1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Waas
  5. getWaasPolicy
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

oci.Waas.getWaasPolicy

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

    This data source provides details about a specific Waas Policy resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.

    Gets the details of a WAAS policy.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as oci from "@pulumi/oci";
    
    const testWaasPolicy = oci.Waas.getWaasPolicy({
        waasPolicyId: testWaasPolicyOciWaasWaasPolicy.id,
    });
    
    import pulumi
    import pulumi_oci as oci
    
    test_waas_policy = oci.Waas.get_waas_policy(waas_policy_id=test_waas_policy_oci_waas_waas_policy["id"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/Waas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := Waas.GetWaasPolicy(ctx, &waas.GetWaasPolicyArgs{
    			WaasPolicyId: testWaasPolicyOciWaasWaasPolicy.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Oci = Pulumi.Oci;
    
    return await Deployment.RunAsync(() => 
    {
        var testWaasPolicy = Oci.Waas.GetWaasPolicy.Invoke(new()
        {
            WaasPolicyId = testWaasPolicyOciWaasWaasPolicy.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.Waas.WaasFunctions;
    import com.pulumi.oci.Waas.inputs.GetWaasPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var testWaasPolicy = WaasFunctions.getWaasPolicy(GetWaasPolicyArgs.builder()
                .waasPolicyId(testWaasPolicyOciWaasWaasPolicy.id())
                .build());
    
        }
    }
    
    variables:
      testWaasPolicy:
        fn::invoke:
          Function: oci:Waas:getWaasPolicy
          Arguments:
            waasPolicyId: ${testWaasPolicyOciWaasWaasPolicy.id}
    

    Using getWaasPolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getWaasPolicy(args: GetWaasPolicyArgs, opts?: InvokeOptions): Promise<GetWaasPolicyResult>
    function getWaasPolicyOutput(args: GetWaasPolicyOutputArgs, opts?: InvokeOptions): Output<GetWaasPolicyResult>
    def get_waas_policy(waas_policy_id: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetWaasPolicyResult
    def get_waas_policy_output(waas_policy_id: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetWaasPolicyResult]
    func GetWaasPolicy(ctx *Context, args *GetWaasPolicyArgs, opts ...InvokeOption) (*GetWaasPolicyResult, error)
    func GetWaasPolicyOutput(ctx *Context, args *GetWaasPolicyOutputArgs, opts ...InvokeOption) GetWaasPolicyResultOutput

    > Note: This function is named GetWaasPolicy in the Go SDK.

    public static class GetWaasPolicy 
    {
        public static Task<GetWaasPolicyResult> InvokeAsync(GetWaasPolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetWaasPolicyResult> Invoke(GetWaasPolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: oci:Waas/getWaasPolicy:getWaasPolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    WaasPolicyId string
    The OCID of the WAAS policy.
    WaasPolicyId string
    The OCID of the WAAS policy.
    waasPolicyId String
    The OCID of the WAAS policy.
    waasPolicyId string
    The OCID of the WAAS policy.
    waas_policy_id str
    The OCID of the WAAS policy.
    waasPolicyId String
    The OCID of the WAAS policy.

    getWaasPolicy Result

    The following output properties are available:

