oci.Waas.CustomProtectionRule
Explore with Pulumi AI
This resource provides the Custom Protection Rule resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.
Creates a new custom protection rule in the specified compartment.
Custom protection rules allow you to create rules in addition to the rulesets provided by the Web Application Firewall service, including rules from ModSecurity. The syntax for custom rules is based on the ModSecurity syntax. For more information about custom protection rules, see Custom Protection Rules.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testCustomProtectionRule = new oci.waas.CustomProtectionRule("test_custom_protection_rule", {
compartmentId: compartmentId,
displayName: customProtectionRuleDisplayName,
template: customProtectionRuleTemplate,
definedTags: {
"Operations.CostCenter": "42",
},
description: customProtectionRuleDescription,
freeformTags: {
Department: "Finance",
},
});
import pulumi
import pulumi_oci as oci
test_custom_protection_rule = oci.waas.CustomProtectionRule("test_custom_protection_rule",
compartment_id=compartment_id,
display_name=custom_protection_rule_display_name,
template=custom_protection_rule_template,
defined_tags={
"Operations.CostCenter": "42",
},
description=custom_protection_rule_description,
freeform_tags={
"Department": "Finance",
})
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/Waas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := Waas.NewCustomProtectionRule(ctx, "test_custom_protection_rule", &Waas.CustomProtectionRuleArgs{
CompartmentId: pulumi.Any(compartmentId),
DisplayName: pulumi.Any(customProtectionRuleDisplayName),
Template: pulumi.Any(customProtectionRuleTemplate),
DefinedTags: pulumi.StringMap{
"Operations.CostCenter": pulumi.String("42"),
},
Description: pulumi.Any(customProtectionRuleDescription),
FreeformTags: pulumi.StringMap{
"Department": pulumi.String("Finance"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testCustomProtectionRule = new Oci.Waas.CustomProtectionRule("test_custom_protection_rule", new()
{
CompartmentId = compartmentId,
DisplayName = customProtectionRuleDisplayName,
Template = customProtectionRuleTemplate,
DefinedTags =
{
{ "Operations.CostCenter", "42" },
},
Description = customProtectionRuleDescription,
FreeformTags =
{
{ "Department", "Finance" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.CustomProtectionRule;
import com.pulumi.oci.Waas.CustomProtectionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testCustomProtectionRule = new CustomProtectionRule("testCustomProtectionRule", CustomProtectionRuleArgs.builder()
.compartmentId(compartmentId)
.displayName(customProtectionRuleDisplayName)
.template(customProtectionRuleTemplate)
.definedTags(Map.of("Operations.CostCenter", "42"))
.description(customProtectionRuleDescription)
.freeformTags(Map.of("Department", "Finance"))
.build());
}
}
resources:
testCustomProtectionRule:
type: oci:Waas:CustomProtectionRule
name: test_custom_protection_rule
properties:
compartmentId: ${compartmentId}
displayName: ${customProtectionRuleDisplayName}
template: ${customProtectionRuleTemplate}
definedTags:
Operations.CostCenter: '42'
description: ${customProtectionRuleDescription}
freeformTags:
Department: Finance
Create CustomProtectionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CustomProtectionRule(name: string, args: CustomProtectionRuleArgs, opts?: CustomResourceOptions);
@overload
def CustomProtectionRule(resource_name: str,
args: CustomProtectionRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CustomProtectionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
compartment_id: Optional[str] = None,
display_name: Optional[str] = None,
template: Optional[str] = None,
defined_tags: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
freeform_tags: Optional[Mapping[str, str]] = None)
func NewCustomProtectionRule(ctx *Context, name string, args CustomProtectionRuleArgs, opts ...ResourceOption) (*CustomProtectionRule, error)
public CustomProtectionRule(string name, CustomProtectionRuleArgs args, CustomResourceOptions? opts = null)
public CustomProtectionRule(String name, CustomProtectionRuleArgs args)
public CustomProtectionRule(String name, CustomProtectionRuleArgs args, CustomResourceOptions options)
type: oci:Waas:CustomProtectionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CustomProtectionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CustomProtectionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CustomProtectionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomProtectionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CustomProtectionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var customProtectionRuleResource = new Oci.Waas.CustomProtectionRule("customProtectionRuleResource", new()
{
CompartmentId = "string",
DisplayName = "string",
Template = "string",
DefinedTags =
{
{ "string", "string" },
},
Description = "string",
FreeformTags =
{
{ "string", "string" },
},
});
example, err := Waas.NewCustomProtectionRule(ctx, "customProtectionRuleResource", &Waas.CustomProtectionRuleArgs{
CompartmentId: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Template: pulumi.String("string"),
DefinedTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Description: pulumi.String("string"),
FreeformTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var customProtectionRuleResource = new CustomProtectionRule("customProtectionRuleResource", CustomProtectionRuleArgs.builder()
.compartmentId("string")
.displayName("string")
.template("string")
.definedTags(Map.of("string", "string"))
.description("string")
.freeformTags(Map.of("string", "string"))
.build());
custom_protection_rule_resource = oci.waas.CustomProtectionRule("customProtectionRuleResource",
compartment_id="string",
display_name="string",
template="string",
defined_tags={
"string": "string",
},
description="string",
freeform_tags={
"string": "string",
})
const customProtectionRuleResource = new oci.waas.CustomProtectionRule("customProtectionRuleResource", {
compartmentId: "string",
displayName: "string",
template: "string",
definedTags: {
string: "string",
},
description: "string",
freeformTags: {
string: "string",
},
});
type: oci:Waas:CustomProtectionRule
properties:
compartmentId: string
definedTags:
string: string
description: string
displayName: string
freeformTags:
string: string
template: string
CustomProtectionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CustomProtectionRule resource accepts the following input properties:
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- Display
Name string - (Updatable) A user-friendly name for the custom protection rule.
- Template string
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Description string
- (Updatable) A description for the Custom Protection rule.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- Display
Name string - (Updatable) A user-friendly name for the custom protection rule.
- Template string
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Description string
- (Updatable) A description for the Custom Protection rule.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- display
Name String - (Updatable) A user-friendly name for the custom protection rule.
- template String
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description String
- (Updatable) A description for the Custom Protection rule.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- compartment
Id string - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- display
Name string - (Updatable) A user-friendly name for the custom protection rule.
- template string
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description string
- (Updatable) A description for the Custom Protection rule.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- compartment_
id str - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- display_
name str - (Updatable) A user-friendly name for the custom protection rule.
- template str
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description str
- (Updatable) A description for the Custom Protection rule.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- display
Name String - (Updatable) A user-friendly name for the custom protection rule.
- template String
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description String
- (Updatable) A description for the Custom Protection rule.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
Outputs
All input properties are implicitly available as output properties. Additionally, the CustomProtectionRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Mod
Security List<string>Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- State string
- The current lifecycle state of the custom protection rule.
- Time
Created string - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Mod
Security []stringRule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- State string
- The current lifecycle state of the custom protection rule.
- Time
Created string - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- id String
- The provider-assigned unique ID for this managed resource.
- mod
Security List<String>Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state String
- The current lifecycle state of the custom protection rule.
- time
Created String - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- id string
- The provider-assigned unique ID for this managed resource.
- mod
Security string[]Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state string
- The current lifecycle state of the custom protection rule.
- time
Created string - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- id str
- The provider-assigned unique ID for this managed resource.
- mod_
security_ Sequence[str]rule_ ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state str
- The current lifecycle state of the custom protection rule.
- time_
created str - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- id String
- The provider-assigned unique ID for this managed resource.
- mod
Security List<String>Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state String
- The current lifecycle state of the custom protection rule.
- time
Created String - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
Look up Existing CustomProtectionRule Resource
Get an existing CustomProtectionRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CustomProtectionRuleState, opts?: CustomResourceOptions): CustomProtectionRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
compartment_id: Optional[str] = None,
defined_tags: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
mod_security_rule_ids: Optional[Sequence[str]] = None,
state: Optional[str] = None,
template: Optional[str] = None,
time_created: Optional[str] = None) -> CustomProtectionRule
func GetCustomProtectionRule(ctx *Context, name string, id IDInput, state *CustomProtectionRuleState, opts ...ResourceOption) (*CustomProtectionRule, error)
public static CustomProtectionRule Get(string name, Input<string> id, CustomProtectionRuleState? state, CustomResourceOptions? opts = null)
public static CustomProtectionRule get(String name, Output<String> id, CustomProtectionRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Description string
- (Updatable) A description for the Custom Protection rule.
- Display
Name string - (Updatable) A user-friendly name for the custom protection rule.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Mod
Security List<string>Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- State string
- The current lifecycle state of the custom protection rule.
- Template string
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Time
Created string - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Description string
- (Updatable) A description for the Custom Protection rule.
- Display
Name string - (Updatable) A user-friendly name for the custom protection rule.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Mod
Security []stringRule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- State string
- The current lifecycle state of the custom protection rule.
- Template string
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Time
Created string - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description String
- (Updatable) A description for the Custom Protection rule.
- display
Name String - (Updatable) A user-friendly name for the custom protection rule.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- mod
Security List<String>Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state String
- The current lifecycle state of the custom protection rule.
- template String
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- time
Created String - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- compartment
Id string - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description string
- (Updatable) A description for the Custom Protection rule.
- display
Name string - (Updatable) A user-friendly name for the custom protection rule.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- mod
Security string[]Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state string
- The current lifecycle state of the custom protection rule.
- template string
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- time
Created string - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- compartment_
id str - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description str
- (Updatable) A description for the Custom Protection rule.
- display_
name str - (Updatable) A user-friendly name for the custom protection rule.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- mod_
security_ Sequence[str]rule_ ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state str
- The current lifecycle state of the custom protection rule.
- template str
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- time_
created str - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the custom protection rule.
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- description String
- (Updatable) A description for the Custom Protection rule.
- display
Name String - (Updatable) A user-friendly name for the custom protection rule.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- mod
Security List<String>Rule Ids - The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
- state String
- The current lifecycle state of the custom protection rule.
- template String
(Updatable) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
id: {{id_1}}
- This field is populated with a unique rule ID generated by the WAF service which identifies aSecRule
. More than oneSecRule
can be defined in thetemplate
field of a CreateCustomSecurityRule call. The value of the firstSecRule
must beid: {{id_1}}
and theid
field of each subsequentSecRule
should increase by one, as shown in the example.ctl:ruleEngine={{mode}}
- The action to be taken when the criteria of theSecRule
are met, eitherOFF
,DETECT
orBLOCK
. This field is automatically populated with the corresponding value of theaction
field of theCustomProtectionRuleSetting
schema when theWafConfig
is updated.Example:
SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny"
The example contains two
SecRules
each having distinct regex expression to match theCookie
header value during the second input analysis phase.For more information about custom protection rules, see Custom Protection Rules.
For more information about ModSecurity syntax, see Making Rules: The Basic Syntax.
For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- time
Created String - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
Import
CustomProtectionRules can be imported using the id
, e.g.
$ pulumi import oci:Waas/customProtectionRule:CustomProtectionRule test_custom_protection_rule "id"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.