Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGatewayNameParm":{
"type": "string",
"metadata": {
"description": "Application Gateway name"
}
},
"addressPrefix": {
"type": "string",
"defaultValue": "192.168.160.0/24",
"metadata": {
"description": "Address prefix for the Virtual Network"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "192.168.160.0/24",
"metadata": {
"description": "Subnet prefix"
}
},
"publicIPAddressName": {
"type": "string",
"defaultValue": "publicIp1",
"metadata": {
"description": "Public IP Address for Application Gateway"
}
},
"skuName": {
"type": "string",
"allowedValues": [
"WAF_Medium",
"WAF_Large"
],
"defaultValue": "WAF_Medium",
"metadata": {
"description": "Sku Name"
}
},
"capacity": {
"type": "int",
"allowedValues": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10
],
"defaultValue": 2,
"metadata": {
"description": "Number of instances"
}
},
"backendIpAddress1": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "IP Address for Backend Server 1"
}
},
"certData": {
"type": "string",
"metadata": {
"description": "Base-64 encoded form of the .pfx file"
}
},
"certPassword": {
"type": "securestring",
"metadata": {
"description": "Password for .pfx certificate"
}
},
"wafEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "WAF Enabled"
}
},
"wafMode": {
"type": "string",
"allowedValues": [
"Detection",
"Prevention"
],
"defaultValue": "Detection",
"metadata": {
"description": "WAF Mode"
}
},
"wafRuleSetType": {
"type": "string",
"allowedValues": [
"OWASP"
],
"defaultValue": "OWASP",
"metadata": {
"description": "WAF Rule Set Type"
}
},
"wafRuleSetVersion": {
"type": "string",
"allowedValues": [
"2.2.9",
"3.0"
],
"defaultValue": "3.0",
"metadata": {
"description": "WAF Rule Set Version"
}
}
},
"variables": {
"applicationGatewayName": "[parameters('applicationGatewayNameParm')]",
"virtualNetworkName": "wafvirtualNetwork1",
"subnetName": "wafSubnet",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]",
"publicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('publicIPAddressName'))]",
"applicationGatewayID": "[resourceId('Microsoft.Network/applicationGateways',variables('applicationGatewayName'))]",
"apiVersion": "2015-05-01-preview"
},
"resources": [
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[parameters('publicIPAddressName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "2015-05-01-preview",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "2017-06-01",
"name": "[variables('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', parameters('publicIPAddressName'))]"
],
"properties": {
"sku": {
"name": "[parameters('skuName')]",
"tier": "WAF",
"capacity": "[parameters('capacity')]"
},
"sslCertificates": [
{
"name": "appGatewaySslCert",
"properties": {
"data": "[parameters('certData')]",
"password": "[parameters('certPassword')]"
}
}
],
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"PublicIPAddress": {
"id": "[variables('publicIPRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": 443
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"BackendAddresses": [
{
"IpAddress": "[parameters('backendIpAddress1')]"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIPConfiguration": {
"Id": "[concat(variables('applicationGatewayID'), '/frontendIPConfigurations/appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[concat(variables('applicationGatewayID'), '/frontendPorts/appGatewayFrontendPort')]"
},
"Protocol": "Https",
"SslCertificate": {
"Id": "[concat(variables('applicationGatewayID'), '/sslCertificates/appGatewaySslCert')]"
}
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(variables('applicationGatewayID'), '/httpListeners/appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayID'), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayID'), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
],
"webApplicationFirewallConfiguration": {
"enabled": "[parameters('wafEnabled')]",
"firewallMode": "[parameters('wafMode')]",
"ruleSetType": "[parameters('wafRuleSetType')]",
"ruleSetVersion": "[parameters('wafRuleSetVersion')]",
"disabledRuleGroups": []
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.