    AdditionalDomains List<string>
    An array of additional domains for this web application.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    CompartmentId string
    The OCID of the WAAS policy's compartment.
    DefinedTags Dictionary<string, string>
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    FreeformTags Dictionary<string, string>
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    Id string
    The provider-assigned unique ID for this managed resource.
    OriginGroups List<GetWaasPolicyOriginGroup>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins List<GetWaasPolicyOrigin>
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    PolicyConfigs List<GetWaasPolicyPolicyConfig>
    The configuration details for the WAAS policy.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    WaasPolicyId string
    WafConfigs List<GetWaasPolicyWafConfig>
    The Web Application Firewall configuration for the WAAS policy.
    AdditionalDomains []string
    An array of additional domains for this web application.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    CompartmentId string
    The OCID of the WAAS policy's compartment.
    DefinedTags map[string]string
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    FreeformTags map[string]string
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    Id string
    The provider-assigned unique ID for this managed resource.
    OriginGroups []GetWaasPolicyOriginGroup
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins []GetWaasPolicyOrigin
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    PolicyConfigs []GetWaasPolicyPolicyConfig
    The configuration details for the WAAS policy.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    WaasPolicyId string
    WafConfigs []GetWaasPolicyWafConfig
    The Web Application Firewall configuration for the WAAS policy.
    additionalDomains List<String>
    An array of additional domains for this web application.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId String
    The OCID of the WAAS policy's compartment.
    definedTags Map<String,String>
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeformTags Map<String,String>
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id String
    The provider-assigned unique ID for this managed resource.
    originGroups List<GetPolicyOriginGroup>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<GetPolicyOrigin>
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policyConfigs List<GetPolicyPolicyConfig>
    The configuration details for the WAAS policy.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    waasPolicyId String
    wafConfigs List<GetPolicyWafConfig>
    The Web Application Firewall configuration for the WAAS policy.
    additionalDomains string[]
    An array of additional domains for this web application.
    cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId string
    The OCID of the WAAS policy's compartment.
    definedTags {[key: string]: string}
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName string
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeformTags {[key: string]: string}
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id string
    The provider-assigned unique ID for this managed resource.
    originGroups GetWaasPolicyOriginGroup[]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins GetWaasPolicyOrigin[]
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policyConfigs GetWaasPolicyPolicyConfig[]
    The configuration details for the WAAS policy.
    state string
    The current lifecycle state of the WAAS policy.
    timeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    waasPolicyId string
    wafConfigs GetWaasPolicyWafConfig[]
    The Web Application Firewall configuration for the WAAS policy.
    additional_domains Sequence[str]
    An array of additional domains for this web application.
    cname str
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartment_id str
    The OCID of the WAAS policy's compartment.
    defined_tags Mapping[str, str]
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    display_name str
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain str
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeform_tags Mapping[str, str]
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id str
    The provider-assigned unique ID for this managed resource.
    origin_groups Sequence[waas.GetWaasPolicyOriginGroup]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins Sequence[waas.GetWaasPolicyOrigin]
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policy_configs Sequence[waas.GetWaasPolicyPolicyConfig]
    The configuration details for the WAAS policy.
    state str
    The current lifecycle state of the WAAS policy.
    time_created str
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    waas_policy_id str
    waf_configs Sequence[waas.GetWaasPolicyWafConfig]
    The Web Application Firewall configuration for the WAAS policy.
    additionalDomains List<String>
    An array of additional domains for this web application.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId String
    The OCID of the WAAS policy's compartment.
    definedTags Map<String>
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeformTags Map<String>
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id String
    The provider-assigned unique ID for this managed resource.
    originGroups List<Property Map>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<Property Map>
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policyConfigs List<Property Map>
    The configuration details for the WAAS policy.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    waasPolicyId String
    wafConfigs List<Property Map>
    The Web Application Firewall configuration for the WAAS policy.

    Supporting Types

    GetWaasPolicyOrigin

    CustomHeaders List<GetWaasPolicyOriginCustomHeader>
    A list of HTTP headers to forward to your origin.
    Label string
    Uri string
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    HttpPort int
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    HttpsPort int
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    CustomHeaders []GetWaasPolicyOriginCustomHeader
    A list of HTTP headers to forward to your origin.
    Label string
    Uri string
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    HttpPort int
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    HttpsPort int
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    customHeaders List<GetPolicyOriginCustomHeader>
    A list of HTTP headers to forward to your origin.
    label String
    uri String
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    httpPort Integer
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort Integer
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    customHeaders GetWaasPolicyOriginCustomHeader[]
    A list of HTTP headers to forward to your origin.
    label string
    uri string
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    httpPort number
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort number
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    custom_headers Sequence[waas.GetWaasPolicyOriginCustomHeader]
    A list of HTTP headers to forward to your origin.
    label str
    uri str
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    http_port int
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    https_port int
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    customHeaders List<Property Map>
    A list of HTTP headers to forward to your origin.
    label String
    uri String
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    httpPort Number
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort Number
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

    GetWaasPolicyOriginCustomHeader

    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.
    name string
    The unique name of the whitelist.
    value string
    The value of the header.
    name str
    The unique name of the whitelist.
    value str
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.

