-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
AzureWAFonAPPGWShouldHaveRequestBodyInspectionEnabled.json
50 lines (50 loc) · 1.54 KB
/
AzureWAFonAPPGWShouldHaveRequestBodyInspectionEnabled.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
"properties": {
"displayName": "Azure Web Application Firewall on Azure Application Gateway should have request body inspection enabled",
"policyType": "BuiltIn",
"version": "1.0.0",
"mode": "Indexed",
"description": "Ensure that Web Application Firewalls associated to Azure Application Gateways have Request body inspection enabled. This allows the WAF to inspect properties within the HTTP body that may not be evaluated in the HTTP headers, cookies, or URI.",
"metadata": {
"version": "1.0.0",
"category": "Network"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies"
},
{
"field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policySettings.requestBodyCheck",
"equals": "false"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/ca85ef9a-741d-461d-8b7a-18c2da82c666",
"name": "ca85ef9a-741d-461d-8b7a-18c2da82c666"
}