Module application-gateway

applicationGateway

Property	Value	Description
general (required)	general
privateFrontendIPAddress	string	Set the private frontend IP if you have a private frontend
gatewaySubnetId	string	Set the outbound subnet
publicIPAddressNaming	naming	Naming of the public IP address
ddosProtectionMode	'Disabled' 'Enabled' 'VirtualNetworkInherited'	DDoS Protection plan for public IP, Enabled = configure per IP (default = VirtualNetworkInherited)
managedIdentityType	'None' 'UserAssigned'	Type of managed identity associated with this application gateway (default: UserAssigned)
managedIdentityId	string	User assigned managed identity ResourceId to access other resources
zones	string[]	Zones where the application gateway should be deployed [Array of strings]
authenticationCertificates	applicationGatewayAuthenticationCertificate[]	Authentication certificates of the application gateway resource
autoscaleConfigurationMaxCapacity	int	Upper bound on number of Application Gateway capacity
autoscaleConfigurationMinCapacity	int	Lower bound on number of Application Gateway capacity
backendAddressPools (required)	applicationGatewayBackendAddressPool[]	Backend address pool of the application gateway resource
backendHttpSettingsCollection (required)	applicationGatewayBackendHTTPSetting[]	Backend http settings of the application gateway resource
customErrorConfigurations	applicationGatewayCustomErrorConfiguration[]	Custom error configurations of the application gateway resource
enableHttp2	bool	Whether HTTP2 is enabled on the application gateway resource
firewallPolicy	firewallPolicy	Properties of the general firewall policy of the AGW
additionalFirewallPolicies	additionalFirewallPolicies[]	Create custom firewall policies for association to listeners in the AGW
frontendIPConfigurations	applicationGatewayFrontendIPConfiguration[]	Frontend IP addresses of the application gateway resource
frontendPorts	applicationGatewayFrontendPort[]	Frontend ports of the application gateway resource
gatewayIPConfigurations	applicationGatewayGatewayIPConfiguration[]	Subnets of the application gateway resource
globalEnableRequestBuffering	bool	Enable request buffering
globalEnableResponseBuffering	bool	Enable response buffering
httpListeners (required)	applicationGatewayHTTPListener[]	Http listeners of the application gateway resource
loadDistributionPolicies	applicationGatewayLoadDistributionPolicy[]	Load distribution policies of the application gateway resource
privateLinkConfigurations	applicationGatewayPrivateLinkConfiguration[]	PrivateLink configurations on application gateway
probes	applicationGatewayProbe[]	Probes of the application gateway resource
redirectConfigurations	applicationGatewayRedirectConfiguration[]	Redirect configurations of the application gateway resource
requestRoutingRules (required)	applicationGatewayRequestRoutingRule[]	Request routing rules of the application gateway resource
rewriteRuleSets	applicationGatewayRewriteRuleSet[]	Rewrite rules for the application gateway resource
skuCapacity	int	Capacity (instance count) of an application gateway (default: 1)
skuName	'Standard_v2' 'WAF_v2'	Name of an application gateway SKU (default: Standard_v2)
sslCertificates	applicationGatewaySSLCertificate[]	SSL certificates of the application gateway resource
sslPolicy	applicationGatewaySSLPolicy	SSL policy of the application gateway resource
sslProfiles	applicationGatewaySSLProfile[]	SSL profiles of the application gateway resource
trustedClientCertificates	applicationGatewayTrustedClientCertificate[]	Trusted client certificates of the application gateway resource
trustedRootCertificates	applicationGatewayTrustedRootCertificate[]	Trusted Root certificates of the application gateway resource
urlPathMaps	applicationGatewayURLPathMap[]	URL path map of the application gateway resource
webApplicationFirewallConfiguration	object	Web application firewall configuration
diagnosticSettings	diagnosticSetting[]	Dianostic Settings for the resource

firewallPolicy

Property	Value	Description
firewallPolicyId	string	Reference to the FirewallPolicy
customRules	applicationGatewayWAFPolicyCustomeRule[]	The custom rules inside the policy
managedRules	applicationGatewayWAFManagedRules	Describes the managedRules structure
policySettings	applicationGatewayWAFPolicySettings	The PolicySettings for policy
forceFirewallPolicyAssociation	bool	If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF Config

additionalFirewallPolicies

Property	Value	Description
function (required)	string	Function for additional firewall policy
customRules	applicationGatewayWAFPolicyCustomeRule[]	The custom rules inside the policy
managedRules	applicationGatewayWAFManagedRules	Describes the managedRules structure
policySettings	applicationGatewayWAFPolicySettings	The PolicySettings for policy
forceFirewallPolicyAssociation	bool	If true, associates a firewall policy with an application gateway regardless whether the policy differs from the WAF Config

applicationGatewayCipherSuite

applicationGatewaySSLProtocols

applicationGatewayAuthenticationCertificate

Property	Value	Description
name (required)	string	Name of the authentication certificate that is unique within an Application Gateway
data (required)	string	Public data of the certificate

applicationGatewayBackendAddressPool

Property	Value	Description
name (required)	string	Name of the backend address pool that is unique within an Application Gateway.
backendAddresses	applicationGatewayBackendAddress[]	List of backend addresses

applicationGatewayBackendAddress

Property	Value	Description
fqdn	string	Fully qualified domain name
ipAddress	string	IP address

applicationGatewayBackendHTTPSetting

Property	Value	Description
name (required)	string	Name of the backend http settings that is unique within an Application Gateway
affinityCookieName	string	Cookie name to use for the affinity cookie
authenticationCertificateNames	string[]	References to authentication certificates defined in this application gateway
connectionDrainTimeoutInSec	int	When set, connection draining will be enabled
cookieBasedAffinity	'Disabled' 'Enabled'	Enable cookie based affinity
hostName	string	Host header to be sent to the backend servers
path	string	Path which should be used as a prefix for all HTTP requests. Null means no path will be prefixed. (default: null)
pickHostNameFromBackendAddress	bool	Whether to pick host header should be picked from the host name of the backend server. (default: false)
port (required)	int	The destination port on the backend
probeName	string	When set probe will be enabled
protocol (required)	applicationGatewayProtocol	The protocol used to communicate with the backend
requestTimeout	int	Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds
trustedRootCertificateNames	string[]	Trusted root certificate names

applicationGatewaySSLPolicy

Property	Value	Description
cipherSuites (required)	applicationGatewayCipherSuite[]	SSL cipher suites to be enabled in the specified order to application gateway
disabledSslProtocols (required)	applicationGatewaySSLProtocols[]	SSL protocols to be disabled on application gateway
minProtocolVersion (required)	'TLSv1_0' 'TLSv1_1' 'TLSv1_2' 'TLSv1_3'	Minimum version of SSL protocol to be supported on application gateway
policyName (required)	'AppGwSslPolicy20150501' 'AppGwSslPolicy20170401' 'AppGwSslPolicy20170401S' 'AppGwSslPolicy20220101' 'AppGwSslPolicy20220101S'	Name of Ssl predefined policy
policyType (required)	'Custom' 'CustomV2' 'Predefined'	Type of Ssl Policy

applicationGatewayProtocol

applicationGatewayCustomErrorConfiguration

Property	Value	Description
customErrorPageUrl (required)	string	Error page URL of the application gateway custom error
statusCode (required)	'HttpStatus400' 'HttpStatus403' 'HttpStatus404' 'HttpStatus405' 'HttpStatus408' 'HttpStatus500' 'HttpStatus502' 'HttpStatus503' 'HttpStatus504'	Status code of the application gateway custom error

applicationGatewayFrontendIPConfiguration

Property	Value	Description
name (required)	string	Name of the frontend IP configuration that is unique within an Application Gateway
privateIPAddress	string	PrivateIPAddress of the network interface IP Configuration
privateIPAllocationMethod	'Dynamic' 'Static'	The private IP address allocation method
privateLinkConfigurationName	string	Reference to the private link configuration to be associated with the frontend IP configuration
publicIPAddressId (required)	string	Reference to the public IP resource
subnetId	string	Resource Id of the subnet where the resource should be available

applicationGatewayFrontendPort

Property	Value	Description
name (required)	string	Name of the frontend port that is unique within an Application Gateway
port (required)	int	Frontend port

applicationGatewayGatewayIPConfiguration

Property	Value	Description
name (required)	string	Name of the IP configuration that is unique within an Application Gateway
subnetId (required)	string	Reference to the subnet resource. A subnet from where application gateway gets its private address

applicationGatewayHTTPListener

Property	Value	Description
name (required)	string	Name of the HTTP listener that is unique within an Application Gateway
customErrorConfigurations	applicationGatewayCustomErrorConfiguration[]	Custom error configurations of the HTTP listener resource
frontendIPConfigurationName (required)	string	Frontend IP configuration resource of an application gateway (default names: "public-frontend" or "private-frontend")
frontendPortName (required)	string	Frontend port of the HTTP listener resource
hostname	string	Host name of HTTP listener
hostNames	string[]	List of Host names for HTTP Listener that allows special wildcard characters as well
protocol (required)	applicationGatewayProtocol	Protocol of the HTTP listener
requireServerNameIndication	bool	Applicable only if protocol is https. Enables SNI for multi-hosting
sslCertificateName	string	SSL certificate resource of a HTTP listener
sslProfileName	string	SSL profile resource of a HTTP listener
firewallPolicyFunction	string	Firewall policy resource of a HTTP listener, function from additionalFirewallPolicies parameter
firewallPolicyResourceId	string	Firewall policy resource of a HTTP listener

applicationGatewayLoadDistributionPolicy

Property	Value	Description
name (required)	string	Name of the load distribution policy that is unique within an Application Gateway
loadDistributionAlgorithm (required)	'IpHash' 'LeastConnections' 'RoundRobin'	Load Distribution Targets resource of an application gateway
loadDistributionTargets (required)	applicationGatewayLoadDistributionTarget[]	Load Distribution Targets resource of an application gateway

applicationGatewayLoadDistributionTarget

Property	Value	Description
backendAddressPoolName (required)	string	Backend address pool resource of the application gateway
weightPerServer (required)	int	Weight per server. Range between 1 and 100

applicationGatewayPrivateLinkConfiguration

Property	Value	Description
name (required)	string	Name of the private link configuration that is unique within an Application Gateway
ipConfigurations (required)	applicationGatewayPrivateLinkIPConfiguration[]	An array of application gateway private link ip configurations

applicationGatewayPrivateLinkIPConfiguration

Property	Value	Description
name (required)	string	Name of th IP configuration
primary	bool	Whether the ip configuration is primary or not
privateIPAddress	string	The private IP address of the IP configuration
privateIPAllocationMethod	'Dynamic' 'Static'	The private IP address allocation method (default: Dynamic)
subnetId (required)	string	Resource Id of the subnet where the resource should be available

applicationGatewayProbe

Property	Value	Description
name (required)	string	Name of the probe that is unique within an Application Gateway
host	string	Host name to send the probe to
interval	int	The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds
match	match	Criterion for classifying a healthy probe response
minServers	int	Minimum number of servers that are always marked healthy. (default: 0)
path	string	Relative path of probe. Valid path starts from "/". Probe is sent to {Protocol}://{host}:{port}{path}.
pickHostNameFromBackendHttpSettings	bool	Whether the host header should be picked from the backend http settings (default: true)
port	int	Custom port which will be used for probing the backend servers, in case not set, port from http settings will be used. This property is valid for Basic, Standard_v2 and WAF_v2 only
protocol	applicationGatewayProtocol	The protocol used for the probe
timeout	int	The probe timeout in seconds, probe marked as failed if valid response is not received with this timeout period (default: 30)
unhealthyThreshold	int	The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold (default: 3)

match

Property	Value	Description
body	string	Body that must be contained in the health response. Default value is empty
statusCodes	string[]	Allowed ranges of healthy status codes. (default: 200-399)

applicationGatewayRedirectConfiguration

Property	Value	Description
name (required)	string	Name of the redirect configuration that is unique within an Application Gateway
includePath	bool	Include path in the redirected url
includeQueryString	bool	Include query string in the redirected url
pathRuleNames	string[]	Path rules specifying redirect configuration
redirectType	'Found' 'Permanent' 'SeeOther' 'Temporary'	HTTP redirection type
requestRoutingRuleNames	string[]	Request routing specifying redirect configuration
targetListenerName	string	Reference to a listener to redirect the request to
targetUrl	string	URL to redirect the request to
urlPathMapNames	string[]	URL path maps specifying default redirect configuration

applicationGatewayRequestRoutingRule

Property	Value	Description
name (required)	string	Name of the request routing rule that is unique within an Application Gateway
backendAddressPoolName	string	Backend address pool resource of the application gateway
backendHttpSettingsName	string	Backend http settings resource of the application gateway
httpListenerName (required)	string	Http listener resource of the application gateway
loadDistributionPolicyName	string	Load Distribution Policy resource of the application gateway
priority	int	Priority of the request routing rule (default: 100 + index)
redirectConfigurationName	string	Redirect configuration resource of the application gateway
rewriteRuleSetName	string	Rewrite Rule Set resource in Basic rule of the application gateway
ruleType	'Basic' 'PathBasedRouting'	Rule type
urlPathMapName	string	URL path map resource of the application gateway

applicationGatewayRewriteRuleSet

Property	Value	Description
name (required)	string	Name of the rewrite rule set that is unique within an Application Gateway
rewriteRules (required)	applicationGatewayRewriteRule[]	Rewrite rules in the rewrite rule set

applicationGatewayRewriteRule

Property	Value	Description
actionSet (required)	actionSet	Set of actions to be done as part of the rewrite Rule
conditions (required)	applicationGatewayRewriteRuleCondition[]	Conditions based on which the action set execution will be evaluated
name (required)	string	Name of the rewrite rule that is unique within an Application Gateway
ruleSequence (required)	int	Rule Sequence of the rewrite rule that determines the order of execution of a particular rule in a RewriteRuleSet

urlConfiguration

Property	Value	Description
modifiedPath	string	Url path which user has provided for url rewrite. Null means no path will be updated (default: null)
modifiedQueryString	string	Query string which user has provided for url rewrite. Null means no query string will be updated (default: null)
reroute	bool	If set as true, it will re-evaluate the url path map provided in path based request routing rules using modified path (default: false)

actionSet

Property	Value	Description
requestHeaderConfigurations (required)	applicationGatewayRequestHeaderConfiguration[]
responseHeaderConfigurations (required)	applicationGatewayResponseHeaderConfiguration[]
urlConfiguration	urlConfiguration

applicationGatewayRequestHeaderConfiguration

Property	Value	Description
headerName (required)	string	Header name of the header configuration
headerValue (required)	string	Header value of the header configuration

applicationGatewayResponseHeaderConfiguration

Property	Value	Description
headerName (required)	string	Header name of the header configuration
headerValue (required)	string	Header value of the header configuration

applicationGatewayRewriteRuleCondition

Property	Value	Description
ignoreCase (required)	bool	Setting this parameter to truth value with force the pattern to do a case in-sensitive comparison
negate (required)	bool	Setting this value as truth will force to check the negation of the condition given by the user
pattern (required)	string	The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition
variable (required)	string	The condition parameter of the RewriteRuleCondition

applicationGatewaySSLCertificate

Property	Value	Description
name (required)	string	Name of the SSL certificate that is unique within an Application Gateway
data	string	Base-64 encoded pfx certificate. Only applicable in PUT Request
keyVaultSecretId	string	Secret Id of (base-64 encoded unencrypted pfx) "Secret" or "Certificate" object stored in KeyVault
password	string	Password for the pfx file specified in data. Only applicable in PUT request

applicationGatewaySSLProfile

Property	Value	Description
name (required)	string	Name of the SSL profile that is unique within an Application Gateway
clientAuthConfiguration	clientAuthConfiguration	Client authentication configuration of the application gateway resource
sslPolicy (required)	applicationGatewaySSLPolicy	SSL policy of the application gateway resource
trustedClientCertificateNames (required)	string[]	Array of references to application gateway trusted client certificates

clientAuthConfiguration

Property	Value	Description
verifyClientCertIssuerDN	bool
verifyClientRevocation	'None' 'OCSP'

applicationGatewayTrustedClientCertificate

Property	Value	Description
name (required)	string	Name of the trusted client certificate that is unique within an Application Gateway
data (required)	string	Certificate public data

applicationGatewayTrustedRootCertificate

Property	Value	Description
name (required)	string	Name of the trusted root certificate that is unique within an Application Gateway
data	string	Certificate public data
keyVaultSecretId	string	Secret Id of (base-64 encoded unencrypted pfx) "Secret" or "Certificate" object stored in KeyVault

applicationGatewayURLPathMap

Property	Value	Description
name (required)	string	Name of the URL path map that is unique within an Application Gateway
defaultBackendAddressPoolName	string	Default backend address pool resource of URL path map
defaultBackendHttpSettingsName	string	Default backend http settings resource of URL path map
defaultLoadDistributionPolicyName	string	Default Load Distribution Policy resource of URL path map
defaultRedirectConfigurationName	string	Default redirect configuration resource of URL path map
defaultRewriteRuleSetName	string	Default Rewrite rule set resource of URL path map
pathRules (required)	applicationGatewayPathRule[]	Path rule of URL path map resource

applicationGatewayPathRule

Property	Value	Description
name (required)	string	Name of the path rule
backendAddressPool	string	Backend address pool resource of URL path map path rule
backendHttpSettings	string	Backend http settings resource of URL path map path rule
loadDistributionPolicy	string	Load Distribution Policy resource of URL path map path rule
paths (required)	string[]	Path rules of URL path map
redirectConfiguration	string	Redirect configuration resource of URL path map path rule
rewriteRuleSet	string	Rewrite rule set resource of URL path map path rule
firewallPolicyFunction	string	Firewall policy resource of a path rule, function from additionalFirewallPolicies parameter
firewallPolicyResourceId	string	Firewall policy resource of a path rule

applicationGatewayWAFPolicy

Property	Value	Description
general (required)	general
customRules	applicationGatewayWAFPolicyCustomeRule[]	The custom rules inside the policy
managedRules	applicationGatewayWAFManagedRules	Describes the managedRules structure
policySettings	applicationGatewayWAFPolicySettings	The PolicySettings for policy

applicationGatewayWAFPolicySettings

Property	Value	Description
customBlockResponseBody	string	If the action type is block, customer can override the response body. The body must be specified in base64 encoding
customBlockResponseStatusCode	int	If the action type is block, customer can override the response status code
fileUploadEnforcement	bool	Whether allow WAF to enforce file upload limits
fileUploadLimitInMb	int	Maximum file upload size in Mb for WAF
logScrubbing	logScrubbing	To scrub sensitive log fields
maxRequestBodySizeInKb	int	Maximum request body size in Kb for WAF
mode (required)	'Detection' 'Prevention'
requestBodyCheck	bool	Whether to allow WAF to check request Body
requestBodyEnforcement	bool	Whether allow WAF to enforce request body limits
requestBodyInspectLimitInKB	int	Max inspection limit in KB for request body inspection for WAF
state	'Disabled' 'Enabled'	The state of the policy

logScrubbing

Property	Value	Description
scrubbingRules (required)	applicationGatewayWAFPolicySettingsScrubbingRule[]	The rules that are applied to the logs for scrubbing
state	'Disabled' 'Enabled'	State of the log scrubbing config. (default: Enabled)

applicationGatewayWAFPolicySettingsScrubbingRule

Property	Value	Description
matchVariable (required)	'RequestArgNames' 'RequestCookieNames' 'RequestHeaderNames' 'RequestIPAddress' 'RequestJSONArgNames' 'RequestPostArgNames'	The variable to be scrubbed from the logs
selector	string	When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to
selectorMatchOperator (required)	'Equals' 'EqualsAny'	When matchVariable is a collection, operate on the selector to specify which elements in the collection this rule applies to
state	'Disabled' 'Enabled'	Defines the state of log scrubbing rule. (default: Enabled)

applicationGatewayWAFPolicyCustomeRule

Property	Value	Description
action (required)	'Allow' 'Block' 'Log'	Type of action to be taken
matchConditions (required)	applicationGatewayWAFPolicyCustomeRuleMatchCondition[]	List of match conditions
name (required)	string	The name of the resource that is unique within a policy. This name can be used to access the resource
priority (required)	int	Priority of the rule. Rules with a lower value will be evaluated before rules with a higher value
rateLimitDuration	'FiveMins' 'OneMin'	Duration over which Rate Limit policy will be applied. Applies only when ruleType is RateLimitRule
rateLimitThreshold	int	Rate Limit threshold to apply in case ruleType is RateLimitRule. Must be greater than or equal to 1
ruleType (required)	'Invalid' 'MatchRule' 'RateLimitRule'	The rule type
state	'Disabled' 'Enabled'	Describes if the custom rule is in enabled or disabled state. (default: Enabled)

applicationGatewayWAFPolicyCustomeRuleMatchCondition

Property	Value	Description
matchValues (required)	string[]	Match value
matchVariables (required)	applicationGatewayWAFPolicyCustomeRuleMatchVariable[]	List of match variables
negationConditon	bool	Whether this is negate condition or not
operator (required)	'Any' 'BeginsWith' 'Contains' 'EndsWith' 'Equal' 'GeoMatch' 'GreaterThan' 'GreaterThanOrEqual' 'IPMatch' 'LessThan' 'LessThanOrEqual' 'Regex'	The operator to be matched
transforms	Array containing any of: 'HtmlEntityDecode' 'Lowercase' 'RemoveNulls' 'Trim' 'Uppercase' 'UrlDecode' 'UrlEncode'	List of transforms

applicationGatewayWAFPolicyCustomeRuleMatchVariable

Property	Value	Description
selector	string	The selector of the match variable
variableName (required)	'PostArgs' 'QueryString' 'RemoteAddr' 'RequestBody' 'RequestCookies' 'RequestHeaders' 'RequestMethod' 'RequestUri'	Match variable

applicationGatewayWAFManagedRules

Property	Value	Description
exclusions	applicationGatewayWAFOwaspCrsExclusionEntry[]	The Exclusions that are applied on the policy
managedRuleSets (required)	applicationGatewayWAFManagedRuleSet[]	The managed rule sets that are associated with the policy

applicationGatewayWAFManagedRuleSet

Property	Value	Description
ruleGroupOverrides (required)	applicationGatewayWAFManagedRuleGroupOverride[]	Defines the rule group overrides to apply to the rule set
ruleSetType (required)	'Microsoft_BotManagerRuleSet' 'Microsoft_DefaultRuleSet' 'OWASP'	Defines the rule set type to use
ruleSetVersion (required)	string	Defines the version of the rule set to use

applicationGatewayWAFManagedRuleGroupOverride

Property	Value	Description
ruleGroupName (required)	string	The managed rule group to override
rules (required)	applicationGatewayWAFManagedRuleOverride[]	List of rules that will be disabled. If none specified, all rules in the group will be disabled

applicationGatewayWAFManagedRuleOverride

Property	Value	Description
action (required)	'Allow' 'AnomalyScoring' 'Block' 'Log'	Describes the override action to be applied when rule matches
ruleId (required)	string	Id for the managed rule
state	'Disabled' 'Enabled'	The state of the managed rule. (default: Disabled)

applicationGatewayWAFOwaspCrsExclusionEntry

Property	Value	Description
exclusionManagedRuleSets (required)	applicationGatewayWAFExclusionManagedRuleSet[]	The managed rule sets that are associated with the exclusion
matchVariable (required)	'RequestArgKeys' 'RequestArgNames' 'RequestArgValues' 'RequestCookieKeys' 'RequestCookieNames' 'RequestCookieValues' 'RequestHeaderKeys' 'RequestHeaderNames' 'RequestHeaderValues'	The variable to be excluded
selector	string	When matchVariable is a collection, operator used to specify which elements in the collection this exclusion applies to
selectorMatchOperator (required)	'Contains' 'EndsWith' 'Equals' 'EqualsAny' 'StartsWith'	When matchVariable is a collection, operate on the selector to specify which elements in the collection this exclusion applies to

applicationGatewayWAFExclusionManagedRuleSet

Property	Value	Description
ruleGroups (required)	applicationGatewayWAFExclusionManagedRuleGroup[]	Defines the rule groups to apply to the rule set.
ruleSetType (required)	string	Defines the rule set type to use
ruleSetVersion (required)	string	Defines the version of the rule set to use

applicationGatewayWAFExclusionManagedRuleGroup

Property	Value	Description
ruleGroupName (required)	string	The managed rule group for exclusion
rules (required)	rules[]	List of rule ids that will be excluded. If none specified, all rules in the group will be excluded