Created
July 22, 2023 18:21
-
-
Save deangrant/4d7e37d44aa948ea14e9c4ef7e4cb757 to your computer and use it in GitHub Desktop.
Azure WAF custom rule to only allow function URLs for Azure Functions, a second match criteria uses the host request header, replace {{ request_headers:host }} with value as a string type.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"action": "Block", | |
"matchConditions": [ | |
{ | |
"matchValues": [ | |
"\\/api\\/([^?&\\n]+)\\?code=([A-Za-z0-9+/=]+)" | |
], | |
"matchVariables": [ | |
{ | |
"variableName": "RequestUri" | |
} | |
], | |
"negationConditon": true, | |
"operator": "Regex", | |
"transforms": [] | |
}, | |
{ | |
"matchValues": [ | |
"{{ request_headers:host }}" | |
], | |
"matchVariables": [ | |
{ | |
"selector": "host", | |
"variableName": "RequestHeaders" | |
} | |
], | |
"negationConditon": false, | |
"operator": "Equal", | |
"transforms": [] | |
} | |
], | |
"name": "AzureFunctionsAllowFuntionURLOnly", | |
"priority": 100, | |
"ruleType": "MatchRule", | |
"state": "Enabled" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment