1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Waas
  5. Policy
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

oci.Waas.Policy

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

    This resource provides the Waas Policy resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.

    Creates a new Web Application Acceleration and Security (WAAS) policy in the specified compartment. A WAAS policy must be established before creating Web Application Firewall (WAF) rules. To use WAF rules, your web application’s origin servers must defined in the WaasPolicy schema.

    A domain name must be specified when creating a WAAS policy. The domain name should be different from the origins specified in your WaasPolicy. Once domain name is entered and stored, it is unchangeable.

    Use the record data returned in the cname field of the WaasPolicy object to create a CNAME record in your DNS configuration that will direct your domain’s traffic through the WAF.

    For the purposes of access control, you must provide the OCID of the compartment where you want the service to reside. For information about access control and compartments, see Overview of the IAM Service.

    You must specify a display name and domain for the WAAS policy. The display name does not have to be unique and can be changed. The domain name should be different from every origin specified in WaasPolicy.

    All Oracle Cloud Infrastructure resources, including WAAS policies, receive a unique, Oracle-assigned ID called an Oracle Cloud Identifier (OCID). When a resource is created, you can find its OCID in the response. You can also retrieve a resource’s OCID by using a list API operation for that resource type, or by viewing the resource in the Console. Fore more information, see Resource Identifiers.

    Note: After sending the POST request, the new object’s state will temporarily be CREATING. Ensure that the resource’s state has changed to ACTIVE before use.

    Example Usage

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.Waas.Policy;
    import com.pulumi.oci.Waas.PolicyArgs;
    import com.pulumi.oci.Waas.inputs.PolicyOriginGroupArgs;
    import com.pulumi.oci.Waas.inputs.PolicyOriginArgs;
    import com.pulumi.oci.Waas.inputs.PolicyPolicyConfigArgs;
    import com.pulumi.oci.Waas.inputs.PolicyPolicyConfigHealthChecksArgs;
    import com.pulumi.oci.Waas.inputs.PolicyPolicyConfigLoadBalancingMethodArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigAddressRateLimitingArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigDeviceFingerprintChallengeArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigHumanInteractionChallengeArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigJsChallengeArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigJsChallengeChallengeSettingsArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigJsChallengeSetHttpHeaderArgs;
    import com.pulumi.oci.Waas.inputs.PolicyWafConfigProtectionSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testWaasPolicy = new Policy("testWaasPolicy", PolicyArgs.builder()
                .compartmentId(compartmentId)
                .domain(waasPolicyDomain)
                .additionalDomains(waasPolicyAdditionalDomains)
                .definedTags(Map.of("Operations.CostCenter", "42"))
                .displayName(waasPolicyDisplayName)
                .freeformTags(Map.of("Department", "Finance"))
                .originGroups(PolicyOriginGroupArgs.builder()
                    .origins(waasPolicyOriginGroupsOrigins)
                    .build())
                .origins(PolicyOriginArgs.builder()
                    .uri(waasPolicyOriginsUri)
                    .customHeaders(PolicyOriginCustomHeaderArgs.builder()
                        .name(waasPolicyOriginsCustomHeadersName)
                        .value(waasPolicyOriginsCustomHeadersValue)
                        .build())
                    .httpPort(waasPolicyOriginsHttpPort)
                    .httpsPort(waasPolicyOriginsHttpsPort)
                    .build())
                .policyConfig(PolicyPolicyConfigArgs.builder()
                    .certificateId(testCertificate.id())
                    .cipherGroup(waasPolicyPolicyConfigCipherGroup)
                    .clientAddressHeader(waasPolicyPolicyConfigClientAddressHeader)
                    .healthChecks(PolicyPolicyConfigHealthChecksArgs.builder()
                        .expectedResponseCodeGroups(waasPolicyPolicyConfigHealthChecksExpectedResponseCodeGroup)
                        .expectedResponseText(waasPolicyPolicyConfigHealthChecksExpectedResponseText)
                        .headers(waasPolicyPolicyConfigHealthChecksHeaders)
                        .healthyThreshold(waasPolicyPolicyConfigHealthChecksHealthyThreshold)
                        .intervalInSeconds(waasPolicyPolicyConfigHealthChecksIntervalInSeconds)
                        .isEnabled(waasPolicyPolicyConfigHealthChecksIsEnabled)
                        .isResponseTextCheckEnabled(waasPolicyPolicyConfigHealthChecksIsResponseTextCheckEnabled)
                        .method(waasPolicyPolicyConfigHealthChecksMethod)
                        .path(waasPolicyPolicyConfigHealthChecksPath)
                        .timeoutInSeconds(waasPolicyPolicyConfigHealthChecksTimeoutInSeconds)
                        .unhealthyThreshold(waasPolicyPolicyConfigHealthChecksUnhealthyThreshold)
                        .build())
                    .isBehindCdn(waasPolicyPolicyConfigIsBehindCdn)
                    .isCacheControlRespected(waasPolicyPolicyConfigIsCacheControlRespected)
                    .isHttpsEnabled(waasPolicyPolicyConfigIsHttpsEnabled)
                    .isHttpsForced(waasPolicyPolicyConfigIsHttpsForced)
                    .isOriginCompressionEnabled(waasPolicyPolicyConfigIsOriginCompressionEnabled)
                    .isResponseBufferingEnabled(waasPolicyPolicyConfigIsResponseBufferingEnabled)
                    .isSniEnabled(waasPolicyPolicyConfigIsSniEnabled)
                    .loadBalancingMethod(PolicyPolicyConfigLoadBalancingMethodArgs.builder()
                        .method(waasPolicyPolicyConfigLoadBalancingMethodMethod)
                        .domain(waasPolicyPolicyConfigLoadBalancingMethodDomain)
                        .expirationTimeInSeconds(waasPolicyPolicyConfigLoadBalancingMethodExpirationTimeInSeconds)
                        .name(waasPolicyPolicyConfigLoadBalancingMethodName)
                        .build())
                    .tlsProtocols(waasPolicyPolicyConfigTlsProtocols)
                    .websocketPathPrefixes(waasPolicyPolicyConfigWebsocketPathPrefixes)
                    .build())
                .wafConfig(PolicyWafConfigArgs.builder()
                    .accessRules(PolicyWafConfigAccessRuleArgs.builder()
                        .action(waasPolicyWafConfigAccessRulesAction)
                        .criterias(PolicyWafConfigAccessRuleCriteriaArgs.builder()
                            .condition(waasPolicyWafConfigAccessRulesCriteriaCondition)
                            .value(waasPolicyWafConfigAccessRulesCriteriaValue)
                            .isCaseSensitive(waasPolicyWafConfigAccessRulesCriteriaIsCaseSensitive)
                            .build())
                        .name(waasPolicyWafConfigAccessRulesName)
                        .blockAction(waasPolicyWafConfigAccessRulesBlockAction)
                        .blockErrorPageCode(waasPolicyWafConfigAccessRulesBlockErrorPageCode)
                        .blockErrorPageDescription(waasPolicyWafConfigAccessRulesBlockErrorPageDescription)
                        .blockErrorPageMessage(waasPolicyWafConfigAccessRulesBlockErrorPageMessage)
                        .blockResponseCode(waasPolicyWafConfigAccessRulesBlockResponseCode)
                        .bypassChallenges(waasPolicyWafConfigAccessRulesBypassChallenges)
                        .captchaFooter(waasPolicyWafConfigAccessRulesCaptchaFooter)
                        .captchaHeader(waasPolicyWafConfigAccessRulesCaptchaHeader)
                        .captchaSubmitLabel(waasPolicyWafConfigAccessRulesCaptchaSubmitLabel)
                        .captchaTitle(waasPolicyWafConfigAccessRulesCaptchaTitle)
                        .redirectResponseCode(waasPolicyWafConfigAccessRulesRedirectResponseCode)
                        .redirectUrl(waasPolicyWafConfigAccessRulesRedirectUrl)
                        .responseHeaderManipulations(PolicyWafConfigAccessRuleResponseHeaderManipulationArgs.builder()
                            .action(waasPolicyWafConfigAccessRulesResponseHeaderManipulationAction)
                            .header(waasPolicyWafConfigAccessRulesResponseHeaderManipulationHeader)
                            .value(waasPolicyWafConfigAccessRulesResponseHeaderManipulationValue)
                            .build())
                        .build())
                    .addressRateLimiting(PolicyWafConfigAddressRateLimitingArgs.builder()
                        .isEnabled(waasPolicyWafConfigAddressRateLimitingIsEnabled)
                        .allowedRatePerAddress(waasPolicyWafConfigAddressRateLimitingAllowedRatePerAddress)
                        .blockResponseCode(waasPolicyWafConfigAddressRateLimitingBlockResponseCode)
                        .maxDelayedCountPerAddress(waasPolicyWafConfigAddressRateLimitingMaxDelayedCountPerAddress)
                        .build())
                    .cachingRules(PolicyWafConfigCachingRuleArgs.builder()
                        .action(waasPolicyWafConfigCachingRulesAction)
                        .criterias(PolicyWafConfigCachingRuleCriteriaArgs.builder()
                            .condition(waasPolicyWafConfigCachingRulesCriteriaCondition)
                            .value(waasPolicyWafConfigCachingRulesCriteriaValue)
                            .build())
                        .name(waasPolicyWafConfigCachingRulesName)
                        .cachingDuration(waasPolicyWafConfigCachingRulesCachingDuration)
                        .clientCachingDuration(waasPolicyWafConfigCachingRulesClientCachingDuration)
                        .isClientCachingEnabled(waasPolicyWafConfigCachingRulesIsClientCachingEnabled)
                        .key(waasPolicyWafConfigCachingRulesKey)
                        .build())
                    .captchas(PolicyWafConfigCaptchaArgs.builder()
                        .failureMessage(waasPolicyWafConfigCaptchasFailureMessage)
                        .sessionExpirationInSeconds(waasPolicyWafConfigCaptchasSessionExpirationInSeconds)
                        .submitLabel(waasPolicyWafConfigCaptchasSubmitLabel)
                        .title(waasPolicyWafConfigCaptchasTitle)
                        .url(waasPolicyWafConfigCaptchasUrl)
                        .footerText(waasPolicyWafConfigCaptchasFooterText)
                        .headerText(waasPolicyWafConfigCaptchasHeaderText)
                        .build())
                    .customProtectionRules(PolicyWafConfigCustomProtectionRuleArgs.builder()
                        .action(waasPolicyWafConfigCustomProtectionRulesAction)
                        .exclusions(PolicyWafConfigCustomProtectionRuleExclusionArgs.builder()
                            .exclusions(waasPolicyWafConfigCustomProtectionRulesExclusionsExclusions)
                            .target(waasPolicyWafConfigCustomProtectionRulesExclusionsTarget)
                            .build())
                        .id(waasPolicyWafConfigCustomProtectionRulesId)
                        .build())
                    .deviceFingerprintChallenge(PolicyWafConfigDeviceFingerprintChallengeArgs.builder()
                        .isEnabled(waasPolicyWafConfigDeviceFingerprintChallengeIsEnabled)
                        .action(waasPolicyWafConfigDeviceFingerprintChallengeAction)
                        .actionExpirationInSeconds(waasPolicyWafConfigDeviceFingerprintChallengeActionExpirationInSeconds)
                        .challengeSettings(PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs.builder()
                            .blockAction(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockAction)
                            .blockErrorPageCode(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageCode)
                            .blockErrorPageDescription(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageDescription)
                            .blockErrorPageMessage(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageMessage)
                            .blockResponseCode(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockResponseCode)
                            .captchaFooter(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaFooter)
                            .captchaHeader(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaHeader)
                            .captchaSubmitLabel(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaSubmitLabel)
                            .captchaTitle(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaTitle)
                            .build())
                        .failureThreshold(waasPolicyWafConfigDeviceFingerprintChallengeFailureThreshold)
                        .failureThresholdExpirationInSeconds(waasPolicyWafConfigDeviceFingerprintChallengeFailureThresholdExpirationInSeconds)
                        .maxAddressCount(waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCount)
                        .maxAddressCountExpirationInSeconds(waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCountExpirationInSeconds)
                        .build())
                    .humanInteractionChallenge(PolicyWafConfigHumanInteractionChallengeArgs.builder()
                        .isEnabled(waasPolicyWafConfigHumanInteractionChallengeIsEnabled)
                        .action(waasPolicyWafConfigHumanInteractionChallengeAction)
                        .actionExpirationInSeconds(waasPolicyWafConfigHumanInteractionChallengeActionExpirationInSeconds)
                        .challengeSettings(PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs.builder()
                            .blockAction(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockAction)
                            .blockