1. Packages
  2. Fastly Provider
  3. API Docs
  4. ServiceWafConfiguration
Fastly v8.13.0 published on Wednesday, Nov 13, 2024 by Pulumi

fastly.ServiceWafConfiguration

Explore with Pulumi AI

fastly logo
Fastly v8.13.0 published on Wednesday, Nov 13, 2024 by Pulumi

    Defines a set of Web Application Firewall configuration options that can be used to populate a service WAF. This resource will configure rules, thresholds and other settings for a WAF.

    Warning: This provider will take precedence over any changes you make in the UI or API. Such changes are likely to be reversed if you run the provider again.

    Example Usage

    Basic usage:

    import * as pulumi from "@pulumi/pulumi";
    import * as fastly from "@pulumi/fastly";
    
    const demo = new fastly.ServiceVcl("demo", {
        name: "demofastly",
        domains: [{
            name: "example.com",
            comment: "demo",
        }],
        backends: [{
            address: "127.0.0.1",
            name: "origin1",
            port: 80,
        }],
        conditions: [
            {
                name: "WAF_Prefetch",
                type: "PREFETCH",
                statement: "req.backend.is_origin",
            },
            {
                name: "WAF_always_false",
                statement: "false",
                type: "REQUEST",
            },
        ],
        responseObjects: [{
            name: "WAF_Response",
            status: 403,
            response: "Forbidden",
            contentType: "text/html",
            content: "<html><body>Forbidden</body></html>",
            requestCondition: "WAF_always_false",
        }],
        waf: {
            prefetchCondition: "WAF_Prefetch",
            responseObject: "WAF_Response",
        },
        forceDestroy: true,
    });
    const waf = new fastly.ServiceWafConfiguration("waf", {
        wafId: demo.waf.apply(waf => waf?.wafId),
        httpViolationScoreThreshold: 100,
    });
    
    import pulumi
    import pulumi_fastly as fastly
    
    demo = fastly.ServiceVcl("demo",
        name="demofastly",
        domains=[{
            "name": "example.com",
            "comment": "demo",
        }],
        backends=[{
            "address": "127.0.0.1",
            "name": "origin1",
            "port": 80,
        }],
        conditions=[
            {
                "name": "WAF_Prefetch",
                "type": "PREFETCH",
                "statement": "req.backend.is_origin",
            },
            {
                "name": "WAF_always_false",
                "statement": "false",
                "type": "REQUEST",
            },
        ],
        response_objects=[{
            "name": "WAF_Response",
            "status": 403,
            "response": "Forbidden",
            "content_type": "text/html",
            "content": "<html><body>Forbidden</body></html>",
            "request_condition": "WAF_always_false",
        }],
        waf={
            "prefetch_condition": "WAF_Prefetch",
            "response_object": "WAF_Response",
        },
        force_destroy=True)
    waf = fastly.ServiceWafConfiguration("waf",
        waf_id=demo.waf.waf_id,
        http_violation_score_threshold=100)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		demo, err := fastly.NewServiceVcl(ctx, "demo", &fastly.ServiceVclArgs{
    			Name: pulumi.String("demofastly"),
    			Domains: fastly.ServiceVclDomainArray{
    				&fastly.ServiceVclDomainArgs{
    					Name:    pulumi.String("example.com"),
    					Comment: pulumi.String("demo"),
    				},
    			},
    			Backends: fastly.ServiceVclBackendArray{
    				&fastly.ServiceVclBackendArgs{
    					Address: pulumi.String("127.0.0.1"),
    					Name:    pulumi.String("origin1"),
    					Port:    pulumi.Int(80),
    				},
    			},
    			Conditions: fastly.ServiceVclConditionArray{
    				&fastly.ServiceVclConditionArgs{
    					Name:      pulumi.String("WAF_Prefetch"),
    					Type:      pulumi.String("PREFETCH"),
    					Statement: pulumi.String("req.backend.is_origin"),
    				},
    				&fastly.ServiceVclConditionArgs{
    					Name:      pulumi.String("WAF_always_false"),
    					Statement: pulumi.String("false"),
    					Type:      pulumi.String("REQUEST"),
    				},
    			},
    			ResponseObjects: fastly.ServiceVclResponseObjectArray{
    				&fastly.ServiceVclResponseObjectArgs{
    					Name:             pulumi.String("WAF_Response"),
    					Status:           pulumi.Int(403),
    					Response:         pulumi.String("Forbidden"),
    					ContentType:      pulumi.String("text/html"),
    					Content:          pulumi.String("<html><body>Forbidden</body></html>"),
    					RequestCondition: pulumi.String("WAF_always_false"),
    				},
    			},
    			Waf: &fastly.ServiceVclWafArgs{
    				PrefetchCondition: pulumi.String("WAF_Prefetch"),
    				ResponseObject:    pulumi.String("WAF_Response"),
    			},
    			ForceDestroy: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = fastly.NewServiceWafConfiguration(ctx, "waf", &fastly.ServiceWafConfigurationArgs{
    			WafId: pulumi.String(demo.Waf.ApplyT(func(waf fastly.ServiceVclWaf) (*string, error) {
    				return &waf.WafId, nil
    			}).(pulumi.StringPtrOutput)),
    			HttpViolationScoreThreshold: pulumi.Int(100),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fastly = Pulumi.Fastly;
    
    return await Deployment.RunAsync(() => 
    {
        var demo = new Fastly.ServiceVcl("demo", new()
        {
            Name = "demofastly",
            Domains = new[]
            {
                new Fastly.Inputs.ServiceVclDomainArgs
                {
                    Name = "example.com",
                    Comment = "demo",
                },
            },
            Backends = new[]
            {
                new Fastly.Inputs.ServiceVclBackendArgs
                {
                    Address = "127.0.0.1",
                    Name = "origin1",
                    Port = 80,
                },
            },
            Conditions = new[]
            {
                new Fastly.Inputs.ServiceVclConditionArgs
                {
                    Name = "WAF_Prefetch",
                    Type = "PREFETCH",
                    Statement = "req.backend.is_origin",
                },
                new Fastly.Inputs.ServiceVclConditionArgs
                {
                    Name = "WAF_always_false",
                    Statement = "false",
                    Type = "REQUEST",
                },
            },
            ResponseObjects = new[]
            {
                new Fastly.Inputs.ServiceVclResponseObjectArgs
                {
                    Name = "WAF_Response",
                    Status = 403,
                    Response = "Forbidden",
                    ContentType = "text/html",
                    Content = "<html><body>Forbidden</body></html>",
                    RequestCondition = "WAF_always_false",
                },
            },
            Waf = new Fastly.Inputs.ServiceVclWafArgs
            {
                PrefetchCondition = "WAF_Prefetch",
                ResponseObject = "WAF_Response",
            },
            ForceDestroy = true,
        });
    
        var waf = new Fastly.ServiceWafConfiguration("waf", new()
        {
            WafId = demo.Waf.Apply(waf => waf?.WafId),
            HttpViolationScoreThreshold = 100,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fastly.ServiceVcl;
    import com.pulumi.fastly.ServiceVclArgs;
    import com.pulumi.fastly.inputs.ServiceVclDomainArgs;
    import com.pulumi.fastly.inputs.ServiceVclBackendArgs;
    import com.pulumi.fastly.inputs.ServiceVclConditionArgs;
    import com.pulumi.fastly.inputs.ServiceVclResponseObjectArgs;
    import com.pulumi.fastly.inputs.ServiceVclWafArgs;
    import com.pulumi.fastly.ServiceWafConfiguration;
    import com.pulumi.fastly.ServiceWafConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var demo = new ServiceVcl("demo", ServiceVclArgs.builder()
                .name("demofastly")
                .domains(ServiceVclDomainArgs.builder()
                    .name("example.com")
                    .comment("demo")
                    .build())
                .backends(ServiceVclBackendArgs.builder()
                    .address("127.0.0.1")
                    .name("origin1")
                    .port(80)
                    .build())
                .conditions(            
                    ServiceVclConditionArgs.builder()
                        .name("WAF_Prefetch")
                        .type("PREFETCH")
                        .statement("req.backend.is_origin")
                        .build(),
                    ServiceVclConditionArgs.builder()
                        .name("WAF_always_false")
                        .statement("false")
                        .type("REQUEST")
                        .build())
                .responseObjects(ServiceVclResponseObjectArgs.builder()
                    .name("WAF_Response")
                    .status("403")
                    .response("Forbidden")
                    .contentType("text/html")
                    .content("<html><body>Forbidden</body></html>")
                    .requestCondition("WAF_always_false")
                    .build())
                .waf(ServiceVclWafArgs.builder()
                    .prefetchCondition("WAF_Prefetch")
                    .responseObject("WAF_Response")
                    .build())
                .forceDestroy(true)
                .build());
    
            var waf = new ServiceWafConfiguration("waf", ServiceWafConfigurationArgs.builder()
                .wafId(demo.waf().applyValue(waf -> waf.wafId()))
                .httpViolationScoreThreshold(100)
                .build());
    
        }
    }
    
    resources:
      demo:
        type: fastly:ServiceVcl
        properties:
          name: demofastly
          domains:
            - name: example.com
              comment: demo
          backends:
            - address: 127.0.0.1
              name: origin1
              port: 80
          conditions:
            - name: WAF_Prefetch
              type: PREFETCH
              statement: req.backend.is_origin
            - name: WAF_always_false
              statement: 'false'
              type: REQUEST
          responseObjects:
            - name: WAF_Response
              status: '403'
              response: Forbidden
              contentType: text/html
              content: <html><body>Forbidden</body></html>
              requestCondition: WAF_always_false
          waf:
            prefetchCondition: WAF_Prefetch
            responseObject: WAF_Response
          forceDestroy: true
      waf:
        type: fastly:ServiceWafConfiguration
        properties:
          wafId: ${demo.waf.wafId}
          httpViolationScoreThreshold: 100
    