    GetWaasPolicyOriginGroup

    GetWaasPolicyOriginGroupOriginGroup

    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    Weight int
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    Weight int
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight Integer
    origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight number
    origin str
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight int
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight Number

    GetWaasPolicyPolicyConfig

    CertificateId string
    The OCID of the SSL certificate to use if HTTPS is supported.
    CipherGroup string
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ClientAddressHeader string
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    HealthChecks GetWaasPolicyPolicyConfigHealthChecks
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    IsBehindCdn bool
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    IsCacheControlRespected bool
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    IsHttpsEnabled bool
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    IsHttpsForced bool
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    IsOriginCompressionEnabled bool
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    IsResponseBufferingEnabled bool
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    IsSniEnabled bool
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    LoadBalancingMethod GetWaasPolicyPolicyConfigLoadBalancingMethod
    An object that represents a load balancing method and its properties.
    TlsProtocols List<string>
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    WebsocketPathPrefixes List<string>
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    CertificateId string
    The OCID of the SSL certificate to use if HTTPS is supported.
    CipherGroup string
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ClientAddressHeader string
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    HealthChecks GetWaasPolicyPolicyConfigHealthChecks
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    IsBehindCdn bool
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    IsCacheControlRespected bool
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    IsHttpsEnabled bool
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    IsHttpsForced bool
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    IsOriginCompressionEnabled bool
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    IsResponseBufferingEnabled bool
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    IsSniEnabled bool
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    LoadBalancingMethod GetWaasPolicyPolicyConfigLoadBalancingMethod
    An object that represents a load balancing method and its properties.
    TlsProtocols []string
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    WebsocketPathPrefixes []string
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId String
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup String
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader String
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    healthChecks GetPolicyPolicyConfigHealthChecks
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn Boolean
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected Boolean
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled Boolean
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced Boolean
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled Boolean
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled Boolean
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled Boolean
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethod GetPolicyPolicyConfigLoadBalancingMethod
    An object that represents a load balancing method and its properties.
    tlsProtocols List<String>
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocketPathPrefixes List<String>
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId string
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup string
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader string
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    healthChecks GetWaasPolicyPolicyConfigHealthChecks
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn boolean
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected boolean
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled boolean
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced boolean
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled boolean
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled boolean
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled boolean
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethod GetWaasPolicyPolicyConfigLoadBalancingMethod
    An object that represents a load balancing method and its properties.
    tlsProtocols string[]
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocketPathPrefixes string[]
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificate_id str
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipher_group str
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    client_address_header str
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    health_checks waas.GetWaasPolicyPolicyConfigHealthChecks
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    is_behind_cdn bool
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    is_cache_control_respected bool
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    is_https_enabled bool
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    is_https_forced bool
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    is_origin_compression_enabled bool
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    is_response_buffering_enabled bool
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    is_sni_enabled bool
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    load_balancing_method waas.GetWaasPolicyPolicyConfigLoadBalancingMethod
    An object that represents a load balancing method and its properties.
    tls_protocols Sequence[str]
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocket_path_prefixes Sequence[str]
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId String
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup String
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader String
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    healthChecks Property Map
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn Boolean
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected Boolean
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled Boolean
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced Boolean
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled Boolean
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled Boolean
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled Boolean
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethod Property Map
    An object that represents a load balancing method and its properties.
    tlsProtocols List<String>
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocketPathPrefixes List<String>
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.

