I need to create a Azure policy which enforces frontdoor firewall to allow only certain IP's
Something like below,
I have created the below policy but it is not adding the waf custom rule.
Can someone help to find what's wrong with below policy,
"properties": {
"displayName": "akapolicy",
"policyType": "Custom",
"mode": "All",
"metadata": {
},
"parameters": {},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/FrontDoorWebApplicationFirewallPolicies"
},
{
"anyOf": [
{
"field": "tags['application']",
"exists": true
}
]
}
]
},
"then": {
"details": {
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2022-05-01",
"properties": {
"customRules": {
"rules": [
{
"action": "Allow",
"enabledState": "Enabled",
"matchConditions": [
{
"matchValue": [
"1.1.1.1"
],
"matchVariable": "RemoteAddr",
"operator": "Contains"
}
],
"name": "akamairule",
"priority": "1",
"rateLimitDurationInMinutes": "1",
"rateLimitThreshold": "50",
"ruleType": "MatchRule"
}
]
}
}
}
]
}
}
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
],
"type": "Microsoft.Network/frontdoorWebApplicationFirewallPolicies"
},
"effect": "deployIfNotExists"
}
}
},
}
}
