Skip to content

Instantly share code, notes, and snippets.

@soderlind

soderlind/README.md

Last active October 9, 2024 09:18
Show Gist options
  • Save soderlind/772cd9a4b5c213c1ec16e79efe184c08 to your computer and use it in GitHub Desktop.
Save soderlind/772cd9a4b5c213c1ec16e79efe184c08 to your computer and use it in GitHub Desktop.
Download ZIP
WordPress Web Application Firewall (WAF) Custom rules for Azure Front Door (AFD)
Raw
README.md

WordPress WAF Custom rules for Azure Front Door (AFD)

AFD WAF Managed Rules DRS 2.1 blocks WordPress. The below WP* custom rules let you access WordPress URLs that you need. I also implemented a rate-limiting rule to prevent brute force attacks.

The WP* rules are based on the OWASP CRS - WordPress Rule Exclusions Plugin rules

  • AFD Premuim supports max 5 (!) regex, so I had to convert the regex rules to separate rules.

Custom WordPress Allow Rules

Raw
waf.bicep
@description('The name of the Front Door SKU.')
param frontDoorSkuName string
@description('Mode of the WAF policy.')
@allowed([
'Detection'
'Prevention'
])
param wafMode string = 'Prevention'
@description('AFD name suffix.')
param afdNameSuffix string
@description('The prefix to use when naming resources.')
param resourceNamePrefix string
var wafPolicyName = toLower(replace('${resourceNamePrefix}-wafPolicy-${afdNameSuffix}', '-', ''))
@description('The tags to associate with the WAF profile.')
param tags object
@description('The Front Door Web Application Firewall policy.')
param managedRuleSetAction string = 'Log'
@description('The custom rules to be added to the WAF policy.')
param wafCustomRules array
resource wafPolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2022-05-01' = {
name: wafPolicyName
location: 'global'
sku: {
name: frontDoorSkuName
}
tags: tags
properties: {
policySettings: {
enabledState: 'Enabled'
mode: wafMode
customBlockResponseStatusCode: 429
}
managedRules: {
managedRuleSets: [
{
ruleSetType: 'Microsoft_DefaultRuleSet'
ruleSetVersion: '2.1'
ruleSetAction: managedRuleSetAction
}
]
}
customRules: {
rules: [
{
name: 'RateLimitOthers'
priority: 90
ruleType: 'RateLimitRule'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'wp-login.php'
]
}
]
action: 'Block'
rateLimitThreshold: 5 // Set your rate limit threshold
rateLimitDurationInMinutes: 1 // Set your rate limit duration
}
{
name: 'WPLoginUser'
priority: 100
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-login.php']
}
]
}
{
name: 'WPLogin'
priority: 110
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-login.php']
}
]
}
{
name: 'WPAdminAjax'
priority: 115
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
]
}
{
name: 'WPLoginResetPassword'
priority: 120
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-login.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=resetpass']
}
]
}
{
name: 'WPAjax'
priority: 130
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
]
}
{
name: 'WPCommentsPost'
priority: 140
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-comments-post.php']
}
]
}
{
name: 'WPComment'
priority: 150
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/comment.php']
}
]
}
{
name: 'WPAjaxReplyToComment'
priority: 160
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=replyto-comment']
}
]
}
{
name: 'WPGlobalStyles'
priority: 170
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'RegEx'
matchValue: ['/wp-json/wp/v[0-9]/global-styles/[0-9]+$']
}
]
}
{
name: 'WPNavigationAPI01'
priority: 180
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: ['/wp-json/wp/v2/navigation']
}
]
}
{
name: 'WPPagesAPI01'
priority: 181
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: ['/wp-json/wp/v2/pages']
}
]
}
{
name: 'WPPostsAPI'
priority: 182
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: ['/wp-json/wp/v2/posts']
}
]
}
{
name: 'WPTemplatePartsAPI01'
priority: 183
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: ['/wp-json/wp/v2/template-parts']
}
]
}
{
name: 'WPTemplatesAPI01'
priority: 184
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: ['/wp-json/wp/v2/templates']
}
]
}
{
name: 'WPRestRoute'
priority: 189
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=1']
}
]
}
{
name: 'WPRestRoutePosts'
priority: 190
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/posts']
}
]
}
{
name: 'WPRestRoutePages'
priority: 191
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/pages']
}
]
}
{
name: 'WPRestRouteWidgetTypes'
priority: 192
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/widget-types']
}
]
}
{
name: 'WPRestRouteTags'
priority: 193
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/tags']
}
]
}
{
name: 'WPRestRouteTemplates'
priority: 194
