Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Custom rule is not updating for WAF policy #48513

Open
shyambabu-kolipaka opened this issue Mar 3, 2025 · 2 comments
Open

[BUG] Custom rule is not updating for WAF policy #48513

shyambabu-kolipaka opened this issue Mar 3, 2025 · 2 comments
Assignees
@HarveyLink
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Mgmt This issue is related to a management-plane library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team Network - Front Door Service: Azure Front Door question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@shyambabu-kolipaka
Copy link

Library name and version

Azure.ResourceManager.FrontDoor 1.3.0

Describe the bug

I am using following code add the custom rule. I am getting success message. But, custom rule is not being added to the policy. Please let me know if I miss something.

I see that there is no documentation for adding custom rules for the WAF policy. It would be great if it is added.

Thanks in advance.

// Authenticate using ClientSecretCredential
var credential = new ClientSecretCredential(_configuration["AzureAd:TenantId"], _configuration["WAFPolicy:ClientId"], _configuration["WAFPolicy:ClientSecret"]);
var client = new ArmClient(credential);

// Get the subscription resource
var subscription = client.GetSubscriptionResource(new ResourceIdentifier($"/subscriptions/{_configuration["WAFPolicy:SubscriptionId"]}"));

// Get the resource group
var resourceGroup = await subscription.GetResourceGroups().GetAsync(_configuration["WAFPolicy:ResourceGroupName"]);

_wafPolicyResource = await resourceGroup.Value.GetFrontDoorWebApplicationFirewallPolicies().GetAsync(_configuration["WAFPolicy:Name"]);

var ruleMatchCondition = new WebApplicationRuleMatchCondition
(
    WebApplicationRuleMatchVariable.RemoteAddr,
    WebApplicationRuleMatchOperator.Contains,
    firewallRule.Values
);

var customRule = new WebApplicationCustomRule(
        firewallRule.Priority,
        WebApplicationRuleType.MatchRule,
        new[] { ruleMatchCondition },
        RuleMatchActionType.Allow
    )
{
    Name = "Test"
};

_wafPolicyResource.Data.Rules.Add(customRule);

FrontDoorWebApplicationFirewallPolicyPatch patch = new FrontDoorWebApplicationFirewallPolicyPatch
{
    Tags =
    {
    ["key1"] = "value1",
    ["key2"] = "value2"
    }
};
ArmOperation<FrontDoorWebApplicationFirewallPolicyResource> lro = await _wafPolicyResource.UpdateAsync(Azure.WaitUntil.Completed, patch);

Expected behavior

Custom rule should be added for the WAF policy on success response of update.

Actual behavior

Custom rule is not being added.

Reproduction Steps

// Authenticate using ClientSecretCredential
var credential = new ClientSecretCredential(_configuration["AzureAd:TenantId"], _configuration["WAFPolicy:ClientId"], _configuration["WAFPolicy:ClientSecret"]);
var client = new ArmClient(credential);

// Get the subscription resource
var subscription = client.GetSubscriptionResource(new ResourceIdentifier($"/subscriptions/{_configuration["WAFPolicy:SubscriptionId"]}"));

// Get the resource group
var resourceGroup = await subscription.GetResourceGroups().GetAsync(_configuration["WAFPolicy:ResourceGroupName"]);

_wafPolicyResource = await resourceGroup.Value.GetFrontDoorWebApplicationFirewallPolicies().GetAsync(_configuration["WAFPolicy:Name"]);

var ruleMatchCondition = new WebApplicationRuleMatchCondition
(
    WebApplicationRuleMatchVariable.RemoteAddr,
    WebApplicationRuleMatchOperator.Contains,
    firewallRule.Values
);

var customRule = new WebApplicationCustomRule(
        firewallRule.Priority,
        WebApplicationRuleType.MatchRule,
        new[] { ruleMatchCondition },
        RuleMatchActionType.Allow
    )
{
    Name = "Test"
};

_wafPolicyResource.Data.Rules.Add(customRule);

FrontDoorWebApplicationFirewallPolicyPatch patch = new FrontDoorWebApplicationFirewallPolicyPatch
{
    Tags =
    {
    ["key1"] = "value1",
    ["key2"] = "value2"
    }
};
ArmOperation<FrontDoorWebApplicationFirewallPolicyResource> lro = await _wafPolicyResource.UpdateAsync(Azure.WaitUntil.Completed, patch);

Environment

OS : Windows
IDE : Visual studio
dotnet version : 8.0
@github-actions github-actions bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Mar 3, 2025
@jsquire jsquire added Mgmt This issue is related to a management-plane library. Network - Front Door Service: Azure Front Door needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Mar 3, 2025
@jsquire
Copy link
Member

jsquire commented Mar 3, 2025

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@HarveyLink HarveyLink assigned HarveyLink and unassigned ArthurMa1978 Mar 4, 2025
@shyambabu-kolipaka
Copy link
Author

Hi, @jsquire @HarveyLink, did you get chance to look at this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HarveyLink HarveyLink

Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Mgmt This issue is related to a management-plane library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team Network - Front Door Service: Azure Front Door question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jsquire @shyambabu-kolipaka @ArthurMa1978 @HarveyLink