Skip to content

Commit

Permalink
Example: Azure Front Door w/ Web Application Firewall (#1076)
Browse files Browse the repository at this point in the history 
* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend

* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend

* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend

* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend

* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend

* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend

* Example: Azure Front Door w/ Web Application Firewall

Example: Azure Front Door with Web Application Firewall in Prevention Mode and Routing Rules for both Redirect or Backend
  • Loading branch information
@mbsnl
mbsnl authored Dec 7, 2020
1 parent 0707223 commit 756ad9a
Show file tree
Hide file tree
Showing 3 changed files with 389 additions and 0 deletions.
178 changes: 178 additions & 0 deletions docs/examples/201/front-door-with-webapplication-firewall/main.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
param frontDoorName string = 'AzFd-TestingBicep-999'
param frontDoorEnabledState bool = true
param healthProbe1EnabledState bool = false
param frontDoorWafDeployed bool = false // Used for conditions once available in bicep 0.3
param frontDoorWafNamePrefix string = 'AzFdWafTestingBicep'
param frontDoorWafEnabledState bool = true
param frontDoorWafMode string {
allowed: [
'Prevention'
'Detection'
]
default: 'Prevention'
}

var frontDoorNameLower = toLower(frontDoorName)
var backendPool1Name = '${frontDoorNameLower}-backendPool1'

var healthProbe1Name = '${frontDoorNameLower}-healthProbe1'
var frontendEndpoint1Name = '${frontDoorNameLower}-frontendEndpoint1'
var loadBalancing1Name = '${frontDoorNameLower}-loadBalancing1'
var routingRule1Name = '${frontDoorNameLower}-routingRule1'
var routingRule2Name = '${frontDoorNameLower}-routingRule2'

var frontendEndpoint1hostName = '${frontDoorNameLower}.azurefd.net'
var backendExampleTarget = 'api.myip.com'
var redirectExampleTarget = 'api.myip.com'

var frontDoorWafName = '${frontDoorWafNamePrefix}${uniqueString(subscription().subscriptionId, resourceGroup().id, frontDoorWafNamePrefix)}'

resource resAzFd 'Microsoft.Network/frontdoors@2020-01-01' = {
name: frontDoorNameLower
location: 'Global'
properties: {
enabledState: frontDoorEnabledState ? 'Enabled' : 'Disabled'
friendlyName: frontDoorNameLower
frontendEndpoints: [
{
name: frontendEndpoint1Name
properties: {
hostName: frontendEndpoint1hostName
sessionAffinityEnabledState: 'Disabled'
sessionAffinityTtlSeconds: 0
webApplicationFirewallPolicyLink: {
id: '${resAzFdWaf.id}'
}
}
}
]
backendPoolsSettings: {
enforceCertificateNameCheck: 'Enabled'
sendRecvTimeoutSeconds: 30
}
backendPools: [
{
name: backendPool1Name
properties: {
backends: [
{
address: backendExampleTarget
backendHostHeader: backendExampleTarget
enabledState: 'Enabled'
httpPort: 80
httpsPort: 443
priority: 1
weight: 50
}
]
healthProbeSettings: {
id: resourceId('Microsoft.Network/frontDoors/healthProbeSettings', frontDoorNameLower, healthProbe1Name)
}
loadBalancingSettings: {
id: resourceId('Microsoft.Network/frontDoors/LoadBalancingSettings', frontDoorNameLower, loadBalancing1Name)
}
}
}
]
healthProbeSettings: [
{
name: healthProbe1Name
properties: {
enabledState: healthProbe1EnabledState ? 'Enabled' : 'Disabled'
intervalInSeconds: 30
path: '/'
protocol: 'Https'
healthProbeMethod: 'HEAD'
}
}
]
loadBalancingSettings: [
{
name: loadBalancing1Name
properties: {
additionalLatencyMilliseconds: 0
sampleSize: 4
successfulSamplesRequired: 2
}
}
]
routingRules: [
{
name: routingRule1Name
properties: {
frontendEndpoints: [
{
id: resourceId('Microsoft.Network/frontDoors/FrontendEndpoints', frontDoorNameLower, frontendEndpoint1Name)
}
]
acceptedProtocols: [
'Https'
]
patternsToMatch: [
'/*'
]
enabledState: 'Enabled'
resourceState: 'Enabled'
routeConfiguration: {
'@odata.type': '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
forwardingProtocol: 'HttpsOnly'
backendPool: {
id: resourceId('Microsoft.Network/frontDoors/BackendPools', frontDoorNameLower, backendPool1Name)
}
}
}
}
{
name: routingRule2Name
properties: {
frontendEndpoints: [
{
id: resourceId('Microsoft.Network/frontDoors/FrontendEndpoints', frontDoorNameLower, frontendEndpoint1Name)
}
]
acceptedProtocols: [
'Https'
]
patternsToMatch: [
'/redirect/*'
'/redirect'
]
enabledState: 'Enabled'
resourceState: 'Enabled'
routeConfiguration: {
'@odata.type': '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration'
customHost: redirectExampleTarget
customPath: '/'
redirectProtocol: 'HttpsOnly'
redirectType: 'Found'
}
}
}
]
}
}

resource resAzFdWaf 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2019-10-01' = {
name: frontDoorWafName
location: 'Global'
properties: {
policySettings: {
enabledState: frontDoorWafEnabledState ? 'Enabled' : 'Disabled'
mode: frontDoorWafMode
customBlockResponseStatusCode: 403
}
customRules: {
rules: []
}
managedRules: {
managedRuleSets: [
{
ruleSetType: 'DefaultRuleSet'
ruleSetVersion: '1.0'
ruleGroupOverrides: []
exclusions: []
}
]
}
}
}
209 changes: 209 additions & 0 deletions docs/examples/201/front-door-with-webapplication-firewall/main.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"frontDoorName": {
"type": "string",
"defaultValue": "AzFd-TestingBicep-999"
},
"frontDoorEnabledState": {
"type": "bool",
"defaultValue": true
},
"healthProbe1EnabledState": {
"type": "bool",
"defaultValue": false
},
"frontDoorWafDeployed": {
"type": "bool",
"defaultValue": false
},
"frontDoorWafNamePrefix": {
"type": "string",
"defaultValue": "AzFdWafTestingBicep"
},
"frontDoorWafEnabledState": {
"type": "bool",
"defaultValue": true
},
"frontDoorWafMode": {
"type": "string",
"defaultValue": "Prevention",
"allowedValues": [
"Prevention",
"Detection"
]
}
},
"functions": [],
"variables": {
"frontDoorNameLower": "[toLower(parameters('frontDoorName'))]",
"backendPool1Name": "[format('{0}-backendPool1', variables('frontDoorNameLower'))]",
"healthProbe1Name": "[format('{0}-healthProbe1', variables('frontDoorNameLower'))]",
"frontendEndpoint1Name": "[format('{0}-frontendEndpoint1', variables('frontDoorNameLower'))]",
"loadBalancing1Name": "[format('{0}-loadBalancing1', variables('frontDoorNameLower'))]",
"routingRule1Name": "[format('{0}-routingRule1', variables('frontDoorNameLower'))]",
"routingRule2Name": "[format('{0}-routingRule2', variables('frontDoorNameLower'))]",
"frontendEndpoint1hostName": "[format('{0}.azurefd.net', variables('frontDoorNameLower'))]",
"backendExampleTarget": "api.myip.com",
"redirectExampleTarget": "api.myip.com",
"frontDoorWafName": "[format('{0}{1}', parameters('frontDoorWafNamePrefix'), uniqueString(subscription().subscriptionId, resourceGroup().id, parameters('frontDoorWafNamePrefix')))]"
},
"resources": [
{
"type": "Microsoft.Network/frontDoors",
"apiVersion": "2020-01-01",
"name": "[variables('frontDoorNameLower')]",
"location": "Global",
"properties": {
"enabledState": "[if(parameters('frontDoorEnabledState'), 'Enabled', 'Disabled')]",
"friendlyName": "[variables('frontDoorNameLower')]",
"frontendEndpoints": [
{
"name": "[variables('frontendEndpoint1Name')]",
"properties": {
"hostName": "[variables('frontendEndpoint1hostName')]",
"sessionAffinityEnabledState": "Disabled",
"sessionAffinityTtlSeconds": 0,
"webApplicationFirewallPolicyLink": {
"id": "[resourceId('Microsoft.Network/FrontDoorWebApplicationFirewallPolicies', variables('frontDoorWafName'))]"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "Enabled",
"sendRecvTimeoutSeconds": 30
},
"backendPools": [
{
"name": "[variables('backendPool1Name')]",
"properties": {
