I am trying to deploy a WAF policy for Application gateway with bicep. It should contain OWASP rule set 3.2. My code is as below:
param wafPolicyName string = 'mypolicy'
param location string = 'westeurope'
resource wafPolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2022-05-01' = {
name: wafPolicyName
location: location
properties: {
policySettings: {
requestBodyCheck: 'Enabled'
enabledState: 'Enabled'
mode: 'Prevention'
}
managedRules: {
managedRuleSets: [
{
ruleSetType: 'OWASP'
ruleSetVersion: '3.2'
ruleGroupOverrides: []
}
]
}
}
}
I got the error:
New-AzResourceGroupDeployment: 17:10:16 - The deployment 'waf_deployment' failed with >error(s). Showing 1 out of 1 error(s). Status Message: WebApplicationFirewallPolicy validation failed. More information "Managed >rule set type and version is not supported". (Code:BadRequest)
I have tried with 3.1 ruleset but it is the same. I have tried different API versions but somehow it doesn't work. I have also tried with bicep version 0.25.3(latest) and 0.20.4.
Any idea?
You are using a front door waf resource type. You need to use an application gateway was resource type (see documentation:
resource waf 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2023-04-01' = {
...
}