    Usage with rules:

    import * as pulumi from "@pulumi/pulumi";
    import * as fastly from "@pulumi/fastly";
    
    const demo = new fastly.ServiceVcl("demo", {
        name: "demofastly",
        domains: [{
            name: "example.com",
            comment: "demo",
        }],
        backends: [{
            address: "127.0.0.1",
            name: "origin1",
            port: 80,
        }],
        conditions: [
            {
                name: "WAF_Prefetch",
                type: "PREFETCH",
                statement: "req.backend.is_origin",
            },
            {
                name: "WAF_always_false",
                statement: "false",
                type: "REQUEST",
            },
        ],
        responseObjects: [{
            name: "WAF_Response",
            status: 403,
            response: "Forbidden",
            contentType: "text/html",
            content: "<html><body>Forbidden</body></html>",
            requestCondition: "WAF_always_false",
        }],
        waf: {
            prefetchCondition: "WAF_Prefetch",
            responseObject: "WAF_Response",
        },
        forceDestroy: true,
    });
    const waf = new fastly.ServiceWafConfiguration("waf", {
        wafId: demo.waf.apply(waf => waf?.wafId),
        httpViolationScoreThreshold: 100,
        rules: [{
            modsecRuleId: 1010090,
            revision: 1,
            status: "log",
        }],
    });
    
    import pulumi
    import pulumi_fastly as fastly
    
    demo = fastly.ServiceVcl("demo",
        name="demofastly",
        domains=[{
            "name": "example.com",
            "comment": "demo",
        }],
        backends=[{
            "address": "127.0.0.1",
            "name": "origin1",
            "port": 80,
        }],
        conditions=[
            {
                "name": "WAF_Prefetch",
                "type": "PREFETCH",
                "statement": "req.backend.is_origin",
            },
            {
                "name": "WAF_always_false",
                "statement": "false",
                "type": "REQUEST",
            },
        ],
        response_objects=[{
            "name": "WAF_Response",
            "status": 403,
            "response": "Forbidden",
            "content_type": "text/html",
            "content": "<html><body>Forbidden</body></html>",
            "request_condition": "WAF_always_false",
        }],
        waf={
            "prefetch_condition": "WAF_Prefetch",
            "response_object": "WAF_Response",
        },
        force_destroy=True)
    waf = fastly.ServiceWafConfiguration("waf",
        waf_id=demo.waf.waf_id,
        http_violation_score_threshold=100,
        rules=[{
            "modsec_rule_id": 1010090,
            "revision": 1,
            "status": "log",
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		demo, err := fastly.NewServiceVcl(ctx, "demo", &fastly.ServiceVclArgs{
    			Name: pulumi.String("demofastly"),
    			Domains: fastly.ServiceVclDomainArray{
    				&fastly.ServiceVclDomainArgs{
    					Name:    pulumi.String("example.com"),
    					Comment: pulumi.String("demo"),
    				},
    			},
    			Backends: fastly.ServiceVclBackendArray{
    				&fastly.ServiceVclBackendArgs{
    					Address: pulumi.String("127.0.0.1"),
    					Name:    pulumi.String("origin1"),
    					Port:    pulumi.Int(80),
    				},
    			},
    			Conditions: fastly.ServiceVclConditionArray{
    				&fastly.ServiceVclConditionArgs{
    					Name:      pulumi.String("WAF_Prefetch"),
    					Type:      pulumi.String("PREFETCH"),
    					Statement: pulumi.String("req.backend.is_origin"),
    				},
    				&fastly.ServiceVclConditionArgs{
    					Name:      pulumi.String("WAF_always_false"),
    					Statement: pulumi.String("false"),
    					Type:      pulumi.String("REQUEST"),
    				},
    			},
    			ResponseObjects: fastly.ServiceVclResponseObjectArray{
    				&fastly.ServiceVclResponseObjectArgs{
    					Name:             pulumi.String("WAF_Response"),
    					Status:           pulumi.Int(403),
    					Response:         pulumi.String("Forbidden"),
    					ContentType:      pulumi.String("text/html"),
    					Content:          pulumi.String("<html><body>Forbidden</body></html>"),
    					RequestCondition: pulumi.String("WAF_always_false"),
    				},
    			},
    			Waf: &fastly.ServiceVclWafArgs{
    				PrefetchCondition: pulumi.String("WAF_Prefetch"),
    				ResponseObject:    pulumi.String("WAF_Response"),
    			},
    			ForceDestroy: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = fastly.NewServiceWafConfiguration(ctx, "waf", &fastly.ServiceWafConfigurationArgs{
    			WafId: pulumi.String(demo.Waf.ApplyT(func(waf fastly.ServiceVclWaf) (*string, error) {
    				return &waf.WafId, nil
    			}).(pulumi.StringPtrOutput)),
    			HttpViolationScoreThreshold: pulumi.Int(100),
    			Rules: fastly.ServiceWafConfigurationRuleArray{
    				&fastly.ServiceWafConfigurationRuleArgs{
    					ModsecRuleId: pulumi.Int(1010090),
    					Revision:     pulumi.Int(1),
    					Status:       pulumi.String("log"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fastly = Pulumi.Fastly;
    
    return await Deployment.RunAsync(() => 
    {
        var demo = new Fastly.ServiceVcl("demo", new()
        {
            Name = "demofastly",
            Domains = new[]
            {
                new Fastly.Inputs.ServiceVclDomainArgs
                {
                    Name = "example.com",
                    Comment = "demo",
                },
            },
            Backends = new[]
            {
                new Fastly.Inputs.ServiceVclBackendArgs
                {
                    Address = "127.0.0.1",
                    Name = "origin1",
                    Port = 80,
                },
            },
            Conditions = new[]
            {
                new Fastly.Inputs.ServiceVclConditionArgs
                {
                    Name = "WAF_Prefetch",
                    Type = "PREFETCH",
                    Statement = "req.backend.is_origin",
                },
                new Fastly.Inputs.ServiceVclConditionArgs
                {
                    Name = "WAF_always_false",
                    Statement = "false",
                    Type = "REQUEST",
                },
            },
            ResponseObjects = new[]
            {
                new Fastly.Inputs.ServiceVclResponseObjectArgs
                {
                    Name = "WAF_Response",
                    Status = 403,
                    Response = "Forbidden",
                    ContentType = "text/html",
                    Content = "<html><body>Forbidden</body></html>",
                    RequestCondition = "WAF_always_false",
                },
            },
            Waf = new Fastly.Inputs.ServiceVclWafArgs
            {
                PrefetchCondition = "WAF_Prefetch",
                ResponseObject = "WAF_Response",
            },
            ForceDestroy = true,
        });
    
        var waf = new Fastly.ServiceWafConfiguration("waf", new()
        {
            WafId = demo.Waf.Apply(waf => waf?.WafId),
            HttpViolationScoreThreshold = 100,
            Rules = new[]
            {
                new Fastly.Inputs.ServiceWafConfigurationRuleArgs
                {
                    ModsecRuleId = 1010090,
                    Revision = 1,
                    Status = "log",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fastly.ServiceVcl;
    import com.pulumi.fastly.ServiceVclArgs;
    import com.pulumi.fastly.inputs.ServiceVclDomainArgs;
    import com.pulumi.fastly.inputs.ServiceVclBackendArgs;
    import com.pulumi.fastly.inputs.ServiceVclConditionArgs;
    import com.pulumi.fastly.inputs.ServiceVclResponseObjectArgs;
    import com.pulumi.fastly.inputs.ServiceVclWafArgs;
    import com.pulumi.fastly.ServiceWafConfiguration;
    import com.pulumi.fastly.ServiceWafConfigurationArgs;
    import com.pulumi.fastly.inputs.ServiceWafConfigurationRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var demo = new ServiceVcl("demo", ServiceVclArgs.builder()
                .name("demofastly")
                .domains(ServiceVclDomainArgs.builder()
                    .name("example.com")
                    .comment("demo")
                    .build())
                .backends(ServiceVclBackendArgs.builder()
                    .address("127.0.0.1")
                    .name("origin1")
                    .port(80)
                    .build())
                .conditions(            
                    ServiceVclConditionArgs.builder()
                        .name("WAF_Prefetch")
                        .type("PREFETCH")
                        .statement("req.backend.is_origin")
                        .build(),
                    ServiceVclConditionArgs.builder()
                        .name("WAF_always_false")
                        .statement("false")
                        .type("REQUEST")
                        .build())
                .responseObjects(ServiceVclResponseObjectArgs.builder()
                    .name("WAF_Response")
                    .status("403")
                    .response("Forbidden")
                    .contentType("text/html")
                    .content("<html><body>Forbidden</body></html>")
                    .requestCondition("WAF_always_false")
                    .build())
                .waf(ServiceVclWafArgs.builder()
                    .prefetchCondition("WAF_Prefetch")
                    .responseObject("WAF_Response")
                    .build())
                .forceDestroy(true)
                .build());
    
            var waf = new ServiceWafConfiguration("waf", ServiceWafConfigurationArgs.builder()
                .wafId(demo.waf().applyValue(waf -> waf.wafId()))
                .httpViolationScoreThreshold(100)
                .rules(ServiceWafConfigurationRuleArgs.builder()
                    .modsecRuleId(1010090)
                    .revision(1)
                    .status("log")
                    .build())
                .build());
    
        }
    }
    
    resources:
      demo:
        type: fastly:ServiceVcl
        properties:
          name: demofastly
          domains:
            - name: example.com
              comment: demo
          backends:
            - address: 127.0.0.1
              name: origin1
              port: 80
          conditions:
            - name: WAF_Prefetch
              type: PREFETCH
              statement: req.backend.is_origin
            - name: WAF_always_false
              statement: 'false'
              type: REQUEST
          responseObjects:
            - name: WAF_Response
              status: '403'
              response: Forbidden
              contentType: text/html
              content: <html><body>Forbidden</body></html>
              requestCondition: WAF_always_false
          waf:
            prefetchCondition: WAF_Prefetch
            responseObject: WAF_Response
          forceDestroy: true
      waf:
        type: fastly:ServiceWafConfiguration
        properties:
          wafId: ${demo.waf.wafId}
          httpViolationScoreThreshold: 100
          rules:
            - modsecRuleId: 1.01009e+06
              revision: 1
              status: log
    

    Usage with rule exclusions:

    Warning: Rule exclusions are part of a beta release, which may be subject to breaking changes and improvements over time. For more information, see our product and feature lifecycle descriptions.

    import * as pulumi from "@pulumi/pulumi";
    import * as fastly from "@pulumi/fastly";
    
    const demo = new fastly.ServiceVcl("demo", {
        name: "demofastly",
        domains: [{
            name: "example.com",
            comment: "demo",
        }],
        backends: [{
            address: "127.0.0.1",
            name: "origin1",
            port: 80,
        }],
        conditions: [
            {
                name: "WAF_Prefetch",
                type: "PREFETCH",
                statement: "req.backend.is_origin",
            },
            {
                name: "WAF_always_false",
                statement: "false",
                type: "REQUEST",
            },
        ],
        responseObjects: [{
            name: "WAF_Response",
            status: 403,
            response: "Forbidden",
            contentType: "text/html",
            content: "<html><body>Forbidden</body></html>",
            requestCondition: "WAF_always_false",
        }],
        waf: {
            prefetchCondition: "WAF_Prefetch",
            responseObject: "WAF_Response",
        },
        forceDestroy: true,
    });
    const waf = new fastly.ServiceWafConfiguration("waf", {
        wafId: demo.waf.apply(waf => waf?.wafId),
        httpViolationScoreThreshold: 100,
        rules: [{
            modsecRuleId: 2029718,
            revision: 1,
            status: "log",
        }],
        ruleExclusions: [{
            name: "index page",
            exclusionType: "rule",
            condition: "req.url.basename == \"index.html\"",
            modsecRuleIds: [2029718],
        }],
    });
    
    import pulumi
    import pulumi_fastly as fastly
    
    demo = fastly.ServiceVcl("demo",
        name="demofastly",
        domains=[{
            "name": "example.com",
            "comment": "demo",
        }],
        backends=[{
            "address": "127.0.0.1",
            "name": "origin1",
            "port": 80,
        }],
        conditions=[
            {
                "name": "WAF_Prefetch",
                "type": "PREFETCH",
                "statement": "req.backend.is_origin",
            },
            {
                "name": "WAF_always_false",
                "statement": "false",
                "type": "REQUEST",
            },
        ],
        response_objects=[{
            "name": "WAF_Response",
            "status": 403,
            "response": "Forbidden",
            "content_type": "text/html",
            "content": "<html><body>Forbidden</body></html>",
            "request_condition": "WAF_always_false",
        }],
        waf={
            "prefetch_condition": "WAF_Prefetch",
            "response_object": "WAF_Response",
        },
        force_destroy=True)
    waf = fastly.ServiceWafConfiguration("waf",
        waf_id=demo.waf.waf_id,
        http_violation_score_threshold=100,
        rules=[{
            "modsec_rule_id": 2029718,
            "revision": 1,
            "status": "log",
        }],
        rule_exclusions=[{
            "name": "index page",
            "exclusion_type": "rule",
            "condition": "req.url.basename == \"index.html\"",
            "modsec_rule_ids": [2029718],
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		demo, err := fastly.NewServiceVcl(ctx, "demo", &fastly.ServiceVclArgs{
    			Name: pulumi.String("demofastly"),
    			Domains: fastly.ServiceVclDomainArray{
    				&fastly.ServiceVclDomainArgs{
    					Name:    pulumi.String("example.com"),
    					Comment: pulumi.String("demo"),
    				},
    			},
    			Backends: fastly.ServiceVclBackendArray{
    				&fastly.ServiceVclBackendArgs{
    					Address: pulumi.String("127.0.0.1"),
    					Name:    pulumi.String("origin1"),
    					Port:    pulumi.Int(80),
    				},
    			},
    			Conditions: fastly.ServiceVclConditionArray{
    				&fastly.ServiceVclConditionArgs{
    					Name:      pulumi.String("WAF_Prefetch"),
    					Type:      pulumi.String("PREFETCH"),
    					Statement: pulumi.String("req.backend.is_origin"),
    				},
    				&fastly.ServiceVclConditionArgs{
    					Name:      pulumi.String("WAF_always_false"),
    					Statement: pulumi.String("false"),
    					Type:      pulumi.String("REQUEST"),
    				},
    			},
    			ResponseObjects: fastly.ServiceVclResponseObjectArray{
    				&fastly.ServiceVclResponseObjectArgs{
    					Name:             pulumi.String("WAF_Response"),
    					Status:           pulumi.Int(403),
    					Response:         pulumi.String("Forbidden"),
    					ContentType:      pulumi.String("text/html"),
    					Content:          pulumi.String("<html><body>Forbidden</body></html>"),
    					RequestCondition: pulumi.String("WAF_always_false"),
    				},
    			},
    			Waf: &fastly.ServiceVclWafArgs{
    				PrefetchCondition: pulumi.String("WAF_Prefetch"),
    				ResponseObject:    pulumi.String("WAF_Response"),
    			},
    			ForceDestroy: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = fastly.NewServiceWafConfiguration(ctx, "waf", &fastly.ServiceWafConfigurationArgs{
    			WafId: pulumi.String(demo.Waf.ApplyT(func(waf fastly.ServiceVclWaf) (*string, error) {
    				return &waf.WafId, nil
    			}).(pulumi.StringPtrOutput)),
    			HttpViolationScoreThreshold: pulumi.Int(100),
    			Rules: fastly.ServiceWafConfigurationRuleArray{
    				&fastly.ServiceWafConfigurationRuleArgs{
    					ModsecRuleId: pulumi.Int(2029718),
    					Revision:     pulumi.Int(1),
    					Status:       pulumi.String("log"),
    				},
    			},
    			RuleExclusions: fastly.ServiceWafConfigurationRuleExclusionArray{
    				&fastly.ServiceWafConfigurationRuleExclusionArgs{
    					Name:          pulumi.String("index page"),
    					ExclusionType: pulumi.String("rule"),
    					Condition:     pulumi.String("req.url.basename == \"index.html\""),
    					ModsecRuleIds: pulumi.IntArray{
    						pulumi.Int(2029718),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fastly = Pulumi.Fastly;
    
    return await Deployment.RunAsync(() => 
    {
        var demo = new Fastly.ServiceVcl("demo", new()
        {
            Name = "demofastly",
            Domains = new[]
            {
                new Fastly.Inputs.ServiceVclDomainArgs
                {
                    Name = "example.com",
                    Comment = "demo",
                },
            },
            Backends = new[]
            {
                new Fastly.Inputs.ServiceVclBackendArgs
                {
                    Address = "127.0.0.1",
                    Name = "origin1",
                    Port = 80,
                },
            },
            Conditions = new[]
            {
                new Fastly.Inputs.ServiceVclConditionArgs
                {
                    Name = "WAF_Prefetch",
                    Type = "PREFETCH",
                    Statement = "req.backend.is_origin",
                },
                new Fastly.Inputs.ServiceVclConditionArgs
                {
                    Name = "WAF_always_false",
                    Statement = "false",
                    Type = "REQUEST",
                },
            },
            ResponseObjects = new[]
            {
                new Fastly.Inputs.ServiceVclResponseObjectArgs
                {
                    Name = "WAF_Response",
                    Status = 403,
                    Response = "Forbidden",
                    ContentType = "text/html",
                    Content = "<html><body>Forbidden</body></html>",
                    RequestCondition = "WAF_always_false",
                },
            },
            Waf = new Fastly.Inputs.ServiceVclWafArgs
            {
                PrefetchCondition = "WAF_Prefetch",
                ResponseObject = "WAF_Response",
            },
            ForceDestroy = true,
        });
    
        var waf = new Fastly.ServiceWafConfiguration("waf", new()
        {
            WafId = demo.Waf.Apply(waf => waf?.WafId),
            HttpViolationScoreThreshold = 100,
            Rules = new[]
            {
                new Fastly.Inputs.ServiceWafConfigurationRuleArgs
                {
                    ModsecRuleId = 2029718,
                    Revision = 1,
                    Status = "log",
                },
            },
            RuleExclusions = new[]
            {
                new Fastly.Inputs.ServiceWafConfigurationRuleExclusionArgs
                {
                    Name = "index page",
                    ExclusionType = "rule",
                    Condition = "req.url.basename == \"index.html\"",
                    ModsecRuleIds = new[]
                    {
                        2029718,
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fastly.ServiceVcl;
    import com.pulumi.fastly.ServiceVclArgs;
    import com.pulumi.fastly.inputs.ServiceVclDomainArgs;
    import com.pulumi.fastly.inputs.ServiceVclBackendArgs;
    import com.pulumi.fastly.inputs.ServiceVclConditionArgs;
    import com.pulumi.fastly.inputs.ServiceVclResponseObjectArgs;
    import com.pulumi.fastly.inputs.ServiceVclWafArgs;
    import com.pulumi.fastly.ServiceWafConfiguration;
    import com.pulumi.fastly.ServiceWafConfigurationArgs;
    import com.pulumi.fastly.inputs.ServiceWafConfigurationRuleArgs;
    import com.pulumi.fastly.inputs.ServiceWafConfigurationRuleExclusionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var demo = new ServiceVcl("demo", ServiceVclArgs.builder()
                .name("demofastly")
                .domains(ServiceVclDomainArgs.builder()
                    .name("example.com")
                    .comment("demo")
                    .build())
                .backends(ServiceVclBackendArgs.builder()
                    .address("127.0.0.1")
                    .name("origin1")
                    .port(80)
                    .build())
                .conditions(            
                    ServiceVclConditionArgs.builder()
                        .name("WAF_Prefetch")
                        .type("PREFETCH")
                        .statement("req.backend.is_origin")
                        .build(),
                    ServiceVclConditionArgs.builder()
                        .name("WAF_always_false")
                        .statement("false")
                        .type("REQUEST")
                        .build())
                .responseObjects(ServiceVclResponseObjectArgs.builder()
                    .name("WAF_Response")
                    .status("403")
                    .response("Forbidden")
                    .contentType("text/html")
                    .content("<html><body>Forbidden</body></html>")
                    .requestCondition("WAF_always_false")
                    .build())
                .waf(ServiceVclWafArgs.builder()
                    .prefetchCondition("WAF_Prefetch")
                    .responseObject("WAF_Response")
                    .build())
                .forceDestroy(true)
                .build());
    
            var waf = new ServiceWafConfiguration("waf", ServiceWafConfigurationArgs.builder()
                .wafId(demo.waf().applyValue(waf -> waf.wafId()))
                .httpViolationScoreThreshold(100)
                .rules(ServiceWafConfigurationRuleArgs.builder()
                    .modsecRuleId(2029718)
                    .revision(1)
                    .status("log")
                    .build())
                .ruleExclusions(ServiceWafConfigurationRuleExclusionArgs.builder()
                    .name("index page")
                    .exclusionType("rule")
                    .condition("req.url.basename == \"index.html\"")
                    .modsecRuleIds(2029718)
                    .build())
                .build());
    
        }
    }
    
    resources:
      demo:
        type: fastly:ServiceVcl
        properties:
          name: demofastly
          domains:
            - name: example.com
              comment: demo
          backends:
            - address: 127.0.0.1
              name: origin1
              port: 80
          conditions:
            - name: WAF_Prefetch
              type: PREFETCH
              statement: req.backend.is_origin
            - name: WAF_always_false
              statement: 'false'
              type: REQUEST
          responseObjects:
            - name: WAF_Response
              status: '403'
              response: Forbidden
              contentType: text/html
              content: <html><body>Forbidden</body></html>
              requestCondition: WAF_always_false
          waf:
            prefetchCondition: WAF_Prefetch
            responseObject: WAF_Response
          forceDestroy: true
      waf:
        type: fastly:ServiceWafConfiguration
        properties:
          wafId: ${demo.waf.wafId}
          httpViolationScoreThreshold: 100
          rules:
            - modsecRuleId: 2.029718e+06
              revision: 1
              status: log
          ruleExclusions:
            - name: index page
              exclusionType: rule
              condition: req.url.basename == "index.html"
              modsecRuleIds:
                - 2.029718e+06
    

    Usage with rules from data source:

    Create ServiceWafConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ServiceWafConfiguration(name: string, args: ServiceWafConfigurationArgs, opts?: CustomResourceOptions);
    @overload
    def ServiceWafConfiguration(resource_name: str,
                                args: ServiceWafConfigurationArgs,
                                opts: Optional[ResourceOptions] = None)
    
    @overload
    def ServiceWafConfiguration(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                waf_id: Optional[str] = None,
                                max_num_args: Optional[int] = None,
                                xss_score_threshold: Optional[int] = None,
                                max_file_size: Optional[int] = None,
                                allowed_request_content_type_charset: Optional[str] = None,
                                arg_length: Optional[int] = None,
                                arg_name_length: Optional[int] = None,
                                combined_file_sizes: Optional[int] = None,
                                critical_anomaly_score: Optional[int] = None,
                                crs_validate_utf8_encoding: Optional[bool] = None,
                                error_anomaly_score: Optional[int] = None,
                                high_risk_country_codes: Optional[str] = None,
                                http_violation_score_threshold: Optional[int] = None,
                                inbound_anomaly_score_threshold: Optional[int] = None,
                                lfi_score_threshold: Optional[int] = None,
                                allowed_request_content_type: Optional[str] = None,
                                notice_anomaly_score: Optional[int] = None,
                                allowed_methods: Optional[str] = None,
                                paranoia_level: Optional[int] = None,
                                php_injection_score_threshold: Optional[int] = None,
                                rce_score_threshold: Optional[int] = None,
                                restricted_extensions: Optional[str] = None,
                                restricted_headers: Optional[str] = None,
                                rfi_score_threshold: Optional[int] = None,
                                rule_exclusions: Optional[Sequence[ServiceWafConfigurationRuleExclusionArgs]] = None,
                                rules: Optional[Sequence[ServiceWafConfigurationRuleArgs]] = None,
                                session_fixation_score_threshold: Optional[int] = None,
                                sql_injection_score_threshold: Optional[int] = None,
                                total_arg_length: Optional[int] = None,
                                allowed_http_versions: Optional[str] = None,
                                warning_anomaly_score: Optional[int] = None,
                                activate: Optional[bool] = None)
    func NewServiceWafConfiguration(ctx *Context, name string, args ServiceWafConfigurationArgs, opts ...ResourceOption) (*ServiceWafConfiguration, error)
    public ServiceWafConfiguration(string name, ServiceWafConfigurationArgs args, CustomResourceOptions? opts = null)
    public ServiceWafConfiguration(String name, ServiceWafConfigurationArgs args)
    public ServiceWafConfiguration(String name, ServiceWafConfigurationArgs args, CustomResourceOptions options)
    
    type: fastly:ServiceWafConfiguration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ServiceWafConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServiceWafConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServiceWafConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServiceWafConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServiceWafConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var serviceWafConfigurationResource = new Fastly.ServiceWafConfiguration("serviceWafConfigurationResource", new()
    {
        WafId = "string",
        MaxNumArgs = 0,
        XssScoreThreshold = 0,
        MaxFileSize = 0,
        AllowedRequestContentTypeCharset = "string",
        ArgLength = 0,
        ArgNameLength = 0,
        CombinedFileSizes = 0,
        CriticalAnomalyScore = 0,
        CrsValidateUtf8Encoding = false,
        ErrorAnomalyScore = 0,
        HighRiskCountryCodes = "string",
        HttpViolationScoreThreshold = 0,
        InboundAnomalyScoreThreshold = 0,
        LfiScoreThreshold = 0,
        AllowedRequestContentType = "string",
        NoticeAnomalyScore = 0,
        AllowedMethods = "string",
        ParanoiaLevel = 0,
        PhpInjectionScoreThreshold = 0,
        RceScoreThreshold = 0,
        RestrictedExtensions = "string",
        RestrictedHeaders = "string",
        RfiScoreThreshold = 0,
        RuleExclusions = new[]
        {
            new Fastly.Inputs.ServiceWafConfigurationRuleExclusionArgs
            {
                Condition = "string",
                ExclusionType = "string",
                Name = "string",
                ModsecRuleIds = new[]
                {
                    0,
                },
                Number = 0,
            },
        },
        Rules = new[]
        {
            new Fastly.Inputs.ServiceWafConfigurationRuleArgs
            {
                ModsecRuleId = 0,
                Status = "string",
                Revision = 0,
            },
        },
        SessionFixationScoreThreshold = 0,
        SqlInjectionScoreThreshold = 0,
        TotalArgLength = 0,
        AllowedHttpVersions = "string",
        WarningAnomalyScore = 0,
        Activate = false,
    });
    
    example, err := fastly.NewServiceWafConfiguration(ctx, "serviceWafConfigurationResource", &fastly.ServiceWafConfigurationArgs{
    	WafId:                            pulumi.String("string"),
    	MaxNumArgs:                       pulumi.Int(0),
    	XssScoreThreshold:                pulumi.Int(0),
    	MaxFileSize:                      pulumi.Int(0),
    	AllowedRequestContentTypeCharset: pulumi.String("string"),
    	ArgLength:                        pulumi.Int(0),
    	ArgNameLength:                    pulumi.Int(0),
    	CombinedFileSizes:                pulumi.Int(0),
    	CriticalAnomalyScore:             pulumi.Int(0),
    	CrsValidateUtf8Encoding:          pulumi.Bool(false),
    	ErrorAnomalyScore:                pulumi.Int(0),
    	HighRiskCountryCodes:             pulumi.String("string"),
    	HttpViolationScoreThreshold:      pulumi.Int(0),
    	InboundAnomalyScoreThreshold:     pulumi.Int(0),
    	LfiScoreThreshold:                pulumi.Int(0),
    	AllowedRequestContentType:        pulumi.String("string"),
    	NoticeAnomalyScore:               pulumi.Int(0),
    	AllowedMethods:                   pulumi.String("string"),
    	ParanoiaLevel:                    pulumi.Int(0),
    	PhpInjectionScoreThreshold:       pulumi.Int(0),
    	RceScoreThreshold:                pulumi.Int(0),
    	RestrictedExtensions:             pulumi.String("string"),
    	RestrictedHeaders:                pulumi.String("string"),
    	RfiScoreThreshold:                pulumi.Int(0),
    	RuleExclusions: fastly.ServiceWafConfigurationRuleExclusionArray{
    		&fastly.ServiceWafConfigurationRuleExclusionArgs{
    			Condition:     pulumi.String("string"),
    			ExclusionType: pulumi.String("string"),
    			Name:          pulumi.String("string"),
    			ModsecRuleIds: pulumi.IntArray{
    				pulumi.Int(0),
    			},
    			Number: pulumi.Int(0),
    		},
    	},
    	Rules: fastly.ServiceWafConfigurationRuleArray{
    		&fastly.ServiceWafConfigurationRuleArgs{
    			ModsecRuleId: pulumi.Int(0),
    			Status:       pulumi.String("string"),
    			Revision:     pulumi.Int(0),
    		},
    	},
    	SessionFixationScoreThreshold: pulumi.Int(0),
    	SqlInjectionScoreThreshold:    pulumi.Int(0),
    	TotalArgLength:                pulumi.Int(0),
    	AllowedHttpVersions:           pulumi.String("string"),
    	WarningAnomalyScore:           pulumi.Int(0),
    	Activate:                      pulumi.Bool(false),
    })
    
    var serviceWafConfigurationResource = new ServiceWafConfiguration("serviceWafConfigurationResource", ServiceWafConfigurationArgs.builder()
        .wafId("string")
        .maxNumArgs(0)
        .xssScoreThreshold(0)
        .maxFileSize(0)
        .allowedRequestContentTypeCharset("string")
        .argLength(0)
        .argNameLength(0)
        .combinedFileSizes(0)
        .criticalAnomalyScore(0)
        .crsValidateUtf8Encoding(false)
        .errorAnomalyScore(0)
        .highRiskCountryCodes("string")
        .httpViolationScoreThreshold(0)
        .inboundAnomalyScoreThreshold(0)
        .lfiScoreThreshold(0)
        .allowedRequestContentType("string")
        .noticeAnomalyScore(0)
        .allowedMethods("string")
        .paranoiaLevel(0)
        .phpInjectionScoreThreshold(0)
        .rceScoreThreshold(0)
        .restrictedExtensions("string")
        .restrictedHeaders("string")
        .rfiScoreThreshold(0)
        .ruleExclusions(ServiceWafConfigurationRuleExclusionArgs.builder()
            .condition("string")
            .exclusionType("string")
            .name("string")
            .modsecRuleIds(0)
            .number(0)
            .build())
        .rules(ServiceWafConfigurationRuleArgs.builder()
            .modsecRuleId(0)
            .status("string")
            .revision(0)
            .build())
        .sessionFixationScoreThreshold(0)
        .sqlInjectionScoreThreshold(0)
        .totalArgLength(0)
        .allowedHttpVersions("string")
        .warningAnomalyScore(0)
        .activate(false)
        .build());
    
    service_waf_configuration_resource = fastly.ServiceWafConfiguration("serviceWafConfigurationResource",
        waf_id="string",
        max_num_args=0,
        xss_score_threshold=0,
        max_file_size=0,
        allowed_request_content_type_charset="string",
        arg_length=0,
        arg_name_length=0,
        combined_file_sizes=0,
        critical_anomaly_score=0,
        crs_validate_utf8_encoding=False,
        error_anomaly_score=0,
        high_risk_country_codes="string",
        http_violation_score_threshold=0,
        inbound_anomaly_score_threshold=0,
        lfi_score_threshold=0,
        allowed_request_content_type="string",
        notice_anomaly_score=0,
        allowed_methods="string",
        paranoia_level=0,
        php_injection_score_threshold=0,
        rce_score_threshold=0,
        restricted_extensions="string",
        restricted_headers="string",
        rfi_score_threshold=0,
        rule_exclusions=[{
            "condition": "string",
            "exclusion_type": "string",
            "name": "string",
            "modsec_rule_ids": [0],
            "number": 0,
        }],
        rules=[{
            "modsec_rule_id": 0,
            "status": "string",
            "revision": 0,
        }],
        session_fixation_score_threshold=0,
        sql_injection_score_threshold=0,
        total_arg_length=0,
        allowed_http_versions="string",
        warning_anomaly_score=0,
        activate=False)
    
    const serviceWafConfigurationResource = new fastly.ServiceWafConfiguration("serviceWafConfigurationResource", {
        wafId: "string",
        maxNumArgs: 0,
        xssScoreThreshold: 0,
        maxFileSize: 0,
        allowedRequestContentTypeCharset: "string",
        argLength: 0,
        argNameLength: 0,
        combinedFileSizes: 0,
        criticalAnomalyScore: 0,
        crsValidateUtf8Encoding: false,
        errorAnomalyScore: 0,
        highRiskCountryCodes: "string",
        httpViolationScoreThreshold: 0,
        inboundAnomalyScoreThreshold: 0,
        lfiScoreThreshold: 0,
        allowedRequestContentType: "string",
        noticeAnomalyScore: 0,
        allowedMethods: "string",
        paranoiaLevel: 0,
        phpInjectionScoreThreshold: 0,
        rceScoreThreshold: 0,
        restrictedExtensions: "string",
        restrictedHeaders: "string",
        rfiScoreThreshold: 0,
        ruleExclusions: [{
            condition: "string",
            exclusionType: "string",
            name: "string",
            modsecRuleIds: [0],
            number: 0,
        }],
        rules: [{
            modsecRuleId: 0,
            status: "string",
            revision: 0,
        }],
        sessionFixationScoreThreshold: 0,
        sqlInjectionScoreThreshold: 0,
        totalArgLength: 0,
        allowedHttpVersions: "string",
        warningAnomalyScore: 0,
        activate: false,
    });
    
    type: fastly:ServiceWafConfiguration
    properties:
        activate: false
        allowedHttpVersions: string
        allowedMethods: string
        allowedRequestContentType: string
        allowedRequestContentTypeCharset: string
        argLength: 0
        argNameLength: 0
        combinedFileSizes: 0
        criticalAnomalyScore: 0
        crsValidateUtf8Encoding: false
        errorAnomalyScore: 0
        highRiskCountryCodes: string
        httpViolationScoreThreshold: 0
        inboundAnomalyScoreThreshold: 0
        lfiScoreThreshold: 0
        maxFileSize: 0
        maxNumArgs: 0
        noticeAnomalyScore: 0
        paranoiaLevel: 0
        phpInjectionScoreThreshold: 0
        rceScoreThreshold: 0
        restrictedExtensions: string
        restrictedHeaders: string
        rfiScoreThreshold: 0
        ruleExclusions:
            - condition: string
              exclusionType: string
              modsecRuleIds:
                - 0
              name: string
              number: 0
        rules:
            - modsecRuleId: 0
              revision: 0
              status: string
        sessionFixationScoreThreshold: 0
        sqlInjectionScoreThreshold: 0
        totalArgLength: 0
        wafId: string
        warningAnomalyScore: 0
        xssScoreThreshold: 0
    

    ServiceWafConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ServiceWafConfiguration resource accepts the following input properties:

    WafId string
    The ID of the Web Application Firewall that the configuration belongs to
    Activate bool
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    AllowedHttpVersions string
    Allowed HTTP versions
    AllowedMethods string
    A space-separated list of HTTP method names
    AllowedRequestContentType string
    Allowed request content types
    AllowedRequestContentTypeCharset string
    Allowed request content type charset
    ArgLength int
    The maximum number of arguments allowed
    ArgNameLength int
    The maximum allowed argument name length
    CombinedFileSizes int
    The maximum allowed size of all files
    CriticalAnomalyScore int
    Score value to add for critical anomalies
    CrsValidateUtf8Encoding bool
    CRS validate UTF8 encoding
    ErrorAnomalyScore int
    Score value to add for error anomalies
    HighRiskCountryCodes string
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    HttpViolationScoreThreshold int
    HTTP violation threshold
    InboundAnomalyScoreThreshold int
    Inbound anomaly threshold
    LfiScoreThreshold int
    Local file inclusion attack threshold
    MaxFileSize int
    The maximum allowed file size, in bytes
    MaxNumArgs int
    The maximum number of arguments allowed
    NoticeAnomalyScore int
    Score value to add for notice anomalies
    ParanoiaLevel int
    The configured paranoia level
    PhpInjectionScoreThreshold int
    PHP injection threshold
    RceScoreThreshold int
    Remote code execution threshold
    RestrictedExtensions string
    A space-separated list of allowed file extensions
    RestrictedHeaders string
    A space-separated list of allowed header names
    RfiScoreThreshold int
    Remote file inclusion attack threshold
    RuleExclusions List<ServiceWafConfigurationRuleExclusion>
    Rules List<ServiceWafConfigurationRule>
    SessionFixationScoreThreshold int
    Session fixation attack threshold
    SqlInjectionScoreThreshold int
    SQL injection attack threshold
    TotalArgLength int
    The maximum size of argument names and values
    WarningAnomalyScore int
    Score value to add for warning anomalies
    XssScoreThreshold int
    XSS attack threshold
    WafId string
    The ID of the Web Application Firewall that the configuration belongs to
    Activate bool
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    AllowedHttpVersions string
    Allowed HTTP versions
    AllowedMethods string
    A space-separated list of HTTP method names
    AllowedRequestContentType string
    Allowed request content types
    AllowedRequestContentTypeCharset string
    Allowed request content type charset
    ArgLength int
    The maximum number of arguments allowed
    ArgNameLength int
    The maximum allowed argument name length
    CombinedFileSizes int
    The maximum allowed size of all files
    CriticalAnomalyScore int
    Score value to add for critical anomalies
    CrsValidateUtf8Encoding bool
    CRS validate UTF8 encoding
    ErrorAnomalyScore int
    Score value to add for error anomalies
    HighRiskCountryCodes string
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    HttpViolationScoreThreshold int
    HTTP violation threshold
    InboundAnomalyScoreThreshold int
    Inbound anomaly threshold
    LfiScoreThreshold int
    Local file inclusion attack threshold
    MaxFileSize int
    The maximum allowed file size, in bytes
    MaxNumArgs int
    The maximum number of arguments allowed
    NoticeAnomalyScore int
    Score value to add for notice anomalies
    ParanoiaLevel int
    The configured paranoia level
    PhpInjectionScoreThreshold int
    PHP injection threshold
    RceScoreThreshold int
    Remote code execution threshold
    RestrictedExtensions string
    A space-separated list of allowed file extensions
    RestrictedHeaders string
    A space-separated list of allowed header names
    RfiScoreThreshold int
    Remote file inclusion attack threshold
    RuleExclusions []ServiceWafConfigurationRuleExclusionArgs
    Rules []ServiceWafConfigurationRuleArgs
    SessionFixationScoreThreshold int
    Session fixation attack threshold
    SqlInjectionScoreThreshold int
    SQL injection attack threshold
    TotalArgLength int
    The maximum size of argument names and values
    WarningAnomalyScore int
    Score value to add for warning anomalies
    XssScoreThreshold int
    XSS attack threshold
    wafId String
    The ID of the Web Application Firewall that the configuration belongs to
    activate Boolean
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    allowedHttpVersions String
    Allowed HTTP versions
    allowedMethods String
    A space-separated list of HTTP method names
    allowedRequestContentType String
    Allowed request content types
    allowedRequestContentTypeCharset String
    Allowed request content type charset
    argLength Integer
    The maximum number of arguments allowed
    argNameLength Integer
    The maximum allowed argument name length
    combinedFileSizes Integer
    The maximum allowed size of all files
    criticalAnomalyScore Integer
    Score value to add for critical anomalies
    crsValidateUtf8Encoding Boolean
    CRS validate UTF8 encoding
    errorAnomalyScore Integer
    Score value to add for error anomalies
    highRiskCountryCodes String
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    httpViolationScoreThreshold Integer
    HTTP violation threshold
    inboundAnomalyScoreThreshold Integer
    Inbound anomaly threshold
    lfiScoreThreshold Integer
    Local file inclusion attack threshold
    maxFileSize Integer
    The maximum allowed file size, in bytes
    maxNumArgs Integer
    The maximum number of arguments allowed
    noticeAnomalyScore Integer
    Score value to add for notice anomalies
    paranoiaLevel Integer
    The configured paranoia level
    phpInjectionScoreThreshold Integer
    PHP injection threshold
    rceScoreThreshold Integer
    Remote code execution threshold
    restrictedExtensions String
    A space-separated list of allowed file extensions
    restrictedHeaders String
    A space-separated list of allowed header names
    rfiScoreThreshold Integer
    Remote file inclusion attack threshold
    ruleExclusions List<ServiceWafConfigurationRuleExclusion>
    rules List<ServiceWafConfigurationRule>
    sessionFixationScoreThreshold Integer
    Session fixation attack threshold
    sqlInjectionScoreThreshold Integer
    SQL injection attack threshold
    totalArgLength Integer
    The maximum size of argument names and values
    warningAnomalyScore Integer
    Score value to add for warning anomalies
    xssScoreThreshold Integer
    XSS attack threshold
    wafId string
    The ID of the Web Application Firewall that the configuration belongs to
    activate boolean
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    allowedHttpVersions string
    Allowed HTTP versions
    allowedMethods string
    A space-separated list of HTTP method names
    allowedRequestContentType string
    Allowed request content types
    allowedRequestContentTypeCharset string
    Allowed request content type charset
    argLength number
    The maximum number of arguments allowed
    argNameLength number
    The maximum allowed argument name length
    combinedFileSizes number
    The maximum allowed size of all files
    criticalAnomalyScore number
    Score value to add for critical anomalies
    crsValidateUtf8Encoding boolean
    CRS validate UTF8 encoding
    errorAnomalyScore number
    Score value to add for error anomalies
    highRiskCountryCodes string
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    httpViolationScoreThreshold number
    HTTP violation threshold
    inboundAnomalyScoreThreshold number
    Inbound anomaly threshold
    lfiScoreThreshold number
    Local file inclusion attack threshold
    maxFileSize number
    The maximum allowed file size, in bytes
    maxNumArgs number
    The maximum number of arguments allowed
    noticeAnomalyScore number
    Score value to add for notice anomalies
    paranoiaLevel number
    The configured paranoia level
    phpInjectionScoreThreshold number
    PHP injection threshold
    rceScoreThreshold number
    Remote code execution threshold
    restrictedExtensions string
    A space-separated list of allowed file extensions
    restrictedHeaders string
    A space-separated list of allowed header names
    rfiScoreThreshold number
    Remote file inclusion attack threshold
    ruleExclusions ServiceWafConfigurationRuleExclusion[]
    rules ServiceWafConfigurationRule[]
    sessionFixationScoreThreshold number
    Session fixation attack threshold
    sqlInjectionScoreThreshold number
    SQL injection attack threshold
    totalArgLength number
    The maximum size of argument names and values
    warningAnomalyScore number
    Score value to add for warning anomalies
    xssScoreThreshold number
    XSS attack threshold
    waf_id str
    The ID of the Web Application Firewall that the configuration belongs to
    activate bool
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    allowed_http_versions str
    Allowed HTTP versions
    allowed_methods str
    A space-separated list of HTTP method names
    allowed_request_content_type str
    Allowed request content types
    allowed_request_content_type_charset str
    Allowed request content type charset
    arg_length int
    The maximum number of arguments allowed
    arg_name_length int
    The maximum allowed argument name length
    combined_file_sizes int
    The maximum allowed size of all files
    critical_anomaly_score int
    Score value to add for critical anomalies
    crs_validate_utf8_encoding bool
    CRS validate UTF8 encoding
    error_anomaly_score int
    Score value to add for error anomalies
    high_risk_country_codes str
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    http_violation_score_threshold int
    HTTP violation threshold
    inbound_anomaly_score_threshold int
    Inbound anomaly threshold
    lfi_score_threshold int
    Local file inclusion attack threshold
    max_file_size int
    The maximum allowed file size, in bytes
    max_num_args int
    The maximum number of arguments allowed
    notice_anomaly_score int
    Score value to add for notice anomalies
    paranoia_level int
    The configured paranoia level
    php_injection_score_threshold int
    PHP injection threshold
    rce_score_threshold int
    Remote code execution threshold
    restricted_extensions str
    A space-separated list of allowed file extensions
    restricted_headers str
    A space-separated list of allowed header names
    rfi_score_threshold int
    Remote file inclusion attack threshold
    rule_exclusions Sequence[ServiceWafConfigurationRuleExclusionArgs]
    rules Sequence[ServiceWafConfigurationRuleArgs]
    session_fixation_score_threshold int
    Session fixation attack threshold
    sql_injection_score_threshold int
    SQL injection attack threshold
    total_arg_length int
    The maximum size of argument names and values
    warning_anomaly_score int
    Score value to add for warning anomalies
    xss_score_threshold int
    XSS attack threshold
    wafId String
    The ID of the Web Application Firewall that the configuration belongs to
    activate Boolean
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    allowedHttpVersions String
    Allowed HTTP versions
    allowedMethods String
    A space-separated list of HTTP method names
    allowedRequestContentType String
    Allowed request content types
    allowedRequestContentTypeCharset String
    Allowed request content type charset
    argLength Number
    The maximum number of arguments allowed
    argNameLength Number
    The maximum allowed argument name length
    combinedFileSizes Number
    The maximum allowed size of all files
    criticalAnomalyScore Number
    Score value to add for critical anomalies
    crsValidateUtf8Encoding Boolean
    CRS validate UTF8 encoding
    errorAnomalyScore Number
    Score value to add for error anomalies
    highRiskCountryCodes String
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    httpViolationScoreThreshold Number
    HTTP violation threshold
    inboundAnomalyScoreThreshold Number
    Inbound anomaly threshold
    lfiScoreThreshold Number
    Local file inclusion attack threshold
    maxFileSize Number
    The maximum allowed file size, in bytes
    maxNumArgs Number
    The maximum number of arguments allowed
    noticeAnomalyScore Number
    Score value to add for notice anomalies
    paranoiaLevel Number
    The configured paranoia level
    phpInjectionScoreThreshold Number
    PHP injection threshold
    rceScoreThreshold Number
    Remote code execution threshold
    restrictedExtensions String
    A space-separated list of allowed file extensions
    restrictedHeaders String
    A space-separated list of allowed header names
    rfiScoreThreshold Number
    Remote file inclusion attack threshold
    ruleExclusions List<Property Map>
    rules List<Property Map>
    sessionFixationScoreThreshold Number
    Session fixation attack threshold
    sqlInjectionScoreThreshold Number
    SQL injection attack threshold
    totalArgLength Number
    The maximum size of argument names and values
    warningAnomalyScore Number
    Score value to add for warning anomalies
    xssScoreThreshold Number
    XSS attack threshold

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ServiceWafConfiguration resource produces the following output properties:

    Active bool
    Whether a specific firewall version is currently deployed
    ClonedVersion int
    The latest cloned firewall version by the provider
    Id string
    The provider-assigned unique ID for this managed resource.
    Number int
    The WAF firewall version
    Active bool
    Whether a specific firewall version is currently deployed
    ClonedVersion int
    The latest cloned firewall version by the provider
    Id string
    The provider-assigned unique ID for this managed resource.
    Number int
    The WAF firewall version
    active Boolean
    Whether a specific firewall version is currently deployed
    clonedVersion Integer
    The latest cloned firewall version by the provider
    id String
    The provider-assigned unique ID for this managed resource.
    number Integer
    The WAF firewall version
    active boolean
    Whether a specific firewall version is currently deployed
    clonedVersion number
    The latest cloned firewall version by the provider
    id string
    The provider-assigned unique ID for this managed resource.
    number number
    The WAF firewall version
    active bool
    Whether a specific firewall version is currently deployed
    cloned_version int
    The latest cloned firewall version by the provider
    id str
    The provider-assigned unique ID for this managed resource.
    number int
    The WAF firewall version
    active Boolean
    Whether a specific firewall version is currently deployed
    clonedVersion Number
    The latest cloned firewall version by the provider
    id String
    The provider-assigned unique ID for this managed resource.
    number Number
    The WAF firewall version

    Look up Existing ServiceWafConfiguration Resource

    Get an existing ServiceWafConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ServiceWafConfigurationState, opts?: CustomResourceOptions): ServiceWafConfiguration
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            activate: Optional[bool] = None,
            active: Optional[bool] = None,
            allowed_http_versions: Optional[str] = None,
            allowed_methods: Optional[str] = None,
            allowed_request_content_type: Optional[str] = None,
            allowed_request_content_type_charset: Optional[str] = None,
            arg_length: Optional[int] = None,
            arg_name_length: Optional[int] = None,
            cloned_version: Optional[int] = None,
            combined_file_sizes: Optional[int] = None,
            critical_anomaly_score: Optional[int] = None,
            crs_validate_utf8_encoding: Optional[bool] = None,
            error_anomaly_score: Optional[int] = None,
            high_risk_country_codes: Optional[str] = None,
            http_violation_score_threshold: Optional[int] = None,
            inbound_anomaly_score_threshold: Optional[int] = None,
            lfi_score_threshold: Optional[int] = None,
            max_file_size: Optional[int] = None,
            max_num_args: Optional[int] = None,
            notice_anomaly_score: Optional[int] = None,
            number: Optional[int] = None,
            paranoia_level: Optional[int] = None,
            php_injection_score_threshold: Optional[int] = None,
            rce_score_threshold: Optional[int] = None,
            restricted_extensions: Optional[str] = None,
            restricted_headers: Optional[str] = None,
            rfi_score_threshold: Optional[int] = None,
            rule_exclusions: Optional[Sequence[ServiceWafConfigurationRuleExclusionArgs]] = None,
            rules: Optional[Sequence[ServiceWafConfigurationRuleArgs]] = None,
            session_fixation_score_threshold: Optional[int] = None,
            sql_injection_score_threshold: Optional[int] = None,
            total_arg_length: Optional[int] = None,
            waf_id: Optional[str] = None,
            warning_anomaly_score: Optional[int] = None,
            xss_score_threshold: Optional[int] = None) -> ServiceWafConfiguration
    func GetServiceWafConfiguration(ctx *Context, name string, id IDInput, state *ServiceWafConfigurationState, opts ...ResourceOption) (*ServiceWafConfiguration, error)
    public static ServiceWafConfiguration Get(string name, Input<string> id, ServiceWafConfigurationState? state, CustomResourceOptions? opts = null)
    public static ServiceWafConfiguration get(String name, Output<String> id, ServiceWafConfigurationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Activate bool
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    Active bool
    Whether a specific firewall version is currently deployed
    AllowedHttpVersions string
    Allowed HTTP versions
    AllowedMethods string
    A space-separated list of HTTP method names
    AllowedRequestContentType string
    Allowed request content types
    AllowedRequestContentTypeCharset string
    Allowed request content type charset
    ArgLength int
    The maximum number of arguments allowed
    ArgNameLength int
    The maximum allowed argument name length
    ClonedVersion int
    The latest cloned firewall version by the provider
    CombinedFileSizes int
    The maximum allowed size of all files
    CriticalAnomalyScore int
    Score value to add for critical anomalies
    CrsValidateUtf8Encoding bool
    CRS validate UTF8 encoding
    ErrorAnomalyScore int
    Score value to add for error anomalies
    HighRiskCountryCodes string
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    HttpViolationScoreThreshold int
    HTTP violation threshold
    InboundAnomalyScoreThreshold int
    Inbound anomaly threshold
    LfiScoreThreshold int
    Local file inclusion attack threshold
    MaxFileSize int
    The maximum allowed file size, in bytes
    MaxNumArgs int
    The maximum number of arguments allowed
    NoticeAnomalyScore int
    Score value to add for notice anomalies
    Number int
    The WAF firewall version
    ParanoiaLevel int
    The configured paranoia level
    PhpInjectionScoreThreshold int
    PHP injection threshold
    RceScoreThreshold int
    Remote code execution threshold
    RestrictedExtensions string
    A space-separated list of allowed file extensions
    RestrictedHeaders string
    A space-separated list of allowed header names
    RfiScoreThreshold int
    Remote file inclusion attack threshold
    RuleExclusions List<ServiceWafConfigurationRuleExclusion>
    Rules List<ServiceWafConfigurationRule>
    SessionFixationScoreThreshold int
    Session fixation attack threshold
    SqlInjectionScoreThreshold int
    SQL injection attack threshold
    TotalArgLength int
    The maximum size of argument names and values
    WafId string
    The ID of the Web Application Firewall that the configuration belongs to
    WarningAnomalyScore int
    Score value to add for warning anomalies
    XssScoreThreshold int
    XSS attack threshold
    Activate bool
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    Active bool
    Whether a specific firewall version is currently deployed
    AllowedHttpVersions string
    Allowed HTTP versions
    AllowedMethods string
    A space-separated list of HTTP method names
    AllowedRequestContentType string
    Allowed request content types
    AllowedRequestContentTypeCharset string
    Allowed request content type charset
    ArgLength int
    The maximum number of arguments allowed
    ArgNameLength int
    The maximum allowed argument name length
    ClonedVersion int
    The latest cloned firewall version by the provider
    CombinedFileSizes int
    The maximum allowed size of all files
    CriticalAnomalyScore int
    Score value to add for critical anomalies
    CrsValidateUtf8Encoding bool
    CRS validate UTF8 encoding
    ErrorAnomalyScore int
    Score value to add for error anomalies
    HighRiskCountryCodes string
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    HttpViolationScoreThreshold int
    HTTP violation threshold
    InboundAnomalyScoreThreshold int
    Inbound anomaly threshold
    LfiScoreThreshold int
    Local file inclusion attack threshold
    MaxFileSize int
    The maximum allowed file size, in bytes
    MaxNumArgs int
    The maximum number of arguments allowed
    NoticeAnomalyScore int
    Score value to add for notice anomalies
    Number int
    The WAF firewall version
    ParanoiaLevel int
    The configured paranoia level
    PhpInjectionScoreThreshold int
    PHP injection threshold
    RceScoreThreshold int
    Remote code execution threshold
    RestrictedExtensions string
    A space-separated list of allowed file extensions
    RestrictedHeaders string
    A space-separated list of allowed header names
    RfiScoreThreshold int
    Remote file inclusion attack threshold
    RuleExclusions []ServiceWafConfigurationRuleExclusionArgs
    Rules []ServiceWafConfigurationRuleArgs
    SessionFixationScoreThreshold int
    Session fixation attack threshold
    SqlInjectionScoreThreshold int
    SQL injection attack threshold
    TotalArgLength int
    The maximum size of argument names and values
    WafId string
    The ID of the Web Application Firewall that the configuration belongs to
    WarningAnomalyScore int
    Score value to add for warning anomalies
    XssScoreThreshold int
    XSS attack threshold
    activate Boolean
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    active Boolean
    Whether a specific firewall version is currently deployed
    allowedHttpVersions String
    Allowed HTTP versions
    allowedMethods String
    A space-separated list of HTTP method names
    allowedRequestContentType String
    Allowed request content types
    allowedRequestContentTypeCharset String
    Allowed request content type charset
    argLength Integer
    The maximum number of arguments allowed
    argNameLength Integer
    The maximum allowed argument name length
    clonedVersion Integer
    The latest cloned firewall version by the provider
    combinedFileSizes Integer
    The maximum allowed size of all files
    criticalAnomalyScore Integer
    Score value to add for critical anomalies
    crsValidateUtf8Encoding Boolean
    CRS validate UTF8 encoding
    errorAnomalyScore Integer
    Score value to add for error anomalies
    highRiskCountryCodes String
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    httpViolationScoreThreshold Integer
    HTTP violation threshold
    inboundAnomalyScoreThreshold Integer
    Inbound anomaly threshold
    lfiScoreThreshold Integer
    Local file inclusion attack threshold
    maxFileSize Integer
    The maximum allowed file size, in bytes
    maxNumArgs Integer
    The maximum number of arguments allowed
    noticeAnomalyScore Integer
    Score value to add for notice anomalies
    number Integer
    The WAF firewall version
    paranoiaLevel Integer
    The configured paranoia level
    phpInjectionScoreThreshold Integer
    PHP injection threshold
    rceScoreThreshold Integer
    Remote code execution threshold
    restrictedExtensions String
    A space-separated list of allowed file extensions
    restrictedHeaders String
    A space-separated list of allowed header names
    rfiScoreThreshold Integer
    Remote file inclusion attack threshold
    ruleExclusions List<ServiceWafConfigurationRuleExclusion>
    rules List<ServiceWafConfigurationRule>
    sessionFixationScoreThreshold Integer
    Session fixation attack threshold
    sqlInjectionScoreThreshold Integer
    SQL injection attack threshold
    totalArgLength Integer
    The maximum size of argument names and values
    wafId String
    The ID of the Web Application Firewall that the configuration belongs to
    warningAnomalyScore Integer
    Score value to add for warning anomalies
    xssScoreThreshold Integer
    XSS attack threshold
    activate boolean
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    active boolean
    Whether a specific firewall version is currently deployed
    allowedHttpVersions string
    Allowed HTTP versions
    allowedMethods string
    A space-separated list of HTTP method names
    allowedRequestContentType string
    Allowed request content types
    allowedRequestContentTypeCharset string
    Allowed request content type charset
    argLength number
    The maximum number of arguments allowed
    argNameLength number
    The maximum allowed argument name length
    clonedVersion number
    The latest cloned firewall version by the provider
    combinedFileSizes number
    The maximum allowed size of all files
    criticalAnomalyScore number
    Score value to add for critical anomalies
    crsValidateUtf8Encoding boolean
    CRS validate UTF8 encoding
    errorAnomalyScore number
    Score value to add for error anomalies
    highRiskCountryCodes string
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    httpViolationScoreThreshold number
    HTTP violation threshold
    inboundAnomalyScoreThreshold number
    Inbound anomaly threshold
    lfiScoreThreshold number
    Local file inclusion attack threshold
    maxFileSize number
    The maximum allowed file size, in bytes
    maxNumArgs number
    The maximum number of arguments allowed
    noticeAnomalyScore number
    Score value to add for notice anomalies
    number number
    The WAF firewall version
    paranoiaLevel number
    The configured paranoia level
    phpInjectionScoreThreshold number
    PHP injection threshold
    rceScoreThreshold number
    Remote code execution threshold
    restrictedExtensions string
    A space-separated list of allowed file extensions
    restrictedHeaders string
    A space-separated list of allowed header names
    rfiScoreThreshold number
    Remote file inclusion attack threshold
    ruleExclusions ServiceWafConfigurationRuleExclusion[]
    rules ServiceWafConfigurationRule[]
    sessionFixationScoreThreshold number
    Session fixation attack threshold
    sqlInjectionScoreThreshold number
    SQL injection attack threshold
    totalArgLength number
    The maximum size of argument names and values
    wafId string
    The ID of the Web Application Firewall that the configuration belongs to
    warningAnomalyScore number
    Score value to add for warning anomalies
    xssScoreThreshold number
    XSS attack threshold
    activate bool
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    active bool
    Whether a specific firewall version is currently deployed
    allowed_http_versions str
    Allowed HTTP versions
    allowed_methods str
    A space-separated list of HTTP method names
    allowed_request_content_type str
    Allowed request content types
    allowed_request_content_type_charset str
    Allowed request content type charset
    arg_length int
    The maximum number of arguments allowed
    arg_name_length int
    The maximum allowed argument name length
    cloned_version int
    The latest cloned firewall version by the provider
    combined_file_sizes int
    The maximum allowed size of all files
    critical_anomaly_score int
    Score value to add for critical anomalies
    crs_validate_utf8_encoding bool
    CRS validate UTF8 encoding
    error_anomaly_score int
    Score value to add for error anomalies
    high_risk_country_codes str
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    http_violation_score_threshold int
    HTTP violation threshold
    inbound_anomaly_score_threshold int
    Inbound anomaly threshold
    lfi_score_threshold int
    Local file inclusion attack threshold
    max_file_size int
    The maximum allowed file size, in bytes
    max_num_args int
    The maximum number of arguments allowed
    notice_anomaly_score int
    Score value to add for notice anomalies
    number int
    The WAF firewall version
    paranoia_level int
    The configured paranoia level
    php_injection_score_threshold int
    PHP injection threshold
    rce_score_threshold int
    Remote code execution threshold
    restricted_extensions str
    A space-separated list of allowed file extensions
    restricted_headers str
    A space-separated list of allowed header names
    rfi_score_threshold int
    Remote file inclusion attack threshold
    rule_exclusions Sequence[ServiceWafConfigurationRuleExclusionArgs]
    rules Sequence[ServiceWafConfigurationRuleArgs]
    session_fixation_score_threshold int
    Session fixation attack threshold
    sql_injection_score_threshold int
    SQL injection attack threshold
    total_arg_length int
    The maximum size of argument names and values
    waf_id str
    The ID of the Web Application Firewall that the configuration belongs to
    warning_anomaly_score int
    Score value to add for warning anomalies
    xss_score_threshold int
    XSS attack threshold
    activate Boolean
    Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to false. Default true
    active Boolean
    Whether a specific firewall version is currently deployed
    allowedHttpVersions String
    Allowed HTTP versions
    allowedMethods String
    A space-separated list of HTTP method names
    allowedRequestContentType String
    Allowed request content types
    allowedRequestContentTypeCharset String
    Allowed request content type charset
    argLength Number
    The maximum number of arguments allowed
    argNameLength Number
    The maximum allowed argument name length
    clonedVersion Number
    The latest cloned firewall version by the provider
    combinedFileSizes Number
    The maximum allowed size of all files
    criticalAnomalyScore Number
    Score value to add for critical anomalies
    crsValidateUtf8Encoding Boolean
    CRS validate UTF8 encoding
    errorAnomalyScore Number
    Score value to add for error anomalies
    highRiskCountryCodes String
    A space-separated list of country codes in ISO 3166-1 (two-letter) format
    httpViolationScoreThreshold Number
    HTTP violation threshold
    inboundAnomalyScoreThreshold Number
    Inbound anomaly threshold
    lfiScoreThreshold Number
    Local file inclusion attack threshold
    maxFileSize Number
    The maximum allowed file size, in bytes
    maxNumArgs Number
    The maximum number of arguments allowed
    noticeAnomalyScore Number
    Score value to add for notice anomalies
    number Number
    The WAF firewall version
    paranoiaLevel Number
    The configured paranoia level
    phpInjectionScoreThreshold Number
    PHP injection threshold
    rceScoreThreshold Number
    Remote code execution threshold
    restrictedExtensions String
    A space-separated list of allowed file extensions
    restrictedHeaders String
    A space-separated list of allowed header names
    rfiScoreThreshold Number
    Remote file inclusion attack threshold
    ruleExclusions List<Property Map>
    rules List<Property Map>
    sessionFixationScoreThreshold Number
    Session fixation attack threshold
    sqlInjectionScoreThreshold Number
    SQL injection attack threshold
    totalArgLength Number
    The maximum size of argument names and values
    wafId String
    The ID of the Web Application Firewall that the configuration belongs to
    warningAnomalyScore Number
    Score value to add for warning anomalies
    xssScoreThreshold Number
    XSS attack threshold

    Supporting Types

    ServiceWafConfigurationRule, ServiceWafConfigurationRuleArgs

    ModsecRuleId int
    The Web Application Firewall rule's modsecurity ID
    Status string
    The Web Application Firewall rule's status. Allowed values are (log, block and score)
    Revision int
    The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
    ModsecRuleId int
    The Web Application Firewall rule's modsecurity ID
    Status string
    The Web Application Firewall rule's status. Allowed values are (log, block and score)
    Revision int
    The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
    modsecRuleId Integer
    The Web Application Firewall rule's modsecurity ID
    status String
    The Web Application Firewall rule's status. Allowed values are (log, block and score)
    revision Integer
    The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
    modsecRuleId number
    The Web Application Firewall rule's modsecurity ID
    status string
    The Web Application Firewall rule's status. Allowed values are (log, block and score)
    revision number
    The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
    modsec_rule_id int
    The Web Application Firewall rule's modsecurity ID
    status str
    The Web Application Firewall rule's status. Allowed values are (log, block and score)
    revision int
    The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
    modsecRuleId Number
    The Web Application Firewall rule's modsecurity ID
    status String
    The Web Application Firewall rule's status. Allowed values are (log, block and score)
    revision Number
    The Web Application Firewall rule's revision. The latest revision will be used if this is not provided

    ServiceWafConfigurationRuleExclusion, ServiceWafConfigurationRuleExclusionArgs

    Condition string
    A conditional expression in VCL used to determine if the condition is met
    ExclusionType string
    The type of rule exclusion. Values are rule to exclude the specified rule(s), or waf to disable the Web Application Firewall
    Name string
    The name of rule exclusion
    ModsecRuleIds List<int>
    Set of modsecurity IDs to be excluded. No rules should be provided when exclusion_type is waf. The rules need to be configured on the Web Application Firewall to be excluded
    Number int
    The numeric ID assigned to the WAF Rule Exclusion
    Condition string
    A conditional expression in VCL used to determine if the condition is met
    ExclusionType string
    The type of rule exclusion. Values are rule to exclude the specified rule(s), or waf to disable the Web Application Firewall
    Name string
    The name of rule exclusion
    ModsecRuleIds []int
    Set of modsecurity IDs to be excluded. No rules should be provided when exclusion_type is waf. The rules need to be configured on the Web Application Firewall to be excluded
    Number int
    The numeric ID assigned to the WAF Rule Exclusion
    condition String
    A conditional expression in VCL used to determine if the condition is met
    exclusionType String
    The type of rule exclusion. Values are rule to exclude the specified rule(s), or waf to disable the Web Application Firewall
    name String
    The name of rule exclusion
    modsecRuleIds List<Integer>
    Set of modsecurity IDs to be excluded. No rules should be provided when exclusion_type is waf. The rules need to be configured on the Web Application Firewall to be excluded
    number Integer
    The numeric ID assigned to the WAF Rule Exclusion
    condition string
    A conditional expression in VCL used to determine if the condition is met
    exclusionType string
    The type of rule exclusion. Values are rule to exclude the specified rule(s), or waf to disable the Web Application Firewall
    name string
    The name of rule exclusion
    modsecRuleIds number[]
    Set of modsecurity IDs to be excluded. No rules should be provided when exclusion_type is waf. The rules need to be configured on the Web Application Firewall to be excluded
    number number
    The numeric ID assigned to the WAF Rule Exclusion
    condition str
    A conditional expression in VCL used to determine if the condition is met
    exclusion_type str
    The type of rule exclusion. Values are rule to exclude the specified rule(s), or waf to disable the Web Application Firewall
    name str
    The name of rule exclusion
    modsec_rule_ids Sequence[int]
    Set of modsecurity IDs to be excluded. No rules should be provided when exclusion_type is waf. The rules need to be configured on the Web Application Firewall to be excluded
    number int
    The numeric ID assigned to the WAF Rule Exclusion
    condition String
    A conditional expression in VCL used to determine if the condition is met
    exclusionType String
    The type of rule exclusion. Values are rule to exclude the specified rule(s), or waf to disable the Web Application Firewall
    name String
    The name of rule exclusion
    modsecRuleIds List<Number>
    Set of modsecurity IDs to be excluded. No rules should be provided when exclusion_type is waf. The rules need to be configured on the Web Application Firewall to be excluded
    number Number
    The numeric ID assigned to the WAF Rule Exclusion

    Import

    This is an example of the import command being applied to the resource named fastly_service_waf_configuration.waf

    The resource ID should be the WAF ID.

    $ pulumi import fastly:index/serviceWafConfiguration:ServiceWafConfiguration waf xxxxxxxxxxxxxxxxxxxx
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Fastly pulumi/pulumi-fastly
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fastly Terraform Provider.
    fastly logo
    Fastly v8.13.0 published on Wednesday, Nov 13, 2024 by Pulumi