0

I have an Application Gateway WAF policy.

I want to update the existing custom rule by adding another IP address.

How can I do this dynamically from Powershell or Azure CLI?

Souvik Saha Choudhury
  • 11
  • 4

1 Answers1

0

I tried to reproduce the same in my environment I got the results successfully like below:

I have created Azure Application Gateway WAF Policy and I created Custom Rule with Ip address like below:

enter image description here

To update the existing custom rule by adding another IP address make use of below command:

$variable1 = New-AzApplicationGatewayFirewallMatchVariable `
   -VariableName RemoteAddr

$condition1 = New-AzApplicationGatewayFirewallCondition `
   -MatchVariable $variable1 `
   -Operator IPMatch `
   -MatchValue "192.168.5.0/24" `
   -NegationCondition $True

$rule1 = New-AzApplicationGatewayFirewallCustomRule `
   -Name myrule1 `
   -Priority 10 `
   -RuleType MatchRule `
   -MatchCondition $condition1 `
   -Action Block
   
$policy = New-AzApplicationGatewayFirewallPolicySetting -Mode "Prevention"
$wafPolicy = New-AzApplicationGatewayFirewallPolicy -Name <PolicyName> -ResourceGroup <RGNAME> -Location eastus -CustomRule $rule1

Result:

enter image description here

When I check in portal the existing custom rule of IP address are updated successfully like below:

enter image description here

update

As per command I want to add another IP in the same rule make use of below script like below:

$variable1 = New-AzApplicationGatewayFirewallMatchVariable `
       -VariableName RemoteAddr
    
$condition1 = New-AzApplicationGatewayFirewallCondition `
       -MatchVariable $variable1 `
       -Operator IPMatch `
       -MatchValue "157.51.145.196","192.168.5.0/24" `
       -NegationCondition $True   
    
$rule1 = New-AzApplicationGatewayFirewallCustomRule `
       -Name myrule1 `
       -Priority 10 `
       -RuleType MatchRule `
       -MatchCondition $condition1, $condition2 `
       -Action Block
     
$policy = New-AzApplicationGatewayFirewallPolicySetting -Mode "Prevention"
$wafPolicy = New-AzApplicationGatewayFirewallPolicy -Name <PolicyName> -ResourceGroup <>RGNAME -Location eastus -CustomRule $rule1

enter image description here

When I use this command another IP added successfully like below:

enter image description here

Imran
  • 3,875
  • 2
  • 3
  • 12
  • This will update the existing IP address if I am not wrong. But I want to add another IP in the same rule. I used this method to do this https://learn.microsoft.com/en-us/cli/azure/network/application-gateway/waf-policy/custom-rule?view=azure-cli-latest#az-network-application-gateway-waf-policy-custom-rule-update – Souvik Saha Choudhury Jan 17 '23 at 06:48