| title | description | services | documentationcenter | author | editor | ms.service | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Tutorial: Configure Rules Engine - Azure Front Door |
This article provides a tutorial on how to configure Rules Engine in both the Azure portal and CLI. |
frontdoor |
duongau |
frontdoor |
tutorial |
na |
infrastructure-services |
09/09/2020 |
duau |
devx-track-azurecli |
This tutorial shows how to create a Rules Engine configuration and your first rule in both Azure portal and CLI.
In this tutorial, you learn how to:
[!div class="checklist"]
- Configure Rules Engine using the portal.
- Configure Rules Engine using Azure CLI
- Before you can complete the steps in this tutorial, you must first create a Front Door. For more information, see Quickstart: Create a Front Door.
-
Within your Front door resource, go to Settings and select Rule Engine configuration. Click Add, give your configuration a name, and start creating your first Rules Engine configuration.
-
Click Add Rule to create your first rule. Then, by clicking Add condition or Add action you can define your rule.
[!NOTE]
- To delete a condition or action from rule, use the trash can on the right-hand side of the specific condition or action.
- To create a rule that applies to all incoming traffic, do not specify any conditions.
- To stop evaluating rules once the first match condition is met, check Stop evaluating remaining rule. If this is checked and all of the match conditions of a particular rule are met, then the remaining rules in the configuration will not be executed.
- All paths in Rules Engine are case sensitive.
- Header names should adhere to RFC 7230.
-
Determine the priority of the rules within your configuration by using the Move up, Move down, and Move to top buttons. The priority is in ascending order, meaning the rule first listed is the most important rule.
[!TIP] If you like to verify when the changes are propagated to Azure Front Door, you can create a custom response header in the rule using the example below. You can add a response header
_X-<RuleName>-Version_and change the value each time rule is updated.:::image type="content" source="./media/front-door-rules-engine/rules-version.png" alt-text="Screenshot of custom version header rule." lightbox="./media/front-door-rules-engine/rules-version-expanded.png"::: After the changes are updated, you can go to the URL to confirm the rule version being invoked: :::image type="content" source="./media/front-door-rules-engine/version-output.png" alt-text="Screenshot of custom header version output.":::
-
Once you have created one or more rules, press Save. This action creates your Rules Engine configuration.
-
Once you have created one or more configurations, associate a Rules Engine configuration with a Route Rule. While a single configuration can be applied to many route rules, a Route rule may only contain one Rules Engine configuration. To make the association, go to your Front Door designer > Route rules. Select the Route rule you'd like to add the Rules engine configuration to, go to Route details > Rules engine configuration, and select the configuration you'd like to associate.
-
If you haven't already, install Azure CLI. Add “front-door” extension:- az extension add --name front-door. Then, login and switch to your subscription az account set --subscription <name_or_Id>.
-
Start by creating a Rules Engine - this example shows one rule with one header-based action and one match condition.
az network front-door rules-engine rule create -f {front_door} -g {resource_group} --rules-engine-name {rules_engine} --name {rule1} --priority 1 --action-type RequestHeader --header-action Overwrite --header-name Rewrite --header-value True --match-variable RequestFilenameExtension --operator Contains --match-values jpg png --transforms Lowercase -
List all the rules.
az network front-door rules-engine rule list -f {front_door} -g {rg} --name {rules_engine} -
Add a forwarding route override action.
az network front-door rules-engine rule action add -f {front_door} -g {rg} --rules-engine-name {rules_engine} --name {rule1} --action-type ForwardRouteOverride --backend-pool {backend_pool_name} --caching Disabled -
List all the actions in a rule.
az network front-door rules-engine rule action list -f {front_door} -g {rg} -r {rules_engine} --name {rule1} -
Link a rules engine configuration to a routing rule.
az network front-door routing-rule update -g {rg} -f {front_door} -n {routing_rule_name} --rules-engine {rules_engine} -
Unlink rules engine.
az network front-door routing-rule update -g {rg} -f {front_door} -n {routing_rule_name} --remove rulesEngine # case sensitive word ‘rulesEngine’
For more information, a full list of AFD Rules Engine commands can be found here.
In the preceding steps, you configured and associated Rules Engine configuration to your routing rules. If you no longer want the Rules Engine configuration associated to your Front Door, you can remove the configuration by performing the following steps:
-
Disassociate any routing rules from the Rule Engine configuration by clicking the three dots next to Rule Engine name.
:::image type="content" source="./media/front-door-rules-engine/front-door-rule-engine-routing-association.png" alt-text="Associate routing rules":::
-
Uncheck all routing rules this Rule Engine configuration is associated to and click save.
:::image type="content" source="./media/front-door-rules-engine/front-door-routing-rule-association.png" alt-text="Routing rule association":::
-
Now you can delete the Rule Engine configuration from your Front Door.
:::image type="content" source="./media/front-door-rules-engine/front-door-delete-rule-engine-configuration.png" alt-text="Delete Rule Engine configuration":::
In this tutorial, you learned how to:
- Create a Rule Engine configuration
- Associate configuration to your Front Door routing rules.
To learn how to add security headers with Rule Engine, continue to the next tutorial.
[!div class="nextstepaction"] Security headers with Rules Engine