Azure · venk8 · May 16, 2019 · May 16, 2019 · May 16, 2019 · May 20, 2019
diff --git a/.../network/resource-manager/Microsoft.Network/stable/2019-04-01/webapplicationfirewall.json b/.../network/resource-manager/Microsoft.Network/stable/2019-04-01/webapplicationfirewall.json
@@ -3,7 +3,7 @@
   "info": {
     "version": "2019-04-01",
     "title": "WebApplicationFirewallManagement",
-    "description": "APIs to manage web application firewall rules"
+    "description": "APIs to manage web application firewall rules."
   },
   "host": "management.azure.com",
   "schemes": [
@@ -27,7 +27,7 @@
       "type": "oauth2",
       "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
       "flow": "implicit",
-      "description": "Azure Active Directory OAuth2 Flow",
+      "description": "Azure Active Directory OAuth2 Flow.",
       "scopes": {
         "user_impersonation": "impersonate your user account"
       }
@@ -105,9 +105,9 @@
         "x-ms-pageable": {
           "nextLinkName": "nextLink"
         }
-    }
+      }
     },
-    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}": {
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/{policyName}": {
       "get": {
         "tags": [
           "WebApplicationFirewallPolicies"
@@ -133,7 +133,7 @@
             "required": true,
             "type": "string",
             "maxLength": 128,
-            "description": "The name of the policy"
+            "description": "The name of the policy."
           },
           {
             "$ref": "#/parameters/SubscriptionIdParameter"
@@ -213,7 +213,7 @@
         "tags": [
           "WebApplicationFirewallPolicies"
         ],
-        "description": "Deletes Policy",
+        "description": "Deletes Policy.",
         "operationId": "WebApplicationFirewallPolicies_Delete",
         "x-ms-examples": {
           "Deletes a WAF policy within a resource group": {
@@ -277,24 +277,32 @@
       },
       "allOf": [
         {
-            "$ref": "./network.json#/definitions/Resource"
+          "$ref": "./network.json#/definitions/Resource"
         }
       ]
     },
     "WebApplicationFirewallPolicyPropertiesFormat": {
-      "description": "Defines web application firewall policy properties",
+      "description": "Defines web application firewall policy properties.",
       "properties": {
         "policySettings": {
-          "description": "Describes  policySettings for policy",
+          "description": "Describes policySettings for policy.",
           "$ref": "#/definitions/PolicySettings"
         },
+        "policyDetailSettings": {
+          "description": "Describes policy detail settings for policy.",
+          "$ref": "#/definitions/PolicyDetailSettings"
+        },
         "customRules": {
-          "description": "Describes custom rules inside the policy",
+          "description": "Describes custom rules inside the policy.",
           "type": "array",
           "items": {
             "$ref": "#/definitions/WebApplicationFirewallCustomRule"
           }
         },
+        "managedRules": {
+          "description": "Describes managed rules inside the policy.",
+          "$ref": "#/definitions/ManagedRuleSets"
+        },
         "applicationGateways": {
           "readOnly": true,
           "type": "array",
@@ -347,10 +355,10 @@
       }
     },
     "PolicySettings": {
-      "description": "Defines contents of a web application firewall global configuration",
+      "description": "Defines contents of a web application firewall global configuration.",
       "properties": {
         "enabledState": {
-          "description": "Describes if the policy is in enabled state or disabled state",
+          "description": "Describes if the policy is in enabled state or disabled state.",
           "type": "string",
           "enum": [
             "Disabled",
@@ -362,7 +370,7 @@
           }
         },
         "mode": {
-          "description": "Describes if it is in detection mode  or prevention mode at policy level",
+          "description": "Describes if it is in detection mode  or prevention mode at policy level.",
           "type": "string",
           "enum": [
             "Prevention",
@@ -375,8 +383,33 @@
         }
       }
     },
+    "PolicyDetailSettings": {
+      "description": "Defines contents of a web application firewall global detail configuration.",
+      "properties": {
+        "requestBodyCheck": {
+          "type": "boolean",
+          "description": "Whether to allow WAF to check request Body."
+        },
+        "maxRequestBodySizeInKb": {
+          "type": "integer",
+          "format": "int32",
+          "maximum": 128,
+          "exclusiveMaximum": false,
+          "minimum": 8,
+          "exclusiveMinimum": false,
+          "description": "Maximum request body size in Kb for WAF."
+        },
+        "fileUploadLimitInMb": {
+          "type": "integer",
+          "format": "int32",
+          "minimum": 0,
+          "exclusiveMinimum": false,
+          "description": "Maximum file upload size in Mb for WAF."
+        }
+      }
+    },
     "WebApplicationFirewallCustomRule": {
-      "description": "Defines contents of a web application rule",
+      "description": "Defines contents of a web application rule.",
       "required": [
         "priority",
         "ruleType",
@@ -395,11 +428,11 @@
           "description": "Gets a unique read-only string that changes whenever the resource is updated."
