private static void VerifyPolicy(WebApplicationFirewallPolicy policy, WebApplicationFirewallPolicy parameters) { Assert.Equal(policy.Location.ToLower(), parameters.Location.ToLower()); Assert.Equal(policy.Tags.Count, parameters.Tags.Count); Assert.True(policy.Tags.SequenceEqual(parameters.Tags)); Assert.Equal(policy.PolicySettings.EnabledState, parameters.PolicySettings.EnabledState); Assert.Equal(policy.PolicySettings.Mode, parameters.PolicySettings.Mode); Assert.Equal(policy.PolicySettings.CustomBlockResponseBody, parameters.PolicySettings.CustomBlockResponseBody); Assert.Equal(policy.PolicySettings.CustomBlockResponseStatusCode, parameters.PolicySettings.CustomBlockResponseStatusCode); Assert.Equal(policy.PolicySettings.RedirectUrl, parameters.PolicySettings.RedirectUrl); Assert.Equal(policy.CustomRules.Rules.Count, parameters.CustomRules.Rules.Count); Assert.Equal(policy.ManagedRules.ManagedRuleSets.Count, parameters.ManagedRules.ManagedRuleSets.Count); }
/// <summary> /// Creates or update policy with specified rule set name within a resource /// group. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='policyName'> /// The name of the policy. /// </param> /// <param name='parameters'> /// Policy to be created. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <WebApplicationFirewallPolicy> CreateOrUpdateAsync(this IWebApplicationFirewallPoliciesOperations operations, string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(resourceGroupName, policyName, parameters, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Creates or update policy with specified rule set name within a resource /// group. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. /// </param> /// <param name='policyName'> /// The name of the policy. /// </param> /// <param name='parameters'> /// Policy to be created. /// </param> public static WebApplicationFirewallPolicy CreateOrUpdate(this IWebApplicationFirewallPoliciesOperations operations, string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters) { return(operations.CreateOrUpdateAsync(resourceGroupName, policyName, parameters).GetAwaiter().GetResult()); }
public void WAFCRUDTest() { var handler1 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; var handler2 = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK }; using (MockContext context = MockContext.Start(this.GetType())) { // Create clients var frontDoorMgmtClient = FrontDoorTestUtilities.GetFrontDoorManagementClient(context, handler1); var resourcesClient = FrontDoorTestUtilities.GetResourceManagementClient(context, handler2); // Create resource group var resourceGroupName = FrontDoorTestUtilities.CreateResourceGroup(resourcesClient); // Create a frontDoor WAF policy string policyName = TestUtilities.GenerateName("policy"); WebApplicationFirewallPolicy createParameters = new WebApplicationFirewallPolicy { Location = "global", Tags = new Dictionary <string, string> { { "key1", "value1" }, { "key2", "value2" } }, PolicySettings = new PolicySettings { EnabledState = "Enabled", Mode = "Prevention", CustomBlockResponseBody = "PGh0bWw+SGVsbG88L2h0bWw+", CustomBlockResponseStatusCode = 403, RedirectUrl = "http://www.bing.com" }, CustomRules = new CustomRuleList( new List <CustomRule> { new CustomRule { Name = "rule1", EnabledState = "Enabled", Priority = 1, RuleType = "RateLimitRule", RateLimitThreshold = 1000, MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "RemoteAddr", OperatorProperty = "IPMatch", MatchValue = new List <string> { "192.168.1.0/24", "10.0.0.0/24" } } }, Action = "Block" } } ), ManagedRules = new ManagedRuleSetList( new List <ManagedRuleSet> { new ManagedRuleSet { RuleSetType = "DefaultRuleSet", RuleSetVersion = "1.0", Exclusions = new List <ManagedRuleExclusion> { new ManagedRuleExclusion { MatchVariable = ManagedRuleExclusionMatchVariable.RequestBodyPostArgNames, SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Contains, Selector = "query" } }, RuleGroupOverrides = new List <ManagedRuleGroupOverride> { new ManagedRuleGroupOverride { RuleGroupName = "SQLI", Exclusions = new List <ManagedRuleExclusion> { new ManagedRuleExclusion { MatchVariable = ManagedRuleExclusionMatchVariable.RequestHeaderNames, SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Equals, Selector = "User-Agent" } }, Rules = new List <ManagedRuleOverride> { new ManagedRuleOverride { RuleId = "942100", Action = "Redirect", EnabledState = "Disabled", Exclusions = new List <ManagedRuleExclusion> { new ManagedRuleExclusion { MatchVariable = ManagedRuleExclusionMatchVariable.QueryStringArgNames, SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Equals, Selector = "search" } } } } } } } }) }; var policy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, createParameters); // validate the created policy VerifyPolicy(policy, createParameters); // Retrieve policy var retrievedPolicy = frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName); // validate that correct policy is retrieved VerifyPolicy(retrievedPolicy, createParameters); // update Policy CustomRule geoFilter = new CustomRule { Name = "rule2", Priority = 2, RuleType = "MatchRule", MatchConditions = new List <MatchCondition> { new MatchCondition { MatchVariable = "RemoteAddr", OperatorProperty = "GeoMatch", MatchValue = new List <string> { "US" } } }, Action = "Allow" }; retrievedPolicy.CustomRules.Rules.Add(geoFilter); var updatedPolicy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, retrievedPolicy); // validate that Policy is correctly updated VerifyPolicy(updatedPolicy, retrievedPolicy); // Delete Policy frontDoorMgmtClient.Policies.Delete(resourceGroupName, policyName); // Verify that Policy is deleted Assert.ThrowsAny <ErrorResponseException>(() => { frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName); }); FrontDoorTestUtilities.DeleteResourceGroup(resourcesClient, resourceGroupName); } }
public PSApplicationGatewayWebApplicationFirewallPolicy ToPsApplicationGatewayFirewallPolicy(WebApplicationFirewallPolicy firewallPolicy) { var psFirewallPolicy = NetworkResourceManagerProfile.Mapper.Map <PSApplicationGatewayWebApplicationFirewallPolicy>(firewallPolicy); psFirewallPolicy.Tag = TagsConversionHelper.CreateTagHashtable(firewallPolicy.Tags); return(psFirewallPolicy); }
public virtual async Task <Response <WebApplicationFirewallPolicy> > CreateOrUpdateAsync(string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters, CancellationToken cancellationToken = default) { using var scope = _clientDiagnostics.CreateScope("WebApplicationFirewallPoliciesOperations.CreateOrUpdate"); scope.Start(); try { return(await RestClient.CreateOrUpdateAsync(resourceGroupName, policyName, parameters, cancellationToken).ConfigureAwait(false)); } catch (Exception e) { scope.Failed(e); throw; } }
public virtual Response <WebApplicationFirewallPolicy> CreateOrUpdate(string resourceGroupName, string policyName, WebApplicationFirewallPolicy parameters, CancellationToken cancellationToken = default) { using var scope = _clientDiagnostics.CreateScope("WebApplicationFirewallPoliciesClient.CreateOrUpdate"); scope.Start(); try { return(RestClient.CreateOrUpdate(resourceGroupName, policyName, parameters, cancellationToken)); } catch (Exception e) { scope.Failed(e); throw; } }