application-gateway-kubernetes-ingress icon indicating copy to clipboard operation
application-gateway-kubernetes-ingress copied to clipboard

Published 20 hours ago verified publisher icon Azure

Need to cretae a Application Gateway WAF policy resource lock enable policy

Open Devaraj004 opened this issue 1 year ago • 0 comments
trafficstars

Hi Team,

I am trying to create a custom policy for Azure Application Gateway WAF policy resource lock enable via policy, we need to restrict the user to modify or delete the WAF rules. i am using below policy definition below but getting the error, could you please check and support this one or please suggest the correct policy definition

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies"
        }
      ]
    },
    "then": {
      "effect": "deny",
      "details": {
        "type": "Microsoft.Authorization/locks",
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.Authorization/locks/level",
              "equals": "CanNotDelete"
            }
          ]
        }
      }
    }
  }

Error : The policy definition '171d5886-c7ef-48d4-b556-b06f6b9b76bd' rule is invalid. The policy effect 'details' property could not be parsed using mode 'All'.

Devaraj004 avatar Mar 20 '24 13:03 Devaraj004