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/templates']
}
]
}
{
name: 'WPRestRouteUsers'
priority: 195
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/users']
}
]
}
{
name: 'WPMediaAPI'
priority: 200
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: ['/wp-json/wp/v2/media']
}
]
}
{
name: 'WPIndexRestRouteMedia'
priority: 210
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp/v2/media']
}
]
}
{
name: 'WPIndexHTTPMethodOverridePUT'
priority: 220
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
operator: 'Equal'
matchValue: ['PUT']
}
]
}
{
name: 'WPGlobalStylesRestRoute'
priority: 230
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'RegEx'
matchValue: ['rest_route=/wp/v[0-9]+/global-styles/[0-9]+$']
}
]
}
{
name: 'WPGlobalStylesAPI'
priority: 240
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/global-styles'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPNavigationAPI02'
priority: 241
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/navigation'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPPagesAPI02'
priority: 242
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/pages'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPPostsSidebarsAPI'
priority: 243
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/sidebars'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPTemplatePartsAPI02'
priority: 244
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/template-parts'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPTemplatesAPI02'
priority: 245
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/templates'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPUsersAPI'
priority: 246
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'Contains'
matchValue: [
'/wp-json/wp/v2/users'
]
}
{
matchVariable: 'RequestHeader'
selector: 'x-http-method-override'
negateCondition: true
operator: 'Equal'
matchValue: ['0']
}
]
}
{
name: 'WPIndexFieldsID'
priority: 250
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'RegEx'
matchValue: ['_fields=id[a-z,_]*$']
}
]
}
{
name: 'WPSortById'
priority: 260
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['orderby=id']
}
]
}
{
name: 'WPBlockEditorURLDetails'
priority: 270
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/index.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['rest_route=/wp-block-editor/v2/url-details']
}
]
}
{
name: 'WPCustomizeAction'
priority: 280
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['wp_customize=on', 'wp_customize=0']
}
]
}
{
name: 'WPCustomizeSaveWidget'
priority: 290
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['wp_customize=on']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=customize_save']
}
]
}
{
name: 'WPCustomizeUpdateWidget'
priority: 295
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['wp_customize=on']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update-widget']
}
]
}
{
name: 'WPCronJob'
priority: 300
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-cron.php']
}
]
}
{
name: 'WPBatchLocaleUserAPI'
priority: 310
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-json/batch/v2']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['_locale=user']
}
]
}
{
name: 'WPSessionCookie'
priority: 320
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'Cookies'
selector: '_wp_session'
operator: 'RegEx'
matchValue: ['^[0-9a-f]+|d+|d+$']
}
{
matchVariable: 'Cookies'
selector: '_wp_session'
operator: 'Equal'
matchValue: ['1']
}
]
}
// {
// name: 'WPUnconditionalMatch'
// priority: 330
// ruleType: 'MatchRule'
// action: 'Allow'
// matchConditions: [
// {
// matchVariable: 'RequestUri'
// operator: 'UnconditionalMatch'
// matchValue: ['']
// }
// ]
// }
//{
// name: 'WPNotContains'
// priority: 350
// ruleType: 'MatchRule'
// action: 'Allow'
// matchConditions: [
// {
// matchVariable: 'RequestUri'
// negateCondition: true
// operator: 'BeginsWith'
// matchValue: ['/wp-admin/']
// }
// ]
//}
{
name: 'WPSetupConfigStep'
priority: 360
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/setup-config.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['step=1', 'step=2']
}
]
}
{
name: 'WPInstallStep'
priority: 370
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/install.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['step=1', 'step=2']
}
]
}
{
name: 'WPProfileUpdate'
priority: 380
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/profile.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update']
}
]
}
{
name: 'WPProfileorUserEditUpdate'
priority: 385
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/user-edit.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update']
}
]
}
{
name: 'WPCreateUser'
priority: 390
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/user-new.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=createuser']
}
]
}
{
name: 'WPUsersURL'
priority: 400
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/users.php']
}
]
}
{
name: 'WPAdminURL'
priority: 402
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin.php']
}
]
}
{
name: 'WPAdminAjaxURL'
priority: 404
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
]
}
{
name: 'WPEditURL'
priority: 405
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/edit.php']
}
]
}
{
name: 'WPPostEdit'
priority: 410
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/post.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=edit']
}
]
}
{
name: 'WPPostEditorEditPost'
priority: 415
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/post.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=editpost']
}
]
}
{
name: 'WPAjaxHeartbeat'
priority: 420
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=heartbeat']
}
]
}
{
name: 'WPNavMenusUpdate'
priority: 430
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/nav-menus.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update']
}
]
}
{
name: 'WPNavMenusEdit'
priority: 435
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/nav-menus.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=edit']
}
]
}
{
name: 'WPAjaxSaveWidget'
priority: 440
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=save-widget']
}
]
}
{
name: 'WPAjaxUpdateWidget'
priority: 445
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update-widget']
}
]
}
{
name: 'WPAjaxWidgetsOrder'
priority: 450
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=widgets-order']
}
]
}
{
name: 'WPSamplePermalink'
priority: 460
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=sample-permalink']
}
]
}
{
name: 'WPAjaxAddMenuItem'
priority: 470
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=add-menu-item']
}
]
}
{
name: 'WPSendAttachmenttoEditor'
priority: 480
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=send-attachment-to-editor']
}
]
}
{
name: 'WPAjaxAddTag'
priority: 490
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=add-tag']
}
]
}
{
name: 'WPAsyncUploadAttachment'
priority: 500
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/async-upload.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=upload-attachment']
}
]
}
{
name: 'WPOptionsGeneral'
priority: 510
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/options.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['option_page=general']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update']
}
]
}
{
name: 'WPPermalinkOptions'
priority: 520
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/options-permalink.php']
}
]
}
{
name: 'WPOptionsDiscussion'
priority: 530
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/options.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['option_page=discussion']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update']
}
]
}
{
name: 'WPEditPostPage'
priority: 540
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/edit.php']
}
]
}
{
name: 'WPLoadScripts'
priority: 550
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/load-scripts.php']
}
]
}
{
name: 'WPLoadStyles'
priority: 555
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/load-styles.php']
}
]
}
{
name: 'WPSiteHealthPage'
priority: 560
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/site-health.php']
}
{
matchVariable: 'RequestMethod'
operator: 'Equal'
matchValue: ['GET']
}
]
}
{
name: 'WPAjaxUpdatePlugin'
priority: 570
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=update-plugin']
}
]
}
{
name: 'WPAjaxDeletePlugin'
priority: 575
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=delete-plugin']
}
]
}
{
name: 'WPEditThemePluginFile'
priority: 580
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=edit-theme-plugin-file']
}
]
}
{
name: 'WPPlugins'
priority: 590
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/plugins.php']
}
]
}
{
name: 'WPPluginInstall'
priority: 595
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/plugin-install.php']
}
]
}
{
name: 'WPSearchInstallPlugins'
priority: 600
ruleType: 'MatchRule'
action: 'Allow'
matchConditions: [
{
matchVariable: 'RequestUri'
operator: 'EndsWith'
matchValue: ['/wp-admin/admin-ajax.php']
}
{
matchVariable: 'QueryString'
operator: 'Contains'
matchValue: ['action=search-install-plugins']
}
]
}
]
}
}
}
output wafPolicyIds array = [
{
id: wafPolicy.id
// https://github.com/Azure/bicep-types-az/issues/1754
// This is a known issue and because of that we are commenting this for now.
enabled: true
// enabled: false
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment