Adding support for Per Rule Actions in Application Gateway Web application Firewall

[sindhualuguvelli1]

Related command

No response

Resource Provider

Network (NRP)

Description of Feature or Work Requested

We are adding support to enable customers to override the action to be applied when a rules matches. For example, if the default action for a rule is "Block" and Cx changes it to "Log", the request will not be blocked but a log entry will be added. We are supporting below 4 actions. If the Cx does not specify any override action then the default action will be applied. Action supported.

1. AnomalyScoring
2. Allow
3. Block
4. Log

Azure-CLI should have the support to configure any of these actions for a given rule. Here is a link to the design document for reference. https://microsoft.sharepoint.com/:w:/r/teams/ApplicationGateway9/Shared%20Documents/WAF/Documents/PerRuleAction/PerRuleActions.docx?d=w9e3f37c827734373ba9643775094937b&csf=1&web=1&e=zo0Mr4

Minimum API Version Required

2022-05-01

Swagger PR link

https://github.com/Azure/azure-rest-api-specs/pull/20027

https://github.com/Azure/azure-rest-api-specs/blob/network-2022-05-01/specification/network/resource-manager/Microsoft.Network/stable/2022-05-01/webapplicationfirewall.json

Request Example

No response

Target Date

Target Date for this feature release is September 2022.

Additional context

No response

[yonzhan]

network

[necusjz]

As limited bandwidth, we plan to deliver it in the next sprint.

[necusjz]

@sindhualuguvelli1 Could you give me access to the mentioned design document? Thanks.

[sindhualuguvelli1]

PerRuleActions (1).docx

@necusjz Uploaded the design document here.

[sindhualuguvelli1]

@necusjz Any update on this?

[necusjz]

@necusjz Any update on this?

WIP and the same situation as https://github.com/Azure/azure-cli/issues/23936#issuecomment-1252580954.