    GetWaasPolicyPolicyConfigHealthChecks

    ExpectedResponseCodeGroups List<string>
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    ExpectedResponseText string
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    Headers Dictionary<string, string>
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    HealthyThreshold int
    Number of successful health checks after which the server is marked up.
    IntervalInSeconds int
    Time between health checks of an individual origin server, in seconds.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsResponseTextCheckEnabled bool
    Enables or disables additional check for predefined text in addition to response code.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Path string
    Path to visit on your origins when performing the health check.
    TimeoutInSeconds int
    Response timeout represents wait time until request is considered failed, in seconds.
    UnhealthyThreshold int
    Number of failed health checks after which the server is marked down.
    ExpectedResponseCodeGroups []string
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    ExpectedResponseText string
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    Headers map[string]string
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    HealthyThreshold int
    Number of successful health checks after which the server is marked up.
    IntervalInSeconds int
    Time between health checks of an individual origin server, in seconds.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsResponseTextCheckEnabled bool
    Enables or disables additional check for predefined text in addition to response code.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Path string
    Path to visit on your origins when performing the health check.
    TimeoutInSeconds int
    Response timeout represents wait time until request is considered failed, in seconds.
    UnhealthyThreshold int
    Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups List<String>
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText String
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Map<String,String>
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthyThreshold Integer
    Number of successful health checks after which the server is marked up.
    intervalInSeconds Integer
    Time between health checks of an individual origin server, in seconds.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isResponseTextCheckEnabled Boolean
    Enables or disables additional check for predefined text in addition to response code.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path String
    Path to visit on your origins when performing the health check.
    timeoutInSeconds Integer
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold Integer
    Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups string[]
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText string
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers {[key: string]: string}
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthyThreshold number
    Number of successful health checks after which the server is marked up.
    intervalInSeconds number
    Time between health checks of an individual origin server, in seconds.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isResponseTextCheckEnabled boolean
    Enables or disables additional check for predefined text in addition to response code.
    method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path string
    Path to visit on your origins when performing the health check.
    timeoutInSeconds number
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold number
    Number of failed health checks after which the server is marked down.
    expected_response_code_groups Sequence[str]
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expected_response_text str
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Mapping[str, str]
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthy_threshold int
    Number of successful health checks after which the server is marked up.
    interval_in_seconds int
    Time between health checks of an individual origin server, in seconds.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    is_response_text_check_enabled bool
    Enables or disables additional check for predefined text in addition to response code.
    method str
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path str
    Path to visit on your origins when performing the health check.
    timeout_in_seconds int
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthy_threshold int
    Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups List<String>
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText String
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Map<String>
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthyThreshold Number
    Number of successful health checks after which the server is marked up.
    intervalInSeconds Number
    Time between health checks of an individual origin server, in seconds.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isResponseTextCheckEnabled Boolean
    Enables or disables additional check for predefined text in addition to response code.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path String
    Path to visit on your origins when performing the health check.
    timeoutInSeconds Number
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold Number
    Number of failed health checks after which the server is marked down.

    GetWaasPolicyPolicyConfigLoadBalancingMethod

    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    ExpirationTimeInSeconds int
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Name string
    The unique name of the whitelist.
    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    ExpirationTimeInSeconds int
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Name string
    The unique name of the whitelist.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds Integer
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name String
    The unique name of the whitelist.
    domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds number
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name string
    The unique name of the whitelist.
    domain str
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expiration_time_in_seconds int
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method str
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name str
    The unique name of the whitelist.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds Number
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name String
    The unique name of the whitelist.

    GetWaasPolicyWafConfig

    AccessRules List<GetWaasPolicyWafConfigAccessRule>
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    AddressRateLimiting GetWaasPolicyWafConfigAddressRateLimiting
    The IP address rate limiting settings used to limit the number of requests from an address.
    CachingRules List<GetWaasPolicyWafConfigCachingRule>
    A list of caching rules applied to the web application.
    Captchas List<GetWaasPolicyWafConfigCaptcha>
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    CustomProtectionRules List<GetWaasPolicyWafConfigCustomProtectionRule>
    A list of the custom protection rule OCIDs and their actions.
    DeviceFingerprintChallenge GetWaasPolicyWafConfigDeviceFingerprintChallenge
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    HumanInteractionChallenge GetWaasPolicyWafConfigHumanInteractionChallenge
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    JsChallenge GetWaasPolicyWafConfigJsChallenge
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    OriginGroups List<string>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    ProtectionSettings GetWaasPolicyWafConfigProtectionSettings
    The settings to apply to protection rules.
    Whitelists List<GetWaasPolicyWafConfigWhitelist>
    A list of IP addresses that bypass the Web Application Firewall.
    AccessRules []GetWaasPolicyWafConfigAccessRule
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    AddressRateLimiting GetWaasPolicyWafConfigAddressRateLimiting
    The IP address rate limiting settings used to limit the number of requests from an address.
    CachingRules []GetWaasPolicyWafConfigCachingRule
    A list of caching rules applied to the web application.
    Captchas []GetWaasPolicyWafConfigCaptcha
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    CustomProtectionRules []GetWaasPolicyWafConfigCustomProtectionRule
    A list of the custom protection rule OCIDs and their actions.
    DeviceFingerprintChallenge GetWaasPolicyWafConfigDeviceFingerprintChallenge
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    HumanInteractionChallenge GetWaasPolicyWafConfigHumanInteractionChallenge
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    JsChallenge GetWaasPolicyWafConfigJsChallenge
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    OriginGroups []string
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    ProtectionSettings GetWaasPolicyWafConfigProtectionSettings
    The settings to apply to protection rules.
    Whitelists []GetWaasPolicyWafConfigWhitelist
    A list of IP addresses that bypass the Web Application Firewall.
    accessRules List<GetPolicyWafConfigAccessRule>
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    addressRateLimiting GetPolicyWafConfigAddressRateLimiting
    The IP address rate limiting settings used to limit the number of requests from an address.
    cachingRules List<GetPolicyWafConfigCachingRule>
    A list of caching rules applied to the web application.
    captchas List<GetPolicyWafConfigCaptcha>
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    customProtectionRules List<GetPolicyWafConfigCustomProtectionRule>
    A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenge GetPolicyWafConfigDeviceFingerprintChallenge
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    humanInteractionChallenge GetPolicyWafConfigHumanInteractionChallenge
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenge GetPolicyWafConfigJsChallenge
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    originGroups List<String>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings GetPolicyWafConfigProtectionSettings
    The settings to apply to protection rules.
    whitelists List<GetPolicyWafConfigWhitelist>
    A list of IP addresses that bypass the Web Application Firewall.
    accessRules GetWaasPolicyWafConfigAccessRule[]
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    addressRateLimiting GetWaasPolicyWafConfigAddressRateLimiting
    The IP address rate limiting settings used to limit the number of requests from an address.
    cachingRules GetWaasPolicyWafConfigCachingRule[]
    A list of caching rules applied to the web application.
    captchas GetWaasPolicyWafConfigCaptcha[]
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    customProtectionRules GetWaasPolicyWafConfigCustomProtectionRule[]
    A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenge GetWaasPolicyWafConfigDeviceFingerprintChallenge
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    humanInteractionChallenge GetWaasPolicyWafConfigHumanInteractionChallenge
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenge GetWaasPolicyWafConfigJsChallenge
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    originGroups string[]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings GetWaasPolicyWafConfigProtectionSettings
    The settings to apply to protection rules.
    whitelists GetWaasPolicyWafConfigWhitelist[]
    A list of IP addresses that bypass the Web Application Firewall.
    access_rules Sequence[waas.GetWaasPolicyWafConfigAccessRule]
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    address_rate_limiting waas.GetWaasPolicyWafConfigAddressRateLimiting
    The IP address rate limiting settings used to limit the number of requests from an address.
    caching_rules Sequence[waas.GetWaasPolicyWafConfigCachingRule]
    A list of caching rules applied to the web application.
    captchas Sequence[waas.GetWaasPolicyWafConfigCaptcha]
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    custom_protection_rules Sequence[waas.GetWaasPolicyWafConfigCustomProtectionRule]
    A list of the custom protection rule OCIDs and their actions.
    device_fingerprint_challenge waas.GetWaasPolicyWafConfigDeviceFingerprintChallenge
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    human_interaction_challenge waas.GetWaasPolicyWafConfigHumanInteractionChallenge
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    js_challenge waas.GetWaasPolicyWafConfigJsChallenge
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin str
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    origin_groups Sequence[str]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protection_settings waas.GetWaasPolicyWafConfigProtectionSettings
    The settings to apply to protection rules.
    whitelists Sequence[waas.GetWaasPolicyWafConfigWhitelist]
    A list of IP addresses that bypass the Web Application Firewall.
    accessRules List<Property Map>
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    addressRateLimiting Property Map
    The IP address rate limiting settings used to limit the number of requests from an address.
    cachingRules List<Property Map>
    A list of caching rules applied to the web application.
    captchas List<Property Map>
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    customProtectionRules List<Property Map>
    A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenge Property Map
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    humanInteractionChallenge Property Map
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenge Property Map
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    originGroups List<String>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings Property Map
    The settings to apply to protection rules.
    whitelists List<Property Map>
    A list of IP addresses that bypass the Web Application Firewall.

    GetWaasPolicyWafConfigAccessRule

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    BypassChallenges List<string>
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    Criterias List<GetWaasPolicyWafConfigAccessRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    Name string
    The unique name of the whitelist.
    RedirectResponseCode string
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    RedirectUrl string
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    ResponseHeaderManipulations List<GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation>
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    BypassChallenges []string
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    Criterias []GetWaasPolicyWafConfigAccessRuleCriteria
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    Name string
    The unique name of the whitelist.
    RedirectResponseCode string
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    RedirectUrl string
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    ResponseHeaderManipulations []GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypassChallenges List<String>
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias List<GetPolicyWafConfigAccessRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name String
    The unique name of the whitelist.
    redirectResponseCode String
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl String
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations List<GetPolicyWafConfigAccessRuleResponseHeaderManipulation>
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypassChallenges string[]
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias GetWaasPolicyWafConfigAccessRuleCriteria[]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name string
    The unique name of the whitelist.
    redirectResponseCode string
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl string
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation[]
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypass_challenges Sequence[str]
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias Sequence[waas.GetWaasPolicyWafConfigAccessRuleCriteria]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name str
    The unique name of the whitelist.
    redirect_response_code str
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirect_url str
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    response_header_manipulations Sequence[waas.GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation]
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypassChallenges List<String>
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias List<Property Map>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name String
    The unique name of the whitelist.
    redirectResponseCode String
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl String
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations List<Property Map>
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

    GetWaasPolicyWafConfigAccessRuleCriteria

    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.
    condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value string
    The value of the header.
    condition str
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    is_case_sensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    value str
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.

    GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Header string
    A header field name that conforms to RFC 7230. Example: example_header_name
    Value string
    The value of the header.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Header string
    A header field name that conforms to RFC 7230. Example: example_header_name
    Value string
    The value of the header.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header String
    A header field name that conforms to RFC 7230. Example: example_header_name
    value String
    The value of the header.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header string
    A header field name that conforms to RFC 7230. Example: example_header_name
    value string
    The value of the header.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header str
    A header field name that conforms to RFC 7230. Example: example_header_name
    value str
    The value of the header.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header String
    A header field name that conforms to RFC 7230. Example: example_header_name
    value String
    The value of the header.

    GetWaasPolicyWafConfigAddressRateLimiting

    AllowedRatePerAddress int
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxDelayedCountPerAddress int
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    AllowedRatePerAddress int
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxDelayedCountPerAddress int
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowedRatePerAddress Integer
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxDelayedCountPerAddress Integer
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowedRatePerAddress number
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxDelayedCountPerAddress number
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowed_rate_per_address int
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    max_delayed_count_per_address int
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowedRatePerAddress Number
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxDelayedCountPerAddress Number
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

    GetWaasPolicyWafConfigCachingRule

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    CachingDuration string
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    ClientCachingDuration string
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    Criterias List<GetWaasPolicyWafConfigCachingRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    IsClientCachingEnabled bool
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    Key string
    The unique key for the caching rule.
    Name string
    The unique name of the whitelist.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    CachingDuration string
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    ClientCachingDuration string
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    Criterias []GetWaasPolicyWafConfigCachingRuleCriteria
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    IsClientCachingEnabled bool
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    Key string
    The unique key for the caching rule.
    Name string
    The unique name of the whitelist.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    cachingDuration String
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration String
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias List<GetPolicyWafConfigCachingRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    isClientCachingEnabled Boolean
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key String
    The unique key for the caching rule.
    name String
    The unique name of the whitelist.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    cachingDuration string
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration string
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias GetWaasPolicyWafConfigCachingRuleCriteria[]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    isClientCachingEnabled boolean
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key string
    The unique key for the caching rule.
    name string
    The unique name of the whitelist.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    caching_duration str
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    client_caching_duration str
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias Sequence[waas.GetWaasPolicyWafConfigCachingRuleCriteria]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    is_client_caching_enabled bool
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key str
    The unique key for the caching rule.
    name str
    The unique name of the whitelist.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    cachingDuration String
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration String
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias List<Property Map>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    isClientCachingEnabled Boolean
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key String
    The unique key for the caching rule.
    name String
    The unique name of the whitelist.

    GetWaasPolicyWafConfigCachingRuleCriteria

    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    Value string
    The value of the header.
    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    Value string
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value String
    The value of the header.
    condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value string
    The value of the header.
    condition str
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value str
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value String
    The value of the header.

    GetWaasPolicyWafConfigCaptcha

    FailureMessage string
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    FooterText string
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    HeaderText string
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    SessionExpirationInSeconds int
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    SubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    Title string
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    Url string
    The unique URL path at which to show the CAPTCHA challenge.
    FailureMessage string
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    FooterText string
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    HeaderText string
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    SessionExpirationInSeconds int
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    SubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    Title string
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    Url string
    The unique URL path at which to show the CAPTCHA challenge.
    failureMessage String
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footerText String
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText String
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    sessionExpirationInSeconds Integer
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel String
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title String
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url String
    The unique URL path at which to show the CAPTCHA challenge.
    failureMessage string
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footerText string
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText string
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    sessionExpirationInSeconds number
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel string
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title string
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url string
    The unique URL path at which to show the CAPTCHA challenge.
    failure_message str
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footer_text str
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    header_text str
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    session_expiration_in_seconds int
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submit_label str
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title str
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url str
    The unique URL path at which to show the CAPTCHA challenge.
    failureMessage String
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footerText String
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText String
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    sessionExpirationInSeconds Number
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel String
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title String
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url String
    The unique URL path at which to show the CAPTCHA challenge.

    GetWaasPolicyWafConfigCustomProtectionRule

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Exclusions List<GetWaasPolicyWafConfigCustomProtectionRuleExclusion>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Id string
    The OCID of the custom protection rule.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Exclusions []GetWaasPolicyWafConfigCustomProtectionRuleExclusion
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Id string
    The OCID of the custom protection rule.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions List<GetPolicyWafConfigCustomProtectionRuleExclusion>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id String
    The OCID of the custom protection rule.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions GetWaasPolicyWafConfigCustomProtectionRuleExclusion[]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id string
    The OCID of the custom protection rule.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions Sequence[waas.GetWaasPolicyWafConfigCustomProtectionRuleExclusion]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id str
    The OCID of the custom protection rule.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions List<Property Map>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id String
    The OCID of the custom protection rule.

    GetWaasPolicyWafConfigCustomProtectionRuleExclusion

    Exclusions List<string>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Target string
    The target of the exclusion.
    Exclusions []string
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Target string
    The target of the exclusion.
    exclusions List<String>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target String
    The target of the exclusion.
    exclusions string[]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target string
    The target of the exclusion.
    exclusions Sequence[str]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target str
    The target of the exclusion.
    exclusions List<String>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target String
    The target of the exclusion.

    GetWaasPolicyWafConfigDeviceFingerprintChallenge

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxAddressCount int
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    MaxAddressCountExpirationInSeconds int
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxAddressCount int
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    MaxAddressCountExpirationInSeconds int
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings GetPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    failureThreshold Integer
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Integer
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxAddressCount Integer
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds Integer
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    failureThreshold number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxAddressCount number
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds number
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challenge_settings waas.GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    failure_threshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failure_threshold_expiration_in_seconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    max_address_count int
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    max_address_count_expiration_in_seconds int
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings Property Map
    The challenge settings if action is set to BLOCK.
    failureThreshold Number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxAddressCount Number
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds Number
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

    GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings

    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    GetWaasPolicyWafConfigHumanInteractionChallenge

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    InteractionThreshold int
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    RecordingPeriodInSeconds int
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    SetHttpHeader GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    InteractionThreshold int
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    RecordingPeriodInSeconds int
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    SetHttpHeader GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings GetPolicyWafConfigHumanInteractionChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    failureThreshold Integer
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Integer
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold Integer
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds Integer
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeader GetPolicyWafConfigHumanInteractionChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    failureThreshold number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold number
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds number
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeader GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challenge_settings waas.GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    failure_threshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failure_threshold_expiration_in_seconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interaction_threshold int
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    is_nat_enabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recording_period_in_seconds int
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    set_http_header waas.GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings Property Map
    The challenge settings if action is set to BLOCK.
    failureThreshold Number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold Number
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds Number
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeader Property Map
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

    GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings

    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader

    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.
    name string
    The unique name of the whitelist.
    value string
    The value of the header.
    name str
    The unique name of the whitelist.
    value str
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.

    GetWaasPolicyWafConfigJsChallenge

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    AreRedirectsChallenged bool
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    ChallengeSettings GetWaasPolicyWafConfigJsChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    Criterias List<GetWaasPolicyWafConfigJsChallengeCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    SetHttpHeader GetWaasPolicyWafConfigJsChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    AreRedirectsChallenged bool
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    ChallengeSettings GetWaasPolicyWafConfigJsChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    Criterias []GetWaasPolicyWafConfigJsChallengeCriteria
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    SetHttpHeader GetWaasPolicyWafConfigJsChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged Boolean
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings GetPolicyWafConfigJsChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    criterias List<GetPolicyWafConfigJsChallengeCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold Integer
    The number of failed requests before taking action. If unspecified, defaults to 10.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeader GetPolicyWafConfigJsChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged boolean
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings GetWaasPolicyWafConfigJsChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    criterias GetWaasPolicyWafConfigJsChallengeCriteria[]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeader GetWaasPolicyWafConfigJsChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    are_redirects_challenged bool
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challenge_settings waas.GetWaasPolicyWafConfigJsChallengeChallengeSettings
    The challenge settings if action is set to BLOCK.
    criterias Sequence[waas.GetWaasPolicyWafConfigJsChallengeCriteria]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failure_threshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    is_nat_enabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    set_http_header waas.GetWaasPolicyWafConfigJsChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged Boolean
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings Property Map
    The challenge settings if action is set to BLOCK.
    criterias List<Property Map>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold Number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeader Property Map
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

    GetWaasPolicyWafConfigJsChallengeChallengeSettings

    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    GetWaasPolicyWafConfigJsChallengeCriteria

    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.
    condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value string
    The value of the header.
    condition str
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    is_case_sensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    value str
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.

    GetWaasPolicyWafConfigJsChallengeSetHttpHeader

    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.
    name string
    The unique name of the whitelist.
    value string
    The value of the header.
    name str
    The unique name of the whitelist.
    value str
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.

    GetWaasPolicyWafConfigProtectionSettings

    AllowedHttpMethods List<string>
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsResponseInspected bool
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    MaxArgumentCount int
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    MaxNameLengthPerArgument int
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    MaxResponseSizeInKiB int
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    MaxTotalNameLengthOfArguments int
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    MediaTypes List<string>
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    RecommendationsPeriodInDays int
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    AllowedHttpMethods []string
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsResponseInspected bool
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    MaxArgumentCount int
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    MaxNameLengthPerArgument int
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    MaxResponseSizeInKiB int
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    MaxTotalNameLengthOfArguments int
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    MediaTypes []string
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    RecommendationsPeriodInDays int
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowedHttpMethods List<String>
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected Boolean
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    maxArgumentCount Integer
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument Integer
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB Integer
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments Integer
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes List<String>
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendationsPeriodInDays Integer
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowedHttpMethods string[]
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected boolean
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    maxArgumentCount number
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument number
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB number
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments number
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes string[]
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendationsPeriodInDays number
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowed_http_methods Sequence[str]
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    is_response_inspected bool
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    max_argument_count int
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    max_name_length_per_argument int
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    max_response_size_in_ki_b int
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    max_total_name_length_of_arguments int
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    media_types Sequence[str]
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendations_period_in_days int
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowedHttpMethods List<String>
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected Boolean
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    maxArgumentCount Number
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument Number
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB Number
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments Number
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes List<String>
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendationsPeriodInDays Number
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    GetWaasPolicyWafConfigWhitelist

    AddressLists List<string>
    A list of OCID of IP address lists to include in the whitelist.
    Addresses List<string>
    A set of IP addresses or CIDR notations to include in the whitelist.
    Name string
    The unique name of the whitelist.
    AddressLists []string
    A list of OCID of IP address lists to include in the whitelist.
    Addresses []string
    A set of IP addresses or CIDR notations to include in the whitelist.
    Name string
    The unique name of the whitelist.
    addressLists List<String>
    A list of OCID of IP address lists to include in the whitelist.
    addresses List<String>
    A set of IP addresses or CIDR notations to include in the whitelist.
    name String
    The unique name of the whitelist.
    addressLists string[]
    A list of OCID of IP address lists to include in the whitelist.
    addresses string[]
    A set of IP addresses or CIDR notations to include in the whitelist.
    name string
    The unique name of the whitelist.
    address_lists Sequence[str]
    A list of OCID of IP address lists to include in the whitelist.
    addresses Sequence[str]
    A set of IP addresses or CIDR notations to include in the whitelist.
    name str
    The unique name of the whitelist.
    addressLists List<String>
    A list of OCID of IP address lists to include in the whitelist.
    addresses List<String>
    A set of IP addresses or CIDR notations to include in the whitelist.
    name String
    The unique name of the whitelist.

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi