azurerm_web_application_firewall_policy should support requestBodyEnforcement

[rlaveycal]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

azurerm_web_application_firewall_policy has a property to control whether the body size should be enforced. This is separate from whether the body should be inspected.

i.e. it is possible to enable body inspection but prevent rejection is the body exceeds the maxRequestBodySizeInKb

See here for the CLI docs

New or Affected Resource(s)/Data Source(s)

azurerm_web_application_firewall_policy

Potential Terraform Configuration

resource "azurerm_web_application_firewall_policy" "this" {
  policy_settings {
    mode                             = "Prevention"
    file_upload_limit_in_mb          = 100
    max_request_body_size_in_kb      = 2000
    request_body_inspect_limit_in_kb = 128
    request_body_check               = true
    request_body_enforcement         = false
  }
}

References

No response

[g-macd]

It should also allow for setting the fileUploadEnforcement setting to true or false (file_upload_enforcement)

[chtay1]

Ran into this issue today as well. We have a need to have a request body larger than the maximum 2000Kb and so having the request_body_enforcement flag defaulted to on and not being able to set it via terraform is an issue.

[rajece1989]

@rcskosir When this enhancement will be taken care, We are facing issue in disabling this option.