         },
         "priority": {
-          "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value",
+          "description": "Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.",
           "type": "integer"
         },
         "ruleType": {
-          "description": "Describes type of rule",
+          "description": "Describes type of rule.",
           "type": "string",
           "enum": [
             "MatchRule",
@@ -411,14 +444,14 @@
           }
         },
         "matchConditions": {
-          "description": "List of match conditions",
+          "description": "List of match conditions.",
           "type": "array",
           "items": {
             "$ref": "#/definitions/MatchCondition"
           }
         },
         "action": {
-          "description": "Type of Actions",
+          "description": "Type of Actions.",
           "type": "string",
           "enum": [
             "Allow",
@@ -433,7 +466,7 @@
       }
     },
     "Transform": {
-      "description": "Describes what transforms applied before matching",
+      "description": "Describes what transforms applied before matching.",
       "type": "string",
       "enum": [
         "Lowercase",
@@ -449,13 +482,13 @@
       }
     },
     "MatchVariable": {
-      "description": "Define match variables",
+      "description": "Define match variables.",
       "required": [
         "variableName"
       ],
       "properties": {
         "variableName": {
-          "description": "Match Variable",
+          "description": "Match Variable.",
           "type": "string",
           "enum": [
             "RemoteAddr",
@@ -473,28 +506,28 @@
           }
         },
         "selector": {
-          "description": "Describes field of the matchVariable collection",
+          "description": "Describes field of the matchVariable collection.",
           "type": "string"
         }
       }
     },
     "MatchCondition": {
-      "description": "Define match conditions",
+      "description": "Define match conditions.",
       "required": [
         "matchVariables",
         "operator",
         "matchValues"
       ],
       "properties": {
         "matchVariables": {
-          "description": "List of match variables",
+          "description": "List of match variables.",
           "type": "array",
           "items": {
             "$ref": "#/definitions/MatchVariable"
           }
         },
         "operator": {
-          "description": "Describes operator to be matched",
+          "description": "Describes operator to be matched.",
           "type": "string",
           "enum": [
             "IPMatch",
@@ -514,24 +547,131 @@
           }
         },
         "negationConditon": {
-          "description": "Describes if this is negate condition or not",
+          "description": "Describes if this is negate condition or not.",
           "type": "boolean"
         },
         "matchValues": {
-          "description": "Match value",
+          "description": "Match value.",
           "type": "array",
           "items": {
             "type": "string"
           }
         },
         "transforms": {
-          "description": "List of transforms",
+          "description": "List of transforms.",
           "type": "array",
           "items": {
             "$ref": "#/definitions/Transform"
           }
         }
       }
+    },
+    "ManagedRuleSets": {
+      "description": "Defines ManagedRuleSets - array of managedRuleSet.",
+      "properties": {
+        "ruleSets": {
+          "description": "List of rules.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/ManagedRuleSet"
+          }
+        }
+      }
+    },
+    "ManagedRuleSet": {
+      "type": "object",
+      "description": "Base class for all types of ManagedRuleSet.",
+      "x-ms-discriminator-value": "Unknown",
+      "properties": {
+        "ruleSetVersion": {
+          "description": "Defines version of the rule set.",
+          "type": "string"
+        },
+        "ruleSetType": {
+          "description": "RuleSetType - AzureManagedRuleSet or OWASP RuleSets.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "ruleSetType"
+      ],
+      "discriminator": "ruleSetType"
+    },
+    "OWASPRuleSet": {
+      "type": "object",
+      "description": "Describes azure managed provider.",
+      "x-ms-discriminator-value": "OWASPRuleSet",
+      "properties": {
+        "ruleSetConfiguration": {
+          "$ref": "#/definitions/OWASPRuleSetConfiguration",
+          "description": "OWASP rule set configuration."
+        }
+      },
+      "allOf": [
+        {
+          "$ref": "#/definitions/ManagedRuleSet"
+        }
+      ]
+    },
+    "OWASPRuleSetConfiguration": {
+      "properties": {
+        "disabledRuleGroups": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/OWASPRuleSetDisabledRuleGroup"
+          },
+          "description": "The disabled rule groups."
+        },
+        "exclusions": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/OWASPRuleSetExclusion"
+          },
+          "description": "The exclusion list."
+        }
+      },
+      "description": "OWASP rule set configuration."
+    },
+    "OWASPRuleSetDisabledRuleGroup": {
+      "properties": {
+        "ruleGroupName": {
+          "type": "string",
+          "description": "The name of the rule group that will be disabled."
+        },
+        "rules": {
+          "type": "array",
+          "items": {
+            "type": "integer",
+            "format": "int32",
+            "x-nullable": false
+          },
+          "description": "The list of rules that will be disabled. If null, all rules of the rule group will be disabled."
+        }
+      },
+      "required": [
+        "ruleGroupName"
+      ],
+      "description": "Allows to disable rules within a rule group or an entire rule group."
+    },
+    "OWASPRuleSetExclusion": {
+      "properties": {
+        "matchVariable": {
+          "type": "string",
+          "description": "The variable to be excluded."
+        },
+        "selectorMatchOperator": {
+          "type": "string",
+          "description": "When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to."
+        },
+        "selector": {
+          "type": "string",
+          "description": "When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to."
+        }
+      },
+      "required": [
+        "matchVariable"
+      ],
+      "description": "Allow to exclude some variable satisfy the condition for the WAF check."
     }
   },
   "parameters": {
@@ -550,4 +690,4 @@
       "description": "Client API version."
     }
   }
-}
+}