azurermCdnFrontdoorRule
Manages a Front Door (standard/premium) Rule.
!>IMPORTANT: The Rules resource must include a dependsOn
meta-argument which references the azurermCdnFrontdoorOrigin
and the azurermCdnFrontdoorOriginGroup
.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-cdn-frontdoor",
}
);
const azurermCdnFrontdoorProfileExample =
new azurerm.cdnFrontdoorProfile.CdnFrontdoorProfile(this, "example_1", {
name: "example-profile",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorProfileExample.overrideLogicalId("example");
const azurermCdnFrontdoorRuleSetExample =
new azurerm.cdnFrontdoorRuleSet.CdnFrontdoorRuleSet(this, "example_2", {
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
name: "exampleruleset",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorRuleSetExample.overrideLogicalId("example");
const azurermCdnFrontdoorEndpointExample =
new azurerm.cdnFrontdoorEndpoint.CdnFrontdoorEndpoint(this, "example_3", {
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
name: "example-endpoint",
tags: {
endpoint: "contoso.com",
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorEndpointExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginGroupExample =
new azurerm.cdnFrontdoorOriginGroup.CdnFrontdoorOriginGroup(
this,
"example_4",
{
cdn_frontdoor_profile_id: azurermCdnFrontdoorProfileExample.id,
health_probe: [
{
interval_in_seconds: 240,
path: "/healthProbe",
protocol: "Https",
request_type: "GET",
},
],
load_balancing: [
{
additional_latency_in_milliseconds: 0,
sample_size: 16,
successful_samples_required: 3,
},
],
name: "example-originGroup",
restore_traffic_time_to_healed_or_new_endpoint_in_minutes: 10,
session_affinity_enabled: true,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginGroupExample.overrideLogicalId("example");
const azurermCdnFrontdoorOriginExample =
new azurerm.cdnFrontdoorOrigin.CdnFrontdoorOrigin(this, "example_5", {
cdn_frontdoor_origin_group_id: azurermCdnFrontdoorOriginGroupExample.id,
certificate_name_check_enabled: false,
enabled: true,
host_name: azurermCdnFrontdoorEndpointExample.hostName,
http_port: 80,
https_port: 443,
name: "example-origin",
origin_host_header: "contoso.com",
priority: 1,
weight: 500,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorOriginExample.overrideLogicalId("example");
const azurermCdnFrontdoorRuleExample =
new azurerm.cdnFrontdoorRule.CdnFrontdoorRule(this, "example_6", {
actions: [
{
route_configuration_override_action: [
{
cache_behavior: "OverrideIfOriginMissing",
cache_duration: "365.23:59:59",
cdn_frontdoor_origin_group_id:
azurermCdnFrontdoorOriginGroupExample.id,
compression_enabled: true,
forwarding_protocol: "HttpsOnly",
query_string_caching_behavior: "IncludeSpecifiedQueryStrings",
query_string_parameters: ["foo", "clientIp={client_ip}"],
},
],
url_redirect_action: [
{
destination_fragment: "UrlRedirect",
destination_hostname: "contoso.com",
destination_path: "/exampleredirection",
query_string: "clientIp={client_ip}",
redirect_protocol: "MatchRequest",
redirect_type: "PermanentRedirect",
},
],
},
],
behavior_on_match: "Continue",
cdn_frontdoor_rule_set_id: azurermCdnFrontdoorRuleSetExample.id,
conditions: [
{
host_name_condition: [
{
match_values: [
"www.contoso.com",
"images.contoso.com",
"video.contoso.com",
],
negate_condition: false,
operator: "Equal",
transforms: ["Lowercase", "Trim"],
},
],
is_device_condition: [
{
match_values: ["Mobile"],
negate_condition: false,
operator: "Equal",
},
],
post_args_condition: [
{
match_values: ["J", "K"],
operator: "BeginsWith",
post_args_name: "customerName",
transforms: ["Uppercase"],
},
],
request_method_condition: [
{
match_values: ["DELETE"],
negate_condition: false,
operator: "Equal",
},
],
url_filename_condition: [
{
match_values: ["media.mp4"],
negate_condition: false,
operator: "Equal",
transforms: ["Lowercase", "RemoveNulls", "Trim"],
},
],
},
],
depends_on: [
`\${${azurermCdnFrontdoorOriginGroupExample.fqn}}`,
`\${${azurermCdnFrontdoorOriginExample.fqn}}`,
],
name: "examplerule",
order: 1,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCdnFrontdoorRuleExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Front Door Rule. Possible values must be between 1 and 260 characters in length, begin with a letter and may contain only letters and numbers. Changing this forces a new Front Door Rule to be created. -
cdnFrontdoorRuleSetId
- (Required) The resource ID of the Front Door Rule Set for this Front Door Rule. Changing this forces a new Front Door Rule to be created. -
order
- (Required) The order in which the rules will be applied for the Front Door Endpoint. The order value should be sequential and begin at1
(e.g.1
,2
,3
...). A Front Door Rule with a lesser order value will be applied before a rule with a greater order value.
->NOTE: If the Front Door Rule has an order value of 0
they do not require any conditions and the actions will always be applied.
-
actions
- (Required) Anactions
block as defined below. -
behaviorOnMatch
- (Optional) If this rule is a match should the rules engine continue processing the remaining rules or stop? Possible values arecontinue
andstop
. Defaults tocontinue
. -
conditions
- (Optional) Aconditions
block as defined below.
An actions
block supports the following:
->NOTE: You may include up to 5 separate actions in the actions
block.
Some actions support actionServerVariables
which provide access to structured information about the request. For more information about actionServerVariables
see the actionServerVariables
as defined below.
-
urlRewriteAction
- (Optional) AurlRewriteAction
block as defined below. You may not have aurlRewriteAction
and aurlRedirectAction
defined in the sameactions
block. -
urlRedirectAction
- (Optional) AurlRedirectAction
block as defined below. You may not have aurlRedirectAction
and aurlRewriteAction
defined in the sameactions
block. -
routeConfigurationOverrideAction
- (Optional) ArouteConfigurationOverrideAction
block as defined below. -
requestHeaderAction
- (Optional) ArequestHeaderAction
block as defined below. -
responseHeaderAction
- (Optional) AresponseHeaderAction
block as defined below.
An urlRedirectAction
block supports the following:
-
redirectType
- (Required) The response type to return to the requestor. Possible values includemoved
,found
,temporaryRedirect
orpermanentRedirect
. -
destinationHostname
- (Required) The host name you want the request to be redirected to. The value must be a string between0
and2048
characters in length, leave blank to preserve the incoming host. -
redirectProtocol
- (Optional) The protocol the request will be redirected as. Possible values includematchRequest
,http
orhttps
. Defaults tomatchRequest
. -
destinationPath
- (Optional) The path to use in the redirect. The value must be a string and include the leading/
, leave blank to preserve the incoming path. Defaults to an empty string. Defaults to""
. -
queryString
- (Optional) The query string used in the redirect URL. The value must be in the \=\ or \ ={ actionServerVariable
} format and must not include the leading?
, leave blank to preserve the incoming query string. Maximum allowed length for this field is2048
characters. Defaults to an empty string. Defaults to""
. -
destinationFragment
- (Optional) The fragment to use in the redirect. The value must be a string between0
and1024
characters in length, leave blank to preserve the incoming fragment. Defaults to an empty string. Defaults to""
.
A routeConfigurationOverrideAction
block supports the following:
->NOTE: In the v3.x of the provider the cacheDuration
, cacheBehavior
and queryStringCachingBehavior
will have default values. You can use Terraform's ignore_changes functionality to ignore these default values. In v4.0 of the provider the cacheDuration
, cacheBehavior
and queryStringCachingBehavior
will NOT have default values and will need to be explicitly set in the configuration file.
-
cacheDuration
- (Optional) When Cache behavior is set tooverride
orsetIfMissing
, this field specifies the cache duration to use. The maximum duration is 366 days specified in thedHh:mm:ss
format(e.g.36523:59:59
). If the desired maximum cache duration is less than 1 day then the maximum cache duration should be specified in thehh:mm:ss
format(e.g.23:59:59
). -
cdnFrontdoorOriginGroupId
- (Optional) The Front Door Origin Group resource ID that the request should be routed to. This overrides the configuration specified in the Front Door Endpoint route. -
forwardingProtocol
- (Optional) The forwarding protocol the request will be redirected as. This overrides the configuration specified in the route to be associated with. Possible values includematchRequest
,httpOnly
orhttpsOnly
.
->NOTE: If the cdnFrontdoorOriginGroupId
is not defined you cannot set the forwardingProtocol
.
-
queryStringCachingBehavior
- (Optional)includeSpecifiedQueryStrings
query strings specified in thequeryStringParameters
field get included when the cache key gets generated.useQueryString
cache every unique URL, each unique URL will have its own cache key.ignoreSpecifiedQueryStrings
query strings specified in thequeryStringParameters
field get excluded when the cache key gets generated.ignoreQueryString
query strings aren't considered when the cache key gets generated. Possible values includeignoreQueryString
,useQueryString
,ignoreSpecifiedQueryStrings
orincludeSpecifiedQueryStrings
. -
queryStringParameters
- (Optional) A list of query string parameter names.
->NOTE: queryStringParameters
is a required field when the queryStringCachingBehavior
is set to includeSpecifiedQueryStrings
or ignoreSpecifiedQueryStrings
.
compressionEnabled
- (Optional) Should the Front Door dynamically compress the content? Possible values includetrue
orfalse
.
->NOTE: Content won't be compressed on AzureFrontDoor when requested content is smaller than 1Byte
or larger than 1Mb
.
cacheBehavior
- (Optional)honorOrigin
the Front Door will always honor origin response header directive. If the origin directive is missing, Front Door will cache contents anywhere from1
to3
days.overrideAlways
the TTL value returned from your Front Door Origin is overwritten with the value specified in the action. This behavior will only be applied if the response is cacheable.overrideIfOriginMissing
if no TTL value gets returned from your Front Door Origin, the rule sets the TTL to the value specified in the action. This behavior will only be applied if the response is cacheable.disabled
the Front Door will not cache the response contents, irrespective of Front Door Origin response directives. Possible values includehonorOrigin
,overrideAlways
,overrideIfOriginMissing
ordisabled
.
An urlRewriteAction
block supports the following:
-
sourcePattern
- (Required) The source pattern in the URL path to replace. This uses prefix-based matching. For example, to match all URL paths use a forward slash"/"
as the source pattern value. -
destination
- (Required) The destination path to use in the rewrite. The destination path overwrites the source pattern. -
preserveUnmatchedPath
- (Optional) Append the remaining path after the source pattern to the new destination path? Possible valuestrue
orfalse
. Defaults tofalse
.
A requestHeaderAction
block supports the following:
headerAction
- (Required) The action to be taken on the specifiedheaderName
. Possible values includeappend
,overwrite
ordelete
.
-> NOTE: append
causes the specified header to be added to the request with the specified value. If the header is already present, the value is appended to the existing header value using string concatenation. No delimiters are added. overwrite
causes specified header to be added to the request with the specified value. If the header is already present, the specified value overwrites the existing value. delete
causes the header to be deleted from the request.
-
headerName
- (Required) The name of the header to modify. -
value
- (Optional) The value to append or overwrite.
->NOTE: value
is required if the headerAction
is set to append
or overwrite
.
A responseHeaderAction
block supports the following:
headerAction
- (Required) The action to be taken on the specifiedheaderName
. Possible values includeappend
,overwrite
ordelete
.
-> NOTE: append
causes the specified header to be added to the request with the specified value. If the header is already present, the value is appended to the existing header value using string concatenation. No delimiters are added. overwrite
causes specified header to be added to the request with the specified value. If the header is already present, the specified value overwrites the existing value. delete
causes the header to be deleted from the request.
-
headerName
- (Required) The name of the header to modify. -
value
- (Optional) The value to append or overwrite.
->NOTE: value
is required if the headerAction
is set to append
or overwrite
.
A conditions
block supports the following:
->NOTE: You may include up to 10 separate conditions in the conditions
block.
-
remoteAddressCondition
- (Optional) AremoteAddressCondition
block as defined below. -
requestMethodCondition
- (Optional) ArequestMethodCondition
block as defined below. -
queryStringCondition
- (Optional) AqueryStringCondition
block as defined below. -
postArgsCondition
- (Optional) ApostArgsCondition
block as defined below. -
requestUriCondition
- (Optional) ArequestUriCondition
block as defined below. -
requestHeaderCondition
- (Optional) ArequestHeaderCondition
block as defined below. -
requestBodyCondition
- (Optional) ArequestBodyCondition
block as defined below. -
requestSchemeCondition
- (Optional) ArequestSchemeCondition
block as defined below. -
urlPathCondition
- (Optional) AurlPathCondition
block as defined below. -
urlFileExtensionCondition
- (Optional) AurlFileExtensionCondition
block as defined below. -
urlFilenameCondition
- (Optional) AurlFilenameCondition
block as defined below. -
httpVersionCondition
- (Optional) AhttpVersionCondition
block as defined below. -
cookiesCondition
- (Optional) AcookiesCondition
block as defined below. -
isDeviceCondition
- (Optional) AisDeviceCondition
block as defined below. -
socketAddressCondition
- (Optional) AsocketAddressCondition
block as defined below. -
clientPortCondition
- (Optional) AclientPortCondition
block as defined below. -
serverPortCondition
- (Optional) AserverPortCondition
block as defined below. -
hostNameCondition
- (Optional) AhostNameCondition
block as defined below. -
sslProtocolCondition
- (Optional) AsslProtocolCondition
block as defined below.
A sslProtocolCondition
block supports the following:
->The sslProtocolCondition
identifies requests based on the SSL protocol of an established TLS connection.
-
matchValues
- (Required) A list of one or more HTTP methods. Possible values aretlSv1
,tlSv11
andtlSv12
logic. -
operator
- (Optional) Possible valueequal
. Defaults toequal
. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below.
A hostNameCondition
block supports the following:
->The hostNameCondition
identifies requests based on the specified hostname in the request from client.
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) A list of one or more string values representing the value of the request hostname to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below.
A serverPortCondition
block supports the following:
->The serverPortCondition
identifies requests based on which port of the Front Door server accepted the request on.
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Required) A list of one or more integer values(e.g. "1") representing the value of the client port to match. Possible values include80
or443
. If multiple values are specified, they're evaluated usingor
logic. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below.
A clientPortCondition
block supports the following:
->The clientPortCondition
identifies requests based on the port of the client which made the request.
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more integer values(e.g. "1") representing the value of the client port to match. If multiple values are specified, they're evaluated usingor
logic.
A socketAddressCondition
block supports the following:
->The socketAddressCondition
identifies requests based on the IP address of the direct connection to the Front Door Profiles edge. If the client used an HTTP proxy or a load balancer to send the request, the value of Socket address is the IP address of the proxy or load balancer.
->Remote Address represents the original client IP that is either from the network connection or typically the xForwardedFor
request header if the user is behind a proxy.
operator
- (Optional) The type of match. The Possible values areipMatch
orany
. Defaults toipMatch
.
->NOTE: If the value of the operator
field is set to ipMatch
then the matchValues
field is also required.
-
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) Specify one or more IP address ranges. If multiple IP address ranges are specified, they're evaluated usingor
logic.
->NOTE: See the specifyingIpAddressRanges
section below on how to correctly define the matchValues
field.
A remoteAddressCondition
block supports the following:
->Remote Address represents the original client IP that is either from the network connection or typically the xForwardedFor
request header if the user is behind a proxy.
-
operator
- (Optional) The type of the remote address to match. Possible values includeany
,geoMatch
oripMatch
. Use thenegateCondition
to specify NotgeoMatch
or NotipMatch
. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) For the IP Match or IP Not Match operators: specify one or more IP address ranges. If multiple IP address ranges are specified, they're evaluated usingor
logic. For the Geo Match or Geo Not Match operators: specify one or more locations using their country code.
->NOTE: See the specifyingIpAddressRanges
section below on how to correctly define the matchValues
field.
A requestMethodCondition
block supports the following:
->The requestMethodCondition
identifies requests that use the specified HTTP request method.
-
matchValues
- (Required) A list of one or more HTTP methods. Possible values includeget
,post
,put
,delete
,head
,options
ortrace
. If multiple values are specified, they're evaluated usingor
logic. -
operator
- (Optional) Possible valueequal
. Defaults toequal
. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below.
A queryStringCondition
block supports the following:
->Use the queryStringCondition
to identify requests that contain a specific query string.
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more string or integer values(e.g. "1") representing the value of the query string to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
A postArgsCondition
block supports the following:
->Use the postArgsCondition
to identify requests based on the arguments provided within a post
request's body. A single match condition matches a single argument from the post
request's body.
-
postArgsName
- (Required) A string value representing the name of thepost
argument. -
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more string or integer values(e.g. "1") representing the value of thepost
argument to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
A requestUriCondition
block supports the following:
->The requestUriCondition
identifies requests that match the specified URL. The entire URL is evaluated, including the protocol and query string, but not the fragment. When you use this rule condition, be sure to include the protocol(e.g. For example, use https://wwwContosoCom
instead of just wwwContosoCom
).
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more string or integer values(e.g. "1") representing the value of the request URL to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
A requestHeaderCondition
block supports the following:
->The requestHeaderCondition
identifies requests that include a specific header in the request. You can use this match condition to check if a header exists whatever its value, or to check if the header matches a specified value.
-
headerName
- (Required) A string value representing the name of thepost
argument. -
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more string or integer values(e.g. "1") representing the value of the request header to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
A requestBodyCondition
block supports the following:
->The requestBodyCondition
identifies requests based on specific text that appears in the body of the request.
->NOTE: If a request body exceeds 64Kb
in size, only the first 64Kb
will be considered for the request body match condition.
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Required) A list of one or more string or integer values(e.g. "1") representing the value of the request body text to match. If multiple values are specified, they're evaluated usingor
logic. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
A requestSchemeCondition
block supports the following:
->The requestSchemeCondition
identifies requests that use the specified protocol.
-
operator
- (Optional) Possible valueequal
. Defaults toequal
. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) The requests protocol to match. Possible values includehttp
orhttps
.
An urlPathCondition
block supports the following:
->The urlPathCondition
identifies requests that include the specified path in the request URL. The path is the part of the URL after the hostname and a slash(e.g. in the URL https://wwwContosoCom/files/secure/file1Pdf
, the path is files/secure/file1Pdf
).
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more string or integer values(e.g. "1") representing the value of the request path to match. Don't include the leading slash (/
). If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
An urlFileExtensionCondition
block supports the following:
->The urlFileExtensionCondition
identifies requests that include the specified file extension in the file name in the request URL. Don't include a leading period(e.g. use html
instead of html
).
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Required) A list of one or more string or integer values(e.g. "1") representing the value of the request file extension to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
An urlFilenameCondition
block supports the following:
->The urlFilenameCondition
identifies requests that include the specified file name in the request URL.
-
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Required) A list of one or more string or integer values(e.g. "1") representing the value of the request file name to match. If multiple values are specified, they're evaluated usingor
logic. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
A httpVersionCondition
block supports the following:
->Use the HTTP version match condition to identify requests that have been made by using a specific version of the HTTP protocol.
-
matchValues
- (Required) What HTTP version should this condition match? Possible values20
,11
,10
or09
. -
operator
- (Optional) Possible valueequal
. Defaults toequal
. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below.
A cookiesCondition
block supports the following:
->Use the cookiesCondition
to identify requests that have include a specific cookie.
-
cookieName
- (Required) A string value representing the name of the cookie. -
operator
- (Required) A Conditional operator. Possible values includeany
,equal
,contains
,beginsWith
,endsWith
,lessThan
,lessThanOrEqual
,greaterThan
,greaterThanOrEqual
orregEx
. Details can be found in theconditionOperatorList
below. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) One or more string or integer values(e.g. "1") representing the value of the request header to match. If multiple values are specified, they're evaluated usingor
logic. -
transforms
- (Optional) A Conditional operator. Possible values includelowercase
,removeNulls
,trim
,uppercase
,urlDecode
orurlEncode
. Details can be found in theconditionTransformList
below.
An isDeviceCondition
block supports the following:
->Use the isDeviceCondition
to identify requests that have been made from a mobile
or desktop
device.
-
operator
- (Optional) Possible valueequal
. Defaults toequal
. -
negateCondition
- (Optional) Iftrue
operator becomes the opposite of its value. Possible valuestrue
orfalse
. Defaults tofalse
. Details can be found in theconditionOperatorList
below. -
matchValues
- (Optional) Which device should this rule match on? Possible valuesmobile
ordesktop
.
Specifying IP Address Ranges
When specifying IP address ranges in the socketAddressCondition
and the remoteAddressCondition
matchValues
use the following format:
Use cidr
notation when specifying IP address blocks. This means that the syntax for an IP address block is the base IP address followed by a forward slash and the prefix size For example:
iPv4
example:55564/26
matches any requests that arrive from addresses55564
through555127
.iPv6
example:1:2:3:/48
matches any requests that arrive from addresses1:2:3:0:0:0:0:0
through1:2:3:ffff:ffff:ffff:ffff:ffff
.
When you specify multiple IP addresses and IP address blocks, or
logic is applied.
iPv4
example: if you add two IP addresses1234
and10203040
, the condition is matched for any requests that arrive from either address1234
or10203040
.iPv6
example: if you add two IP addresses1:2:3:4:5:6:7:8
and10:20:30:40:50:60:70:80
, the condition is matched for any requests that arrive from either address1:2:3:4:5:6:7:8
or10:20:30:40:50:60:70:80
.
Action Server Variables
Rule Set server variables provide access to structured information about the request. You can use server variables to dynamically change the request/response headers or URL rewrite paths/query strings, for example, when a new page load or when a form is posted.
Supported Action Server Variables
Variable name | Description |
---|---|
socketIp | The IP address of the direct connection to Front Door Profiles edge. If the client used an HTTP proxy or a load balancer to send the request, the value of socketIp is the IP address of the proxy or load balancer. |
clientIp | The IP address of the client that made the original request. If there was an xForwardedFor header in the request, then the client IP address is picked from the header. |
clientPort | The IP port of the client that made the request. |
hostname | The host name in the request from the client. |
geoCountry | Indicates the requester's country/region of origin through its country/region code. |
httpMethod | The method used to make the URL request, such as get or post . |
httpVersion | The request protocol. Usually http/10 , http/11 , or http/20 . |
queryString | The list of variable/value pairs that follows the "?" in the requested URL. For example, in the request http://contosoCom:8080/articleAspx?id=123&title=fabrikam , the queryString value will be id=123&title=fabrikam . |
requestScheme | The request scheme: http or https . |
requestUri | The full original request URI (with arguments). For example, in the request http://contosoCom:8080/articleAspx?id=123&title=fabrikam , the requestUri value will be /articleAspx?id=123&title=fabrikam . |
sslProtocol | The protocol of an established TLS connection. |
serverPort | The port of the server that accepted a request. |
urlPath | Identifies the specific resource in the host that the web client wants to access. This is the part of the request URI without the arguments. For example, in the request http://contosoCom:8080/articleAspx?id=123&title=fabrikam , the uriPath value will be /articleAspx . |
Action Server Variable Format
Server variables can be specified using the following formats:
-
{variable}
- Include the entire server variable. For example, if the client IP address is111222333444
then the{clientIp}
token would evaluate to111222333444
. -
{variable:offset}
- Include the server variable after a specific offset, until the end of the variable. The offset is zero-based. For example, if the client IP address is111222333444
then the{clientIp:3}
token would evaluate to222333444
. -
{variable:offset:length}
- Include the server variable after a specific offset, up to the specified length. The offset is zero-based. For example, if the client IP address is111222333444
then the{clientIp:4:3}
token would evaluate to222
.
Action Server Variables Support
Action Server variables are supported on the following actions:
routeConfigurationOverrideAction
requestHeaderAction
responseHeaderAction
urlRedirectAction
urlRewriteAction
Condition Operator list
For rules that accept values from the standard operator list, the following operators are valid:
Operator | Description | Condition Value |
---|---|---|
Any | Matches when there is any value, regardless of what it is. | Any |
Equal | Matches when the value exactly matches the specified string. | Equal |
Contains | Matches when the value contains the specified string. | Contains |
Less Than | Matches when the length of the value is less than the specified integer. | LessThan |
Greater Than | Matches when the length of the value is greater than the specified integer. | GreaterThan |
Less Than or Equal | Matches when the length of the value is less than or equal to the specified integer. | LessThanOrEqual |
Greater Than or Equal | Matches when the length of the value is greater than or equal to the specified integer. | GreaterThanOrEqual |
Begins With | Matches when the value begins with the specified string. | BeginsWith |
Ends With | Matches when the value ends with the specified string. | EndsWith |
RegEx | Matches when the value matches the specified regular expression. See below for further details. | RegEx |
Not Any | Matches when there is no value. | Any and negateCondition = true |
Not Equal | Matches when the value does not match the specified string. | Equal and negateCondition : true |
Not Contains | Matches when the value does not contain the specified string. | Contains and negateCondition = true |
Not Less Than | Matches when the length of the value is not less than the specified integer. | LessThan and negateCondition = true |
Not Greater Than | Matches when the length of the value is not greater than the specified integer. | GreaterThan and negateCondition = true |
Not Less Than or Equal | Matches when the length of the value is not less than or equal to the specified integer. | LessThanOrEqual and negateCondition = true |
Not Greater Than or Equals | Matches when the length of the value is not greater than or equal to the specified integer. | GreaterThanOrEqual and negateCondition = true |
Not Begins With | Matches when the value does not begin with the specified string. | BeginsWith and negateCondition = true |
Not Ends With | Matches when the value does not end with the specified string. | EndsWith and negateCondition = true |
Not RegEx | Matches when the value does not match the specified regular expression. See conditionRegularExpressions for further details. | RegEx and negateCondition = true |
Condition Regular Expressions
Regular expressions don't support the following operations:
- Backreferences and capturing subexpressions.
- Arbitrary zero-width assertions.
- Subroutine references and recursive patterns.
- Conditional patterns.
- Backtracking control verbs.
- The
\c
single-byte directive. - The
\r
newline match directive. - The
\k
start of match reset directive. - Callouts and embedded code.
- Atomic grouping and possessive quantifiers.
Condition Transform List
For rules that can transform strings, the following transforms are valid:
Transform | Description |
---|---|
Lowercase | Converts the string to the lowercase representation. |
Uppercase | Converts the string to the uppercase representation. |
Trim | Trims leading and trailing whitespace from the string. |
RemoveNulls | Removes null values from the string. |
URLEncode | URL-encodes the string. |
URLDecode | URL-decodes the string. |
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
-
id
- The ID of the Front Door Rule. -
cdnFrontdoorRuleSetName
- The name of the Front Door Rule Set containing this Front Door Rule.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Front Door Rule.read
- (Defaults to 5 minutes) Used when retrieving the Front Door Rule.update
- (Defaults to 30 minutes) Used when updating the Front Door Rule.delete
- (Defaults to 30 minutes) Used when deleting the Front Door Rule.
Import
Front Door Rules can be imported using the resourceId
, e.g.