Azure - WAF Policy attachment to Application Gateway, and REST API

riancox
August 23, 2022
122 views
0 votes
2 Answers

Is there not a way to create an application gateway with waf_v2 sku and have a WAF policy attached using the rest api?

With this code i can deploy the application gateway

    "webApplicationFirewallConfiguration" = @{
        "disabledRuleGroups" = @()
        "enabled" = $true
        "exclusions" = @()
        "fileUploadLimitInMb" = 100
        "firewallMode" = "Detection"
        "maxRequestBodySizeinKb" = 128
        "requestBodyCheck"       = $true
        "ruleSetType"        = "OWASP"
        "ruleSetVersion"     = "3.1"
    }

But if i removed that and put instead

    "firewallPolicy"      = @{
        "id" = "path to WAF Policy"
    }

I am getting the following return:

{
  "error": {
    "code": "ApplicationGatewayFirewallNotConfiguredForSelectedSku",
    "message": "Application Gateway (Path to gateway) with the selected SKU tier WAF_v2 must have a valid WAF policy or configuration",
    "details": []
  }
}

I have added "forceFirewallPolicyAssociation" = $true but that hasnt seemed to help. Has anyone worked with the REST API and the application gateways? I have been at this for about 16 hours and am at my wits end. AKS wasn’t this hard to deploy via rest api… Any help is appreciated

https://learn.microsoft.com/en-us/rest/api/application-gateway/application-gateways/create-or-update?tabs=HTTP#code-try-0

Answers

Chosen as BEST ANSWER
- riancox
- August 23, 2022 at 3:55 pm
- 0 votes
0
I solved it by putting all 3 items together. It then deployed with the external policy.

(Edit)

- r3verse
- August 24, 2022 at 5:13 pm
- 0 votes
0
Seems like an issue in the 2022-01-01 version. At least i get the same error in Bicep. Rolling back to 2021-08-01 works.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – WAF Policy attachment to Application Gateway, and REST API

Answers