13 @@ } }, "selector": { - "description": "Describes field of the matchVariable collection", + "description": "Describes field of the matchVariable collection.", "type": "string" } } }, "MatchCondition": { - "description": "Define match conditions", + "description": "Define match conditions.", "required": [ "matchVariables", "operator", @@ -487,14 +520,14 @@ ], "properties": { "matchVariables": { - "description": "List of match variables", + "description": "List of match variables.", "type": "array", "items": { "$ref": "#/definitions/MatchVariable" } }, "operator": { - "description": "Describes operator to be matched", + "description": "Describes operator to be matched.", "type": "string", "enum": [ "IPMatch", @@ -514,24 +547,131 @@ } }, "negationConditon": { - "description": "Describes if this is negate condition or not", + "description": "Describes if this is negate condition or not.", "type": "boolean" }, "matchValues": { - "description": "Match value", + "description": "Match value.", "type": "array", "items": { "type": "string" } }, "transforms": { - "description": "List of transforms", + "description": "List of transforms.", "type": "array", "items": { "$ref": "#/definitions/Transform" } } } + }, + "ManagedRuleSets": { + "description": "Defines ManagedRuleSets - array of managedRuleSet.", + "properties": { + "ruleSets": { + "description": "List of rules.", + "type": "array", + "items": { + "$ref": "#/definitions/ManagedRuleSet" + } + } + } + }, + "ManagedRuleSet": { + "type": "object", + "description": "Base class for all types of ManagedRuleSet.", + "x-ms-discriminator-value": "Unknown", + "properties": { + "ruleSetVersion": { + "description": "Defines version of the rule set.", + "type": "string" + }, + "ruleSetType": { + "description": "RuleSetType - AzureManagedRuleSet or OWASP RuleSets.", + "type": "string" + } + }, + "required": [ + "ruleSetType" + ], + "discriminator": "ruleSetType" + }, + "OWASPRuleSet": { + "type": "object", + "description": "Describes azure managed provider.", + "x-ms-discriminator-value": "OWASPRuleSet", + "properties": { + "ruleSetConfiguration": { + "$ref": "#/definitions/OWASPRuleSetConfiguration", + "description": "OWASP rule set configuration." + } + }, + "allOf": [ + { + "$ref": "#/definitions/ManagedRuleSet" + } + ] + }, + "OWASPRuleSetConfiguration": { + "properties": { + "disabledRuleGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/OWASPRuleSetDisabledRuleGroup" + }, + "description": "The disabled rule groups." + }, + "exclusions": { + "type": "array", + "items": { + "$ref": "#/definitions/OWASPRuleSetExclusion" + }, + "description": "The exclusion list." + } + }, + "description": "OWASP rule set configuration." + }, + "OWASPRuleSetDisabledRuleGroup": { + "properties": { + "ruleGroupName": { + "type": "string", + "description": "The name of the rule group that will be disabled." + }, + "rules": { + "type": "array", + "items": { + "type": "integer", + "format": "int32", + "x-nullable": false + }, + "description": "The list of rules that will be disabled. If null, all rules of the rule group will be disabled." + } + }, + "required": [ + "ruleGroupName" + ], + "description": "Allows to disable rules within a rule group or an entire rule group." + }, + "OWASPRuleSetExclusion": { + "properties": { + "matchVariable": { + "type": "string", + "description": "The variable to be excluded." + }, + "selectorMatchOperator": { + "type": "string", + "description": "When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to." + }, + "selector": { + "type": "string", + "description": "When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to." + } + }, + "required": [ + "matchVariable" + ], + "description": "Allow to exclude some variable satisfy the condition for the WAF check." } }, "parameters": { @@ -550,4 +690,4 @@ "description": "Client API version." } } -} +} \ No newline at end of file