{ "description": "Generator information:\n- Generated from: /network/resource-manager/Microsoft.Network/stable/2024-01-01/webapplicationfirewall.json\n- ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/{policyName}", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "azureName": { "description": "AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it\ndoesn't have to be.", "maxLength": 128, "type": "string" }, "customRules": { "description": "CustomRules: The custom rules inside the policy.", "items": { "description": "Defines contents of a web application rule.", "properties": { "action": { "description": "Action: Type of Actions.", "enum": [ "Allow", "Block", "JSChallenge", "Log" ], "type": "string" }, "groupByUserSession": { "description": "GroupByUserSession: List of user session identifier group by clauses.", "items": { "description": "Define user session identifier group by clauses.", "properties": { "groupByVariables": { "description": "GroupByVariables: List of group by clause variables.", "items": { "description": "Define user session group by clause variables.", "properties": { "variableName": { "description": "VariableName: User Session clause variable.", "enum": [ "ClientAddr", "GeoLocation", "None" ], "type": "string" } }, "required": [ "variableName" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "groupByVariables" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchConditions": { "description": "MatchConditions: List of match conditions.", "items": { "description": "Define match conditions.", "properties": { "matchValues": { "description": "MatchValues: Match value.", "items": { "type": "string" }, "type": "array" }, "matchVariables": { "description": "MatchVariables: List of match variables.", "items": { "description": "Define match variables.", "properties": { "selector": { "description": "Selector: The selector of match variable.", "type": "string" }, "variableName": { "description": "VariableName: Match Variable.", "enum": [ "PostArgs", "QueryString", "RemoteAddr", "RequestBody", "RequestCookies", "RequestHeaders", "RequestMethod", "RequestUri" ], "type": "string" } }, "required": [ "variableName" ], "type": "object", "additionalProperties": false }, "type": "array" }, "negationConditon": { "description": "NegationConditon: Whether this is negate condition or not.", "type": "boolean" }, "operator": { "description": "Operator: The operator to be matched.", "enum": [ "Any", "BeginsWith", "Contains", "EndsWith", "Equal", "GeoMatch", "GreaterThan", "GreaterThanOrEqual", "IPMatch", "LessThan", "LessThanOrEqual", "Regex" ], "type": "string" }, "transforms": { "description": "Transforms: List of transforms.", "items": { "description": "Transforms applied before matching.", "enum": [ "HtmlEntityDecode", "Lowercase", "RemoveNulls", "Trim", "Uppercase", "UrlDecode", "UrlEncode" ], "type": "string" }, "type": "array" } }, "required": [ "matchValues", "matchVariables", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "description": "Name: The name of the resource that is unique within a policy. This name can be used to access the resource.", "maxLength": 128, "type": "string" }, "priority": { "description": "Priority: Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.", "type": "integer" }, "rateLimitDuration": { "description": "RateLimitDuration: Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.", "enum": [ "FiveMins", "OneMin" ], "type": "string" }, "rateLimitThreshold": { "description": "RateLimitThreshold: Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1", "type": "integer" }, "ruleType": { "description": "RuleType: The rule type.", "enum": [ "Invalid", "MatchRule", "RateLimitRule" ], "type": "string" }, "state": { "description": "State: Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.", "enum": [ "Disabled", "Enabled" ], "type": "string" } }, "required": [ "action", "matchConditions", "priority", "ruleType" ], "type": "object", "additionalProperties": false }, "type": "array" }, "location": { "description": "Location: Resource location.", "type": "string" }, "managedRules": { "description": "ManagedRules: Describes the managedRules structure.", "properties": { "exclusions": { "description": "Exclusions: The Exclusions that are applied on the policy.", "items": { "description": "Allow to exclude some variable satisfy the condition for the WAF check.", "properties": { "exclusionManagedRuleSets": { "description": "ExclusionManagedRuleSets: The managed rule sets that are associated with the exclusion.", "items": { "description": "Defines a managed rule set for Exclusions.", "properties": { "ruleGroups": { "description": "RuleGroups: Defines the rule groups to apply to the rule set.", "items": { "description": "Defines a managed rule group to use for exclusion.", "properties": { "ruleGroupName": { "description": "RuleGroupName: The managed rule group for exclusion.", "type": "string" }, "rules": { "description": "Rules: List of rules that will be excluded. If none specified, all rules in the group will be excluded.", "items": { "description": "Defines a managed rule to use for exclusion.", "properties": { "ruleId": { "description": "RuleId: Identifier for the managed rule.", "type": "string" } }, "required": [ "ruleId" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "ruleGroupName" ], "type": "object", "additionalProperties": false }, "type": "array" }, "ruleSetType": { "description": "RuleSetType: Defines the rule set type to use.", "type": "string" }, "ruleSetVersion": { "description": "RuleSetVersion: Defines the version of the rule set to use.", "type": "string" } }, "required": [ "ruleSetType", "ruleSetVersion" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchVariable": { "description": "MatchVariable: The variable to be excluded.", "enum": [ "RequestArgKeys", "RequestArgNames", "RequestArgValues", "RequestCookieKeys", "RequestCookieNames", "RequestCookieValues", "RequestHeaderKeys", "RequestHeaderNames", "RequestHeaderValues" ], "type": "string" }, "selector": { "description": "Selector: When matchVariable is a collection, operator used to specify which elements in the collection this exclusion\napplies to.", "type": "string" }, "selectorMatchOperator": { "description": "SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the\ncollection this exclusion applies to.", "enum": [ "Contains", "EndsWith", "Equals", "EqualsAny", "StartsWith" ], "type": "string" } }, "required": [ "matchVariable", "selector", "selectorMatchOperator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "managedRuleSets": { "description": "ManagedRuleSets: The managed rule sets that are associated with the policy.", "items": { "description": "Defines a managed rule set.", "properties": { "ruleGroupOverrides": { "description": "RuleGroupOverrides: Defines the rule group overrides to apply to the rule set.", "items": { "description": "Defines a managed rule group override setting.", "properties": { "ruleGroupName": { "description": "RuleGroupName: The managed rule group to override.", "type": "string" }, "rules": { "description": "Rules: List of rules that will be disabled. If none specified, all rules in the group will be disabled.", "items": { "description": "Defines a managed rule group override setting.", "properties": { "action": { "description": "Action: Describes the override action to be applied when rule matches.", "enum": [ "Allow", "AnomalyScoring", "Block", "JSChallenge", "Log" ], "type": "string" }, "ruleId": { "description": "RuleId: Identifier for the managed rule.", "type": "string" }, "state": { "description": "State: The state of the managed rule. Defaults to Disabled if not specified.", "enum": [ "Disabled", "Enabled" ], "type": "string" } }, "required": [ "ruleId" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "ruleGroupName" ], "type": "object", "additionalProperties": false }, "type": "array" }, "ruleSetType": { "description": "RuleSetType: Defines the rule set type to use.", "type": "string" }, "ruleSetVersion": { "description": "RuleSetVersion: Defines the version of the rule set to use.", "type": "string" } }, "required": [ "ruleSetType", "ruleSetVersion" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "managedRuleSets" ], "type": "object", "additionalProperties": false }, "operatorSpec": { "description": "OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not\npassed directly to Azure", "properties": { "configMapExpressions": { "description": "ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "secretExpressions": { "description": "SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "owner": { "description": "Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also\ncontrols the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a\nreference to a resources.azure.com/ResourceGroup resource", "properties": { "armId": { "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "name": { "description": "This is the name of the Kubernetes resource to reference.", "type": "string" } }, "type": "object", "additionalProperties": false }, "policySettings": { "description": "PolicySettings: The PolicySettings for policy.", "properties": { "customBlockResponseBody": { "description": "CustomBlockResponseBody: If the action type is block, customer can override the response body. The body must be\nspecified in base64 encoding.", "maxLength": 32768, "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$", "type": "string" }, "customBlockResponseStatusCode": { "description": "CustomBlockResponseStatusCode: If the action type is block, customer can override the response status code.", "minimum": 0, "type": "integer" }, "fileUploadEnforcement": { "description": "FileUploadEnforcement: Whether allow WAF to enforce file upload limits.", "type": "boolean" }, "fileUploadLimitInMb": { "description": "FileUploadLimitInMb: Maximum file upload size in Mb for WAF.", "minimum": 0, "type": "integer" }, "jsChallengeCookieExpirationInMins": { "description": "JsChallengeCookieExpirationInMins: Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.", "maximum": 1440, "minimum": 5, "type": "integer" }, "logScrubbing": { "description": "LogScrubbing: To scrub sensitive log fields", "properties": { "scrubbingRules": { "description": "ScrubbingRules: The rules that are applied to the logs for scrubbing.", "items": { "description": "Allow certain variables to be scrubbed on WAF logs", "properties": { "matchVariable": { "description": "MatchVariable: The variable to be scrubbed from the logs.", "enum": [ "RequestArgNames", "RequestCookieNames", "RequestHeaderNames", "RequestIPAddress", "RequestJSONArgNames", "RequestPostArgNames" ], "type": "string" }, "selector": { "description": "Selector: When matchVariable is a collection, operator used to specify which elements in the collection this rule\napplies to.", "type": "string" }, "selectorMatchOperator": { "description": "SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the\ncollection this rule applies to.", "enum": [ "Equals", "EqualsAny" ], "type": "string" }, "state": { "description": "State: Defines the state of log scrubbing rule. Default value is Enabled.", "enum": [ "Disabled", "Enabled" ], "type": "string" } }, "required": [ "matchVariable", "selectorMatchOperator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "state": { "description": "State: State of the log scrubbing config. Default value is Enabled.", "enum": [ "Disabled", "Enabled" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "maxRequestBodySizeInKb": { "description": "MaxRequestBodySizeInKb: Maximum request body size in Kb for WAF.", "minimum": 8, "type": "integer" }, "mode": { "description": "Mode: The mode of the policy.", "enum": [ "Detection", "Prevention" ], "type": "string" }, "requestBodyCheck": { "description": "RequestBodyCheck: Whether to allow WAF to check request Body.", "type": "boolean" }, "requestBodyEnforcement": { "description": "RequestBodyEnforcement: Whether allow WAF to enforce request body limits.", "type": "boolean" }, "requestBodyInspectLimitInKB": { "description": "RequestBodyInspectLimitInKB: Max inspection limit in KB for request body inspection for WAF.", "type": "integer" }, "state": { "description": "State: The state of the policy.", "enum": [ "Disabled", "Enabled" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags: Resource tags.", "type": "object" } }, "required": [ "managedRules", "owner" ], "type": "object", "additionalProperties": false }, "status": { "properties": { "applicationGateways": { "description": "ApplicationGateways: A collection of references to application gateways.", "items": { "description": "Application gateway resource.", "properties": { "id": { "description": "Id: Resource ID.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "conditions": { "description": "Conditions: The observed state of the resource", "items": { "description": "Condition defines an extension to status (an observation) of a resource", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "Message is a human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if\n.metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "Reason for the condition's last transition.\nReasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty.", "type": "string" }, "severity": { "description": "Severity with which to treat failures of this type of condition.\nFor conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True\nFor conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False.\nThis is omitted in all cases when Status == Unknown", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, or Unknown.", "type": "string" }, "type": { "description": "Type of condition.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "customRules": { "description": "CustomRules: The custom rules inside the policy.", "items": { "description": "Defines contents of a web application rule.", "properties": { "action": { "description": "Action: Type of Actions.", "type": "string" }, "etag": { "description": "Etag: A unique read-only string that changes whenever the resource is updated.", "type": "string" }, "groupByUserSession": { "description": "GroupByUserSession: List of user session identifier group by clauses.", "items": { "description": "Define user session identifier group by clauses.", "properties": { "groupByVariables": { "description": "GroupByVariables: List of group by clause variables.", "items": { "description": "Define user session group by clause variables.", "properties": { "variableName": { "description": "VariableName: User Session clause variable.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "matchConditions": { "description": "MatchConditions: List of match conditions.", "items": { "description": "Define match conditions.", "properties": { "matchValues": { "description": "MatchValues: Match value.", "items": { "type": "string" }, "type": "array" }, "matchVariables": { "description": "MatchVariables: List of match variables.", "items": { "description": "Define match variables.", "properties": { "selector": { "description": "Selector: The selector of match variable.", "type": "string" }, "variableName": { "description": "VariableName: Match Variable.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "negationConditon": { "description": "NegationConditon: Whether this is negate condition or not.", "type": "boolean" }, "operator": { "description": "Operator: The operator to be matched.", "type": "string" }, "transforms": { "description": "Transforms: List of transforms.", "items": { "description": "Transforms applied before matching.", "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "description": "Name: The name of the resource that is unique within a policy. This name can be used to access the resource.", "type": "string" }, "priority": { "description": "Priority: Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.", "type": "integer" }, "rateLimitDuration": { "description": "RateLimitDuration: Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule.", "type": "string" }, "rateLimitThreshold": { "description": "RateLimitThreshold: Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1", "type": "integer" }, "ruleType": { "description": "RuleType: The rule type.", "type": "string" }, "state": { "description": "State: Describes if the custom rule is in enabled or disabled state. Defaults to Enabled if not specified.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "etag": { "description": "Etag: A unique read-only string that changes whenever the resource is updated.", "type": "string" }, "httpListeners": { "description": "HttpListeners: A collection of references to application gateway http listeners.", "items": { "description": "Reference to another subresource.", "properties": { "id": { "description": "Id: Resource ID.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "Id: Resource ID.", "type": "string" }, "location": { "description": "Location: Resource location.", "type": "string" }, "managedRules": { "description": "ManagedRules: Describes the managedRules structure.", "properties": { "exclusions": { "description": "Exclusions: The Exclusions that are applied on the policy.", "items": { "description": "Allow to exclude some variable satisfy the condition for the WAF check.", "properties": { "exclusionManagedRuleSets": { "description": "ExclusionManagedRuleSets: The managed rule sets that are associated with the exclusion.", "items": { "description": "Defines a managed rule set for Exclusions.", "properties": { "ruleGroups": { "description": "RuleGroups: Defines the rule groups to apply to the rule set.", "items": { "description": "Defines a managed rule group to use for exclusion.", "properties": { "ruleGroupName": { "description": "RuleGroupName: The managed rule group for exclusion.", "type": "string" }, "rules": { "description": "Rules: List of rules that will be excluded. If none specified, all rules in the group will be excluded.", "items": { "description": "Defines a managed rule to use for exclusion.", "properties": { "ruleId": { "description": "RuleId: Identifier for the managed rule.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ruleSetType": { "description": "RuleSetType: Defines the rule set type to use.", "type": "string" }, "ruleSetVersion": { "description": "RuleSetVersion: Defines the version of the rule set to use.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "matchVariable": { "description": "MatchVariable: The variable to be excluded.", "type": "string" }, "selector": { "description": "Selector: When matchVariable is a collection, operator used to specify which elements in the collection this exclusion\napplies to.", "type": "string" }, "selectorMatchOperator": { "description": "SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the\ncollection this exclusion applies to.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "managedRuleSets": { "description": "ManagedRuleSets: The managed rule sets that are associated with the policy.", "items": { "description": "Defines a managed rule set.", "properties": { "ruleGroupOverrides": { "description": "RuleGroupOverrides: Defines the rule group overrides to apply to the rule set.", "items": { "description": "Defines a managed rule group override setting.", "properties": { "ruleGroupName": { "description": "RuleGroupName: The managed rule group to override.", "type": "string" }, "rules": { "description": "Rules: List of rules that will be disabled. If none specified, all rules in the group will be disabled.", "items": { "description": "Defines a managed rule group override setting.", "properties": { "action": { "description": "Action: Describes the override action to be applied when rule matches.", "type": "string" }, "ruleId": { "description": "RuleId: Identifier for the managed rule.", "type": "string" }, "state": { "description": "State: The state of the managed rule. Defaults to Disabled if not specified.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ruleSetType": { "description": "RuleSetType: Defines the rule set type to use.", "type": "string" }, "ruleSetVersion": { "description": "RuleSetVersion: Defines the version of the rule set to use.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name: Resource name.", "type": "string" }, "pathBasedRules": { "description": "PathBasedRules: A collection of references to application gateway path rules.", "items": { "description": "Reference to another subresource.", "properties": { "id": { "description": "Id: Resource ID.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "policySettings": { "description": "PolicySettings: The PolicySettings for policy.", "properties": { "customBlockResponseBody": { "description": "CustomBlockResponseBody: If the action type is block, customer can override the response body. The body must be\nspecified in base64 encoding.", "type": "string" }, "customBlockResponseStatusCode": { "description": "CustomBlockResponseStatusCode: If the action type is block, customer can override the response status code.", "type": "integer" }, "fileUploadEnforcement": { "description": "FileUploadEnforcement: Whether allow WAF to enforce file upload limits.", "type": "boolean" }, "fileUploadLimitInMb": { "description": "FileUploadLimitInMb: Maximum file upload size in Mb for WAF.", "type": "integer" }, "jsChallengeCookieExpirationInMins": { "description": "JsChallengeCookieExpirationInMins: Web Application Firewall JavaScript Challenge Cookie Expiration time in minutes.", "type": "integer" }, "logScrubbing": { "description": "LogScrubbing: To scrub sensitive log fields", "properties": { "scrubbingRules": { "description": "ScrubbingRules: The rules that are applied to the logs for scrubbing.", "items": { "description": "Allow certain variables to be scrubbed on WAF logs", "properties": { "matchVariable": { "description": "MatchVariable: The variable to be scrubbed from the logs.", "type": "string" }, "selector": { "description": "Selector: When matchVariable is a collection, operator used to specify which elements in the collection this rule\napplies to.", "type": "string" }, "selectorMatchOperator": { "description": "SelectorMatchOperator: When matchVariable is a collection, operate on the selector to specify which elements in the\ncollection this rule applies to.", "type": "string" }, "state": { "description": "State: Defines the state of log scrubbing rule. Default value is Enabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "state": { "description": "State: State of the log scrubbing config. Default value is Enabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "maxRequestBodySizeInKb": { "description": "MaxRequestBodySizeInKb: Maximum request body size in Kb for WAF.", "type": "integer" }, "mode": { "description": "Mode: The mode of the policy.", "type": "string" }, "requestBodyCheck": { "description": "RequestBodyCheck: Whether to allow WAF to check request Body.", "type": "boolean" }, "requestBodyEnforcement": { "description": "RequestBodyEnforcement: Whether allow WAF to enforce request body limits.", "type": "boolean" }, "requestBodyInspectLimitInKB": { "description": "RequestBodyInspectLimitInKB: Max inspection limit in KB for request body inspection for WAF.", "type": "integer" }, "state": { "description": "State: The state of the policy.", "type": "string" } }, "type": "object", "additionalProperties": false }, "provisioningState": { "description": "ProvisioningState: The provisioning state of the web application firewall policy resource.", "type": "string" }, "resourceState": { "description": "ResourceState: Resource status of the policy.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags: Resource tags.", "type": "object" }, "type": { "description": "Type: Resource type.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }