Control: Azure > Network > Web Application Firewall Policy > Allowed > Custom

Take an action when an Azure Network web application firewall policy is not allowed based on custom rules.

The Allowed > Custom control checks if the web application firewall policy is allowed based on the Allowed > Custom > * policies. If the web application firewall policy is not allowed, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete if not allowed and resource is new, this control will only take the enforcement actions for resources created within the last 60 minutes.

Resource Types

This control targets the following resource types:

Azure > Network > Web Application Firewall Policy

Policies

The following policies can be used to configure this control:

Azure > Network > Web Application Firewall Policy > Allowed > Custom

This control type relies on these other policies when running actions:

Azure > Network > Web Application Firewall Policy > Allowed > Custom > Rules

Permissions

Cloud permissions used by this control and its actions:

microsoft.network/applicationgatewaywebapplicationfirewallpolicies/delete

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-network#/control/types/webApplicationFirewallPolicyAllowedCustom

Category URI

tmod:@turbot/turbot#/control/categories/resourceAllowed

GraphQL

query controlType(id: "tmod:@turbot/azure-network#/control/types/webApplicationFirewallPolicyAllowedCustom") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-network#/control/types/webApplicationFirewallPolicyAllowedCustom'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-network#/control/types/webApplicationFirewallPolicyAllowedCustom"