azureowaspazure-application-gatewayazure-bicepazure-waf

Bicep code to deploy WAF policy for Azure Application gateway


I am trying to deploy a WAF policy for Application gateway with bicep. It should contain OWASP rule set 3.2. My code is as below:

param wafPolicyName string = 'mypolicy'
param location string = 'westeurope'

resource wafPolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2022-05-01' = {
  name: wafPolicyName
  location: location
  properties: {
    policySettings: {
      requestBodyCheck: 'Enabled'
      enabledState: 'Enabled'
      mode: 'Prevention'
    }
    managedRules: {
      managedRuleSets: [
        {
          ruleSetType: 'OWASP'
          ruleSetVersion: '3.2'
          ruleGroupOverrides: []
        }
      ]
      
    }
  }
}

I got the error:

New-AzResourceGroupDeployment: 17:10:16 - The deployment 'waf_deployment' failed with >error(s). Showing 1 out of 1 error(s). Status Message: WebApplicationFirewallPolicy validation failed. More information "Managed >rule set type and version is not supported". (Code:BadRequest)

I have tried with 3.1 ruleset but it is the same. I have tried different API versions but somehow it doesn't work. I have also tried with bicep version 0.25.3(latest) and 0.20.4.

Any idea?


Solution

  • You are using a front door waf resource type. You need to use an application gateway was resource type (see documentation:

    resource waf 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2023-04-01' = {
    ...
    }