$ loading_
检查并配置 Power Pages 站点前的 WAF 防火墙,提升抗攻击与访问控制能力。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "manage-firewall" 技能: 1. 下载 https://raw.githubusercontent.com/microsoft/power-platform-skills/main/plugins/power-pages/skills/manage-firewall/SKILL.md 2. 保存为 ~/.claude/skills/manage-firewall/SKILL.md 3. 装好后重载技能,告诉我可以用了
检查我的 Power Pages 生产站点当前的 WAF 配置状态,告诉我是否已启用防护,并说明是否存在常见 Web 攻击或机器人防护缺口。
返回当前 WAF 状态、关键配置摘要,以及是否建议立即启用或补强防护的说明。
请为我的 Power Pages 登录页面添加速率限制,降低暴力破解风险,并说明建议的阈值、时间窗口和生效范围。
提供登录页限流规则配置方案,包含建议参数及其防护目的说明。
帮我更新 WAF 规则:阻止特定国家访问,并限制某些后台路径仅允许授权来源访问;同时列出新增或修改的规则。
输出更新后的国家封锁与路径访问控制规则清单,并说明每条规则的作用。
Plugin check: Run
node "${CLAUDE_PLUGIN_ROOT}/scripts/check-version.js"— if it outputs a message, show it to the user before proceeding.
Configure the firewall for a Power Pages production site. The firewall is only available on production sites and in supported regions — the scripts detect and report eligibility issues. After rule changes, edge propagation takes up to one hour.
Initial request: $ARGUMENTS
.powerpages-site/website.yml stores the website record id, not the portal id. Every script takes --portalId. Resolve once via website.js --websiteId during prerequisites.enable.js and disable.js poll until the status reaches the target value (or timeout). delete-rules.js returns immediately (202) — verify via get-rules.js.B003EnabledState: "Disabled" inside RuleGroupOverrides — managed rule fields use PascalCase).set-rules.js is additive / update-only. Send only rules being created or modified. The service merges them; existing rules not in the payload are untouched.delete-rules.js to remove rules. set-rules.js cannot remove. Always use delete-rules.js --names.Created is the only "enabled" state. get-status.js returns value: "Created" when the firewall is enabled and actively filtering (counter-intuitive — the API does NOT use "Enabled"). Any other value (Disabled, None, Enabling, Disabling, Failed) means no active policy exists. MUST call get-status.js first and only invoke get-rules.js when value is Created — otherwise the rules endpoint returns a 500 and the whole firewall section gets skipped in the report.Create tasks in three groups. Mark each in_progress when starting, completed when done.
| Group | When to create | Tasks |
|---|---|---|
| 1 | At start | Check prerequisites |
| 2 | After prerequisites pass | Check firewall state · Choose an action (skip in review mode) |
| 3 | After user confirms an action | Apply the change (skip in review mode OR no change action was chosen) · Summarize and next steps (always) |
Use Glob to find **/powerpages.config.json. If $ARGUMENTS contains --review <out-dir>, remember the output directory — Steps 3–4 are skipped and Step 5 writes JSON only.
Read .powerpages-site/website.yml → extract id field → that is <WEBSITE_ID>.
If missing, the site has not been deployed. Tell the user and recommend /deploy-site. Stop. Do not resolve by name or URL.
Resolve to portalId:
node "${CLAUDE_PLUGIN_ROOT}/scripts/website.js" --websiteId "<WEBSITE_ID>"
Capture Id (portalId), Type, Name, WebsiteUrl. If exit code 2 → sign-in required (pac auth create or az login). If null → site not found in this environment. Stop in either case.
…
为 Power Apps 代码应用接入 Azure DevOps 连接器,便于查询工单、提报缺陷与管理流水线。
帮助用户为 Power Pages 站点配置登录认证、权限控制与身份提供商接入。