π§ Azure Application Gateway WAF policy bot protection is not enabled - prod.logic.yamlπ’
- Contextual name: π§ prod.logic.yamlπ’
- ID:
/ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Usesβ
- π Azure Application Gateway
- π Azure Application Gateway WAF Policy - object.extracts.yaml
- π§ͺ test-data.json
Test Results π’β
Generated at: 2025-12-17T01:31:02.431530131Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | 001 | βοΈ 99 | βοΈ isDisappeared(CA10__disappearanceTime__c) | βοΈ null |
| π’ | 002 | βοΈ 199 | βοΈ CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT) | βοΈ null |
| π’ | 003 | βοΈ 199 | βοΈ CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT) | βοΈ null |
| π’ | 004 | βοΈ 299 | βοΈ CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT) | βοΈ null |
| π’ | 005 | βοΈ 299 | βοΈ CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT) | βοΈ null |
| π’ | 006 | βοΈ 300 | βοΈ otherwise | βοΈ null |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/azure/application-gateway/gateway-waf-bot-protection/policy.yaml | 6E75907DC0108B181618D33601AE2317 |
| Open | /ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml | D004AA68DD6B69E68C3FA14083F352F3 |
| Open | /ce/ca/azure/application-gateway/gateway-waf-bot-protection/test-data.json | 10785A38D6F9425AEECBC3F79FA2B840 |
| Open | /types/CA10Z1__CaAzureApplicationGatewayWafPolicy__c/object.extracts.yaml | 1203B501EE9251441BCA934785DC7D22 |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/azure/application-gateway/gateway-waf-bot-protection/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaAzureApplicationGateway__c"
testData:
- file: "test-data.json"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Application Gateway WAF Policy does not use the Bot Manager Rule Set."
remediationMessage: "Configure the Gateway WAF Policy to use the Bot Manager Rule Set."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r"
- status: "COMPLIANT"
currentStateMessage: "The Application Gateway has a WAF Policy that uses the Bot Manager Rule Set."
check:
RELATED_LIST_HAS:
status: "COMPLIANT"
relationshipName: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r"
otherwise:
status: "INCOMPLIANT"
currentStateMessage: "The Application Gateway has no WAF Policy."
remediationMessage: "Configure a WAF Policy for the Application Gateway."
relatedLists:
- relationshipName: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r"
importExtracts:
- file: /types/CA10Z1__CaAzureApplicationGatewayWafPolicy__c/object.extracts.yaml
conditions:
# Microsoft_BotManagerRuleSet not exist
- status: "INCOMPLIANT"
currentStateMessage: "Ensure a managed rule set with ruleSetType of Microsoft_BotManagerRuleSet is returned."
remediationMessage: "Create managed rule set."
check:
LESS_THAN:
left:
EXTRACT: "CA10Z1__wafPolicy__r.caJsonFrom__managedRulesDefinitionMicrosoftBotManagerRuleSetCount__c"
right:
NUMBER: 1.0
# ruleGroupOverrides is empty
- status: "COMPLIANT"
currentStateMessage: "The ruleGroupOverrides is empty"
check:
IS_EQUAL:
left:
EXTRACT: "CA10Z1__wafPolicy__r.caJsonFrom__managedRulesDefinitionMicrosoftBotManagerRuleSetRuleGroupOverridesCount__c"
right:
NUMBER: 0.0
# no ruleGroupOverrides for ruleGroupName BadBots with state Disabled are returned
- status: "COMPLIANT"
currentStateMessage: "There're no ruleGroupOverrides for the BadBots rule group name in Disabled state."
check:
IS_EQUAL:
left:
EXTRACT: "CA10Z1__wafPolicy__r.caJsonFrom__managedRulesDefinitionMicrosoftBotManagerRuleSetRuleGroupOverridesBadBotsRulesDisabledExist__c"
right:
BOOLEAN: false
otherwise:
status: "INCOMPLIANT"
currentStateMessage: "The ruleGroupOverrides for the BadBots rule group name in Disabled state are returned."
remediationMessage: "Enable the Bad Bots rule group."