From 0c9ee1dbc55c44fc96b0cf2057c5364bde25a671 Mon Sep 17 00:00:00 2001 From: Yaara Rumney Date: Tue, 3 Jun 2025 10:22:33 +0300 Subject: [PATCH] first init- without record test since we are aiting for SDK 186 --- .../ScenarioTests/ApplicationGatewayTests.cs | 36 ++- .../ScenarioTests/ApplicationGatewayTests.ps1 | 236 +++++++++++++++++- src/Network/Network/ChangeLog.md | 3 +- ...irewallCustomRuleGroupByVariableCommand.cs | 2 +- ...atewayFirewallCustomRuleGroupByVariable.md | 2 +- 5 files changed, 274 insertions(+), 5 deletions(-) diff --git a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs index 18c1c1a3af25..2c4bda50e1dd 100644 --- a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs +++ b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.cs @@ -12,12 +12,13 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using System; using Microsoft.Azure.Commands.Network.Test.ScenarioTests; using Microsoft.Azure.Commands.TestFx; using Microsoft.Azure.Test.HttpRecorder; using Microsoft.WindowsAzure.Commands.ScenarioTest; +using System; using Xunit; +using static System.Runtime.InteropServices.JavaScript.JSType; namespace Commands.Network.Test.ScenarioTests { @@ -372,5 +373,38 @@ public void TestApplicationGatewayFirewallPolicyWithCustomBlockResponse() { TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithCustomBlockResponse"); } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)] + public void TestApplicationGatewayFirewallPolicyWithRateLimitRuleClientAddrXFFHeader() + { + TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithRateLimitRuleClientAddrXFFHeader"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)] + public void TestApplicationGatewayFirewallPolicyWithRateLimitRuleGeoLocationXFFHeader() + { + TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyWithRateLimitRuleGeoLocationXFFHeader"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)] + public void TestApplicationGatewayFirewallPolicyCustomRuleClientAddrXFFHeaderRemoval() + { + TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyCustomRuleClientAddrXFFHeaderRemoval"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + [Trait(Category.Owner, NrpTeamAlias.nvadev_subset1)] + public void TestApplicationGatewayFirewallPolicyCustomRuleGeoLocationXFFHeaderRemoval() + { + TestRunner.RunTestScript("Test-ApplicationGatewayFirewallPolicyCustomRuleGeoLocationXFFHeaderRemoval"); + } + } } diff --git a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 index 1ed5faf26839..6766514f01ec 100644 --- a/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 +++ b/src/Network/Network.Test/ScenarioTests/ApplicationGatewayTests.ps1 @@ -5701,4 +5701,238 @@ function Test-ApplicationGatewayHeaderValueMatcher # Cleanup Clean-ResourceGroup $rgname } -} \ No newline at end of file +} + +function Test-ApplicationGatewayFirewallPolicyWithRateLimitRuleClientAddrXFFHeader +{ + # Setup + $location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2" + $rgname = Get-ResourceGroupName + $wafPolicyName = "wafPolicy1" + + try { + + $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"} + + # WAF Policy with rate limiting rule custom Rule + $variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector Malicious-Header + $condition = New-AzApplicationGatewayFirewallCondition -MatchVariable $variable -Operator Any -NegationCondition $False + $groupbyVar = New-AzApplicationGatewayFirewallCustomRuleGroupByVariable -VariableName ClientAddrXFFHeader + $groupbyUserSes = New-AzApplicationGatewayFirewallCustomRuleGroupByUserSession -GroupByVariable $groupbyVar + $customRule = New-AzApplicationGatewayFirewallCustomRule -Name example -Priority 2 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Block + + $policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 + $managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2" + $managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet + New-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings -CustomRule $customRule + + $policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + + # Check WAF policy + Assert-AreEqual $policy.CustomRules[0].Name $customRule.Name + Assert-AreEqual $policy.CustomRules[0].RuleType $customRule.RuleType + Assert-AreEqual $policy.CustomRules[0].Action $customRule.Action + Assert-AreEqual $policy.CustomRules[0].Priority $customRule.Priority + Assert-AreEqual $policy.CustomRules[0].RateLimitDuration $customRule.RateLimitDuration + Assert-AreEqual $policy.CustomRules[0].RateLimitThreshold $customRule.RateLimitThreshold + Assert-AreEqual $policy.CustomRules[0].State "Enabled" + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].OperatorProperty $customRule.MatchConditions[0].OperatorProperty + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].NegationConditon $customRule.MatchConditions[0].NegationConditon + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].VariableName $customRule.MatchConditions[0].MatchVariables[0].VariableName + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].Selector $customRule.MatchConditions[0].MatchVariables[0].Selector + Assert-AreEqual $policy.CustomRules[0].GroupByUserSession[0].GroupByVariables[0].VariableName $customRule.GroupByUserSession[0].GroupByVariables[0].VariableName + Assert-AreEqual $policy.PolicySettings.FileUploadLimitInMb $policySettings.FileUploadLimitInMb + Assert-AreEqual $policy.PolicySettings.MaxRequestBodySizeInKb $policySettings.MaxRequestBodySizeInKb + Assert-AreEqual $policy.PolicySettings.RequestBodyCheck $policySettings.RequestBodyCheck + Assert-AreEqual $policy.PolicySettings.Mode $policySettings.Mode + Assert-AreEqual $policy.PolicySettings.State $policySettings.State + + $policy.CustomRules[0].State = "Disabled" + Set-AzApplicationGatewayFirewallPolicy -InputObject $policy + $policy1 = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + Assert-AreEqual $policy1.CustomRules[0].State "Disabled" + } + finally + { + # Cleanup + Clean-ResourceGroup $rgname + } +} + +function Test-ApplicationGatewayFirewallPolicyWithRateLimitRuleGeoLocationXFFHeader +{ + # Setup + $location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2" + $rgname = Get-ResourceGroupName + $wafPolicyName = "wafPolicy1" + + try { + + $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"} + + # WAF Policy with rate limiting rule custom Rule + $variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector Malicious-Header + $condition = New-AzApplicationGatewayFirewallCondition -MatchVariable $variable -Operator Any -NegationCondition $False + $groupbyVar = New-AzApplicationGatewayFirewallCustomRuleGroupByVariable -VariableName GeoLocationXFFHeader + $groupbyUserSes = New-AzApplicationGatewayFirewallCustomRuleGroupByUserSession -GroupByVariable $groupbyVar + $customRule = New-AzApplicationGatewayFirewallCustomRule -Name example -Priority 2 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Block + + $policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 + $managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2" + $managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet + New-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings -CustomRule $customRule + + $policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + + # Check WAF policy + Assert-AreEqual $policy.CustomRules[0].Name $customRule.Name + Assert-AreEqual $policy.CustomRules[0].RuleType $customRule.RuleType + Assert-AreEqual $policy.CustomRules[0].Action $customRule.Action + Assert-AreEqual $policy.CustomRules[0].Priority $customRule.Priority + Assert-AreEqual $policy.CustomRules[0].RateLimitDuration $customRule.RateLimitDuration + Assert-AreEqual $policy.CustomRules[0].RateLimitThreshold $customRule.RateLimitThreshold + Assert-AreEqual $policy.CustomRules[0].State "Enabled" + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].OperatorProperty $customRule.MatchConditions[0].OperatorProperty + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].NegationConditon $customRule.MatchConditions[0].NegationConditon + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].VariableName $customRule.MatchConditions[0].MatchVariables[0].VariableName + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].Selector $customRule.MatchConditions[0].MatchVariables[0].Selector + Assert-AreEqual $policy.CustomRules[0].GroupByUserSession[0].GroupByVariables[0].VariableName $customRule.GroupByUserSession[0].GroupByVariables[0].VariableName + Assert-AreEqual $policy.PolicySettings.FileUploadLimitInMb $policySettings.FileUploadLimitInMb + Assert-AreEqual $policy.PolicySettings.MaxRequestBodySizeInKb $policySettings.MaxRequestBodySizeInKb + Assert-AreEqual $policy.PolicySettings.RequestBodyCheck $policySettings.RequestBodyCheck + Assert-AreEqual $policy.PolicySettings.Mode $policySettings.Mode + Assert-AreEqual $policy.PolicySettings.State $policySettings.State + + $policy.CustomRules[0].State = "Disabled" + Set-AzApplicationGatewayFirewallPolicy -InputObject $policy + $policy1 = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + Assert-AreEqual $policy1.CustomRules[0].State "Disabled" + } + finally + { + # Cleanup + Clean-ResourceGroup $rgname + } +} + +function Test-ApplicationGatewayFirewallPolicyCustomRuleClientAddrXFFHeaderRemoval +{ + # Setup + $location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2" + $rgname = Get-ResourceGroupName + $wafPolicyName = "wafPolicy1" + + try { + + $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"} + + # WAF Policy with rate limiting rule custom Rule + $variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector Malicious-Header + $condition = New-AzApplicationGatewayFirewallCondition -MatchVariable $variable -Operator Any -NegationCondition $False + $groupbyVar = New-AzApplicationGatewayFirewallCustomRuleGroupByVariable -VariableName ClientAddrXFFHeader + $groupbyUserSes = New-AzApplicationGatewayFirewallCustomRuleGroupByUserSession -GroupByVariable $groupbyVar + $customRule = New-AzApplicationGatewayFirewallCustomRule -Name example -Priority 2 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Block + + $policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 + $managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2" + $managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet + New-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings -CustomRule $customRule + + $policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + + # Check WAF policy + Assert-AreEqual $policy.CustomRules[0].Name $customRule.Name + Assert-AreEqual $policy.CustomRules[0].RuleType $customRule.RuleType + Assert-AreEqual $policy.CustomRules[0].Action $customRule.Action + Assert-AreEqual $policy.CustomRules[0].Priority $customRule.Priority + Assert-AreEqual $policy.CustomRules[0].RateLimitDuration $customRule.RateLimitDuration + Assert-AreEqual $policy.CustomRules[0].RateLimitThreshold $customRule.RateLimitThreshold + Assert-AreEqual $policy.CustomRules[0].State "Enabled" + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].OperatorProperty $customRule.MatchConditions[0].OperatorProperty + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].NegationConditon $customRule.MatchConditions[0].NegationConditon + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].VariableName $customRule.MatchConditions[0].MatchVariables[0].VariableName + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].Selector $customRule.MatchConditions[0].MatchVariables[0].Selector + Assert-AreEqual $policy.CustomRules[0].GroupByUserSession[0].GroupByVariables[0].VariableName $customRule.GroupByUserSession[0].GroupByVariables[0].VariableName + Assert-AreEqual $policy.PolicySettings.FileUploadLimitInMb $policySettings.FileUploadLimitInMb + Assert-AreEqual $policy.PolicySettings.MaxRequestBodySizeInKb $policySettings.MaxRequestBodySizeInKb + Assert-AreEqual $policy.PolicySettings.RequestBodyCheck $policySettings.RequestBodyCheck + Assert-AreEqual $policy.PolicySettings.Mode $policySettings.Mode + Assert-AreEqual $policy.PolicySettings.State $policySettings.State + + $policy.CustomRules[0].State = "Disabled" + Set-AzApplicationGatewayFirewallPolicy -InputObject $policy + $policy1 = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + Assert-AreEqual $policy1.CustomRules[0].State "Disabled" + + #Remove Custom Rule + Remove-AzApplicationGatewayFirewallCustomRule -Name $customRule.Name -ResourceGroupName $rgname -PolicyName $wafPolicyName + $policynew = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + Assert-Null $policynew.CustomRules[0] + } + finally + { + # Cleanup + Clean-ResourceGroup $rgname + } +} + +function Test-ApplicationGatewayFirewallPolicyCustomRuleGeoLocationXFFHeaderRemoval +{ + # Setup + $location = Get-ProviderLocation "Microsoft.Network/applicationGateways" "West US 2" + $rgname = Get-ResourceGroupName + $wafPolicyName = "wafPolicy1" + + try { + + $resourceGroup = New-AzResourceGroup -Name $rgname -Location $location -Tags @{ testtag = "APPGw tag"} + + # WAF Policy with rate limiting rule custom Rule + $variable = New-AzApplicationGatewayFirewallMatchVariable -VariableName RequestHeaders -Selector Malicious-Header + $condition = New-AzApplicationGatewayFirewallCondition -MatchVariable $variable -Operator Any -NegationCondition $False + $groupbyVar = New-AzApplicationGatewayFirewallCustomRuleGroupByVariable -VariableName GeoLocationXFFHeader + $groupbyUserSes = New-AzApplicationGatewayFirewallCustomRuleGroupByUserSession -GroupByVariable $groupbyVar + $customRule = New-AzApplicationGatewayFirewallCustomRule -Name example -Priority 2 -RateLimitDuration OneMin -RateLimitThreshold 10 -RuleType RateLimitRule -MatchCondition $condition -GroupByUserSession $groupbyUserSes -Action Block + + $policySettings = New-AzApplicationGatewayFirewallPolicySetting -Mode Prevention -State Enabled -MaxFileUploadInMb 70 -MaxRequestBodySizeInKb 70 + $managedRuleSet = New-AzApplicationGatewayFirewallPolicyManagedRuleSet -RuleSetType "OWASP" -RuleSetVersion "3.2" + $managedRule = New-AzApplicationGatewayFirewallPolicyManagedRule -ManagedRuleSet $managedRuleSet + New-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname -Location $location -ManagedRule $managedRule -PolicySetting $policySettings -CustomRule $customRule + + $policy = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + + # Check WAF policy + Assert-AreEqual $policy.CustomRules[0].Name $customRule.Name + Assert-AreEqual $policy.CustomRules[0].RuleType $customRule.RuleType + Assert-AreEqual $policy.CustomRules[0].Action $customRule.Action + Assert-AreEqual $policy.CustomRules[0].Priority $customRule.Priority + Assert-AreEqual $policy.CustomRules[0].RateLimitDuration $customRule.RateLimitDuration + Assert-AreEqual $policy.CustomRules[0].RateLimitThreshold $customRule.RateLimitThreshold + Assert-AreEqual $policy.CustomRules[0].State "Enabled" + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].OperatorProperty $customRule.MatchConditions[0].OperatorProperty + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].NegationConditon $customRule.MatchConditions[0].NegationConditon + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].VariableName $customRule.MatchConditions[0].MatchVariables[0].VariableName + Assert-AreEqual $policy.CustomRules[0].MatchConditions[0].MatchVariables[0].Selector $customRule.MatchConditions[0].MatchVariables[0].Selector + Assert-AreEqual $policy.CustomRules[0].GroupByUserSession[0].GroupByVariables[0].VariableName $customRule.GroupByUserSession[0].GroupByVariables[0].VariableName + Assert-AreEqual $policy.PolicySettings.FileUploadLimitInMb $policySettings.FileUploadLimitInMb + Assert-AreEqual $policy.PolicySettings.MaxRequestBodySizeInKb $policySettings.MaxRequestBodySizeInKb + Assert-AreEqual $policy.PolicySettings.RequestBodyCheck $policySettings.RequestBodyCheck + Assert-AreEqual $policy.PolicySettings.Mode $policySettings.Mode + Assert-AreEqual $policy.PolicySettings.State $policySettings.State + + $policy.CustomRules[0].State = "Disabled" + Set-AzApplicationGatewayFirewallPolicy -InputObject $policy + $policy1 = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + Assert-AreEqual $policy1.CustomRules[0].State "Disabled" + + #Remove Custom Rule + Remove-AzApplicationGatewayFirewallCustomRule -Name $customRule.Name -ResourceGroupName $rgname -PolicyName $wafPolicyName + $policynew = Get-AzApplicationGatewayFirewallPolicy -Name $wafPolicyName -ResourceGroupName $rgname + Assert-Null $policynew.CustomRules[0] + } + finally + { + # Cleanup + Clean-ResourceGroup $rgname + } +} diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md index 780ef83439c2..b0756b91d3e9 100644 --- a/src/Network/Network/ChangeLog.md +++ b/src/Network/Network/ChangeLog.md @@ -19,7 +19,8 @@ ---> ## Upcoming Release - +* Added property 'GeoLocationXFFHeader' and 'ClientAddrXFFHeader' as VariableName in `NewAzureApplicationGatewayFirewallCustomRuleGroupByVariable`. +* Fixed bug in `NewAzureApplicationGatewayFirewallCustomRuleGroupByVariable` to add "GeoLocation" as a valid input for VariableName ## Version 7.17.0 * Added properties 'PublicIpAddressesV6', 'PublicIpPrefixesV6', and 'SourceVirtualNetwork' to NatGateway, as well as support for it for the following cmdlets: - `New-AzNatGateway` diff --git a/src/Network/Network/FirewallPolicy/FirewallCustomRule/GroupByUserSession/GroupByVariable/NewAzureApplicationGatewayFirewallCustomRuleGroupByVariableCommand.cs b/src/Network/Network/FirewallPolicy/FirewallCustomRule/GroupByUserSession/GroupByVariable/NewAzureApplicationGatewayFirewallCustomRuleGroupByVariableCommand.cs index 38b1c140acd2..e70db5cbd466 100644 --- a/src/Network/Network/FirewallPolicy/FirewallCustomRule/GroupByUserSession/GroupByVariable/NewAzureApplicationGatewayFirewallCustomRuleGroupByVariableCommand.cs +++ b/src/Network/Network/FirewallPolicy/FirewallCustomRule/GroupByUserSession/GroupByVariable/NewAzureApplicationGatewayFirewallCustomRuleGroupByVariableCommand.cs @@ -25,7 +25,7 @@ public class NewAzureApplicationGatewayFirewallCustomRuleGroupByVariableCommand Mandatory = true, HelpMessage = "User Session clause variable.")] [ValidateNotNullOrEmpty] - [ValidateSet("ClientAddr", "GeoLocation", "None", IgnoreCase = true)] + [ValidateSet("ClientAddr", "GeoLocation", "None", "ClientAddrXFFHeader", "GeoLocationXFFHeader", IgnoreCase = true)] public string VariableName { get; set; } public override void ExecuteCmdlet() diff --git a/src/Network/Network/help/New-AzApplicationGatewayFirewallCustomRuleGroupByVariable.md b/src/Network/Network/help/New-AzApplicationGatewayFirewallCustomRuleGroupByVariable.md index a9fd75a13222..e0f278a2e362 100644 --- a/src/Network/Network/help/New-AzApplicationGatewayFirewallCustomRuleGroupByVariable.md +++ b/src/Network/Network/help/New-AzApplicationGatewayFirewallCustomRuleGroupByVariable.md @@ -53,7 +53,7 @@ User Session clause variable. Type: System.String Parameter Sets: (All) Aliases: -Accepted values: ClientAddr, GeoLocation, None +Accepted values: ClientAddr, GeoLocation, None, ClientAddrXFFHeader, GeoLocationXFFHeader Required: True Position: Named