request body inspection not configurable for front door waf

[hassbert]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

For Azure Front Door WAF it's currently not supported within the azurerm_frontdoor_firewall_policy resource to set (enable or disable) the request body inspection. See the option in the Azure Portal:

On the azurerm_application_gateway resource it's configurable.
I would suggest to implement the same on the azurerm_frontdoor_firewall_policy.

New or Affected Resource(s)/Data Source(s)

azurerm_frontdoor_firewall_policy

Potential Terraform Configuration

resource "azurerm_frontdoor_firewall_policy" "example" {
  name                              = "examplefdwafpolicy"
  resource_group_name               = azurerm_resource_group.example.name
  enabled                           = true
  mode                              = "Prevention"
  
  ### NEW ###
  request_body_check                = true # or false
}

References

No response

[sebader]

I'm not setting anything but for my deployment the check is enabled with this tf config:

resource "azurerm_frontdoor_firewall_policy" "main" {
  name                = "${lower(var.prefix)}globalfdfp"
  resource_group_name = azurerm_resource_group.global.name
  enabled             = true
  mode                = "Prevention"

  managed_rule {
    type    = "Microsoft_DefaultRuleSet"
    version = "1.1"
  }

  managed_rule {
    type    = "Microsoft_BotManagerRuleSet"
    version = "1.0"
  }

}

[hassbert]

yeah sorry for not being precise:
By default it's enabled but I would like to disable it. Therefore make it configurable via terraform.

In my screenshot above I disabled it manually and terraform does not recognize a change so it seems terraform is not watching that field at all and enables it by default.

[sebader]

@WodansSon is this something that will be covered in the new WAF policy rules with #17715 ?

[WodansSon]

@sebader @hassbert The legacy Frontdoor resource is being retired so there is no further active development on these resources moving forward. However, that said, this was originally going to be ported to the new CDN resources but was removed for GA due to issues and will be supported in the near future.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.