private static void VerifyPolicy(WebApplicationFirewallPolicy policy, WebApplicationFirewallPolicy parameters)
{
Assert.Equal(policy.Location.ToLower(), parameters.Location.ToLower());
Assert.Equal(policy.Tags.Count, parameters.Tags.Count);
Assert.True(policy.Tags.SequenceEqual(parameters.Tags));
Assert.Equal(policy.PolicySettings.EnabledState, parameters.PolicySettings.EnabledState);
Assert.Equal(policy.PolicySettings.Mode, parameters.PolicySettings.Mode);
Assert.Equal(policy.PolicySettings.CustomBlockResponseBody, parameters.PolicySettings.CustomBlockResponseBody);
Assert.Equal(policy.PolicySettings.CustomBlockResponseStatusCode, parameters.PolicySettings.CustomBlockResponseStatusCode);
Assert.Equal(policy.PolicySettings.RedirectUrl, parameters.PolicySettings.RedirectUrl);
Assert.Equal(policy.CustomRules.Rules.Count, parameters.CustomRules.Rules.Count);
Assert.Equal(policy.ManagedRules.ManagedRuleSets.Count, parameters.ManagedRules.ManagedRuleSets.Count);
}
/// <summary>
/// Creates or update policy with specified rule set name within a resource
/// group.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='policyName'>
/// The name of the policy.
/// </param>
/// <param name='parameters'>
/// Policy to be created.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <WebApplicationFirewallPolicy> CreateOrUpdateAsync(this IWebApplicationFirewallPoliciesOperations operations, string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(resourceGroupName, policyName, parameters, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Creates or update policy with specified rule set name within a resource
/// group.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group.
/// </param>
/// <param name='policyName'>
/// The name of the policy.
/// </param>
/// <param name='parameters'>
/// Policy to be created.
/// </param>
public static WebApplicationFirewallPolicy CreateOrUpdate(this IWebApplicationFirewallPoliciesOperations operations, string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters)
{
return(operations.CreateOrUpdateAsync(resourceGroupName, policyName, parameters).GetAwaiter().GetResult());
}
public void WAFCRUDTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType()))
{
// Create clients
var frontDoorMgmtClient = FrontDoorTestUtilities.GetFrontDoorManagementClient(context, handler1);
var resourcesClient = FrontDoorTestUtilities.GetResourceManagementClient(context, handler2);
// Create resource group
var resourceGroupName = FrontDoorTestUtilities.CreateResourceGroup(resourcesClient);
// Create a frontDoor WAF policy
string policyName = TestUtilities.GenerateName("policy");
WebApplicationFirewallPolicy createParameters = new WebApplicationFirewallPolicy
{
Location = "global",
Tags = new Dictionary <string, string>
{
{ "key1", "value1" },
{ "key2", "value2" }
},
PolicySettings = new PolicySettings
{
EnabledState = "Enabled",
Mode = "Prevention",
CustomBlockResponseBody = "PGh0bWw+SGVsbG88L2h0bWw+",
CustomBlockResponseStatusCode = 403,
RedirectUrl = "http://www.bing.com"
},
CustomRules = new CustomRuleList(
new List <CustomRule>
{
new CustomRule
{
Name = "rule1",
EnabledState = "Enabled",
Priority = 1,
RuleType = "RateLimitRule",
RateLimitThreshold = 1000,
MatchConditions = new List <MatchCondition>
{
new MatchCondition
{
MatchVariable = "RemoteAddr",
OperatorProperty = "IPMatch",
MatchValue = new List <string>
{
"192.168.1.0/24",
"10.0.0.0/24"
}
}
},
Action = "Block"
}
}
),
ManagedRules = new ManagedRuleSetList(
new List <ManagedRuleSet> {
new ManagedRuleSet
{
RuleSetType = "DefaultRuleSet",
RuleSetVersion = "1.0",
Exclusions = new List <ManagedRuleExclusion>
{
new ManagedRuleExclusion
{
MatchVariable = ManagedRuleExclusionMatchVariable.RequestBodyPostArgNames,
SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Contains,
Selector = "query"
}
},
RuleGroupOverrides = new List <ManagedRuleGroupOverride>
{
new ManagedRuleGroupOverride
{
RuleGroupName = "SQLI",
Exclusions = new List <ManagedRuleExclusion>
{
new ManagedRuleExclusion
{
MatchVariable = ManagedRuleExclusionMatchVariable.RequestHeaderNames,
SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Equals,
Selector = "User-Agent"
}
},
Rules = new List <ManagedRuleOverride>
{
new ManagedRuleOverride
{
RuleId = "942100",
Action = "Redirect",
EnabledState = "Disabled",
Exclusions = new List <ManagedRuleExclusion>
{
new ManagedRuleExclusion
{
MatchVariable = ManagedRuleExclusionMatchVariable.QueryStringArgNames,
SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Equals,
Selector = "search"
}
}
}
}
}
}
}
})
};
var policy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, createParameters);
// validate the created policy
VerifyPolicy(policy, createParameters);
// Retrieve policy
var retrievedPolicy = frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName);
// validate that correct policy is retrieved
VerifyPolicy(retrievedPolicy, createParameters);
// update Policy
CustomRule geoFilter = new CustomRule
{
Name = "rule2",
Priority = 2,
RuleType = "MatchRule",
MatchConditions = new List <MatchCondition>
{
new MatchCondition
{
MatchVariable = "RemoteAddr",
OperatorProperty = "GeoMatch",
MatchValue = new List <string>
{
"US"
}
}
},
Action = "Allow"
};
retrievedPolicy.CustomRules.Rules.Add(geoFilter);
var updatedPolicy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, retrievedPolicy);
// validate that Policy is correctly updated
VerifyPolicy(updatedPolicy, retrievedPolicy);
// Delete Policy
frontDoorMgmtClient.Policies.Delete(resourceGroupName, policyName);
// Verify that Policy is deleted
Assert.ThrowsAny <ErrorResponseException>(() =>
{
frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName);
});
FrontDoorTestUtilities.DeleteResourceGroup(resourcesClient, resourceGroupName);
}
}
public PSApplicationGatewayWebApplicationFirewallPolicy ToPsApplicationGatewayFirewallPolicy(WebApplicationFirewallPolicy firewallPolicy)
{
var psFirewallPolicy = NetworkResourceManagerProfile.Mapper.Map <PSApplicationGatewayWebApplicationFirewallPolicy>(firewallPolicy);
psFirewallPolicy.Tag = TagsConversionHelper.CreateTagHashtable(firewallPolicy.Tags);
return(psFirewallPolicy);
}
public virtual async Task <Response <WebApplicationFirewallPolicy> > CreateOrUpdateAsync(string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters, CancellationToken cancellationToken = default)
{
using var scope = _clientDiagnostics.CreateScope("WebApplicationFirewallPoliciesOperations.CreateOrUpdate");
scope.Start();
try
{
return(await RestClient.CreateOrUpdateAsync(resourceGroupName, policyName, parameters, cancellationToken).ConfigureAwait(false));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
public virtual Response <WebApplicationFirewallPolicy> CreateOrUpdate(string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters, CancellationToken cancellationToken = default)
{
using var scope = _clientDiagnostics.CreateScope("WebApplicationFirewallPoliciesClient.CreateOrUpdate");
scope.Start();
try
{
return(RestClient.CreateOrUpdate(resourceGroupName, policyName, parameters, cancellationToken));
}
catch (Exception e)
{
scope.Failed(e);
throw;
}
}
