-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to configuration WAF advanced application rules #2756
Comments
Building on this a little, I see specific mention of the absence of this feature is called out here: http://fortytwoblog.centralus.cloudapp.azure.com/2018/07/12/configuring-azure-traffic-manager-application-gateway-and-app-services/ You can set some very basic WAF properties in Terraform:
But the specific rules/rulesets are effectively 'data' rather than resource definitions and aren't currently available to set via Terraform. In the short term you can use PowerShell or the CLI to configure the active rulesets as outlined here:
Understand however the intent is to have "desired state" set in Terraform rather than commands/scripts to set individual rules on/off. As a stop gap (until this feature is added both both at the ARM level and the Terraform layer over ARM) may be to have a script that explicitly checks and turns on all required rules and checks off all unrequired rules? |
Thanks @mattquinn - we decided on using the Azure CLI temporality as part of a null resource to customise the rule set. It does not track desired state, but has a trigger on gateway changes. |
Does this feature request include the ability to configure exclusion rules on the WAF also? We use a couple of these to tune the WAF with our application, it doesn't appear that they can be set via Terraform at the current time |
It should do as that is our primary use case. |
WIP PR up for disabled rule groups, it doesn't cover all of this issue but should help: |
Hi Team, Please help to validate the below written script prepared from my side. If not , suggest me the best possible methods to written the script. Under the WAF resource group , I created one sub resource group as below.. disabled_rule_group { |
Since this issue has been reported a long time ago and relates to the version of provider we no longer support - I'm going to close it. Please open a new updated bug report if this is still relevant. Thank you. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
The default OWASP WAF rule set blocks PUT and PATCH request methods which are common Resftul API request methods. We would like to be able to customise the rules set through Terraform.
New or Affected Resource(s)
References
The text was updated successfully, but these errors were encountered: