4.1.0

Release Date: April 2, 2026

---

✨ New Features

azure-networking: Front Door WAF Firewall Policy Module

A new frontdoor_firewall_policy module is available under azure-networking. It provisions an azurerm_cdn_frontdoor_firewall_policy with Microsoft-managed rule sets pre-configured and ready for use with Azure Front Door Premium profiles.

Features:

• Managed rule sets — Microsoft_DefaultRuleSet (v2.1) and Microsoft_BotManagerRuleSet (v1.1), both in Block mode, with configurable versions
• internal_access_only — bool flag that embeds int or ext in the generated policy name, distinguishing internal vs external-facing policies
• ip_allowlist — generic CIDR allowlist; when non-empty, a priority-2 Block rule denies all source IPs not in the list
• only_allow_saiftraffic + saif_corp_ip_allowlist — Saif Corp-specific IP restriction at priority 1
• mode — Detection or Prevention (default: Prevention)
• sku_name — locked to Premium_AzureFrontDoor (required for managed rule sets)

Example:

module "waf_policy" {
  source = "../../modules/azure-networking/modules/frontdoor_firewall_policy"

  resource_group_name    = "rg-networking-prd"
  owner                  = "saif"
  environment_short_name = "prd"
  internal_access_only   = false
  mode                   = "Prevention"
}

---

🔄 Breaking Changes

None in this release ✅

---

📋 Additional Notes

• Total commits: 1
• Files changed: 6
• Contributors: Brian Sheridan

---

Support

• 📧 Teams Support Channel: Support

---