"backends": [
{
"address": "[variables('backendExampleTarget')]",
"backendHostHeader": "[variables('backendExampleTarget')]",
"enabledState": "Enabled",
"httpPort": 80,
"httpsPort": 443,
"priority": 1,
"weight": 50
}
],
"healthProbeSettings": {
"id": "[resourceId('Microsoft.Network/frontDoors/healthProbeSettings', variables('frontDoorNameLower'), variables('healthProbe1Name'))]"
},
"loadBalancingSettings": {
"id": "[resourceId('Microsoft.Network/frontDoors/LoadBalancingSettings', variables('frontDoorNameLower'), variables('loadBalancing1Name'))]"
}
}
}
],
"healthProbeSettings": [
{
"name": "[variables('healthProbe1Name')]",
"properties": {
"enabledState": "[if(parameters('healthProbe1EnabledState'), 'Enabled', 'Disabled')]",
"intervalInSeconds": 30,
"path": "/",
"protocol": "Https",
"healthProbeMethod": "HEAD"
}
}
],
"loadBalancingSettings": [
{
"name": "[variables('loadBalancing1Name')]",
"properties": {
"additionalLatencyMilliseconds": 0,
"sampleSize": 4,
"successfulSamplesRequired": 2
}
}
],
"routingRules": [
{
"name": "[variables('routingRule1Name')]",
"properties": {
"frontendEndpoints": [
{
"id": "[resourceId('Microsoft.Network/frontDoors/FrontendEndpoints', variables('frontDoorNameLower'), variables('frontendEndpoint1Name'))]"
}
],
"acceptedProtocols": [
"Https"
],
"patternsToMatch": [
"/*"
],
"enabledState": "Enabled",
"resourceState": "Enabled",
"routeConfiguration": {
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"forwardingProtocol": "HttpsOnly",
"backendPool": {
"id": "[resourceId('Microsoft.Network/frontDoors/BackendPools', variables('frontDoorNameLower'), variables('backendPool1Name'))]"
}
}
}
},
{
"name": "[variables('routingRule2Name')]",
"properties": {
"frontendEndpoints": [
{
"id": "[resourceId('Microsoft.Network/frontDoors/FrontendEndpoints', variables('frontDoorNameLower'), variables('frontendEndpoint1Name'))]"
}
],
"acceptedProtocols": [
"Https"
],
"patternsToMatch": [
"/redirect/*",
"/redirect"
],
"enabledState": "Enabled",
"resourceState": "Enabled",
"routeConfiguration": {
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration",
"customHost": "[variables('redirectExampleTarget')]",
"customPath": "/",
"redirectProtocol": "HttpsOnly",
"redirectType": "Found"
}
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/FrontDoorWebApplicationFirewallPolicies', variables('frontDoorWafName'))]"
]
},
{
"type": "Microsoft.Network/FrontDoorWebApplicationFirewallPolicies",
"apiVersion": "2019-10-01",
"name": "[variables('frontDoorWafName')]",
"location": "Global",
"properties": {
"policySettings": {
"enabledState": "[if(parameters('frontDoorWafEnabledState'), 'Enabled', 'Disabled')]",
"mode": "[parameters('frontDoorWafMode')]",
"customBlockResponseStatusCode": 403
},
"customRules": {
"rules": []
},
"managedRules": {
"managedRuleSets": [
{
"ruleSetType": "DefaultRuleSet",
"ruleSetVersion": "1.0",
"ruleGroupOverrides": [],
"exclusions": []
}
]
}
}
}
]
}
Loading

0 comments on commit 756ad9a

Please sign in to comment.