Waf Rule Azure App Gateway

Hello,

I’m trying to deploy Azure App Gateway with terraform but when I configured these waf options : Disabled_rule_group and exclusion. I had this error :


│ Error: Unsupported argument

│ on gateway.tf line 50, in resource “azurerm_application_gateway” “core-prod-web-ag”:
│ 50: disabled_rule_group = [

│ An argument named “disabled_rule_group” is not expected here. Did you mean to define a block of type “disabled_rule_group”?


│ Error: Unsupported argument

│ on gateway.tf line 65, in resource “azurerm_application_gateway” “core-prod-web-ag”:
│ 65: exclusion = [

│ An argument named “exclusion” is not expected here. Did you mean to define a block of type “exclusion”?

Here my code :

waf_configuration {

rule_set_version         = "3.0"

rule_set_type            = "OWASP"

request_body_check       = true

max_request_body_size_kb = 128

firewall_mode            = "Prevention"

file_upload_limit_mb     = 100

enabled                  = true

disabled_rule_group = [

  {

    rule_group_name = "REQUEST-920-PROTOCOL-ENFORCEMENT"

    rules = [

      "920140",

      "920320",

    ]

  },

  {

    rule_group_name = "REQUEST-931-APPLICATION-ATTACK-RFI"

    rules = [

      "931130",

    ]

  },

]

exclusion = [

  {

    selector_match_operator = "Equals"

    selector                = "$filter"

    match_variable          = "RequestArgNames"

  },

 ]

}

Thank for your help :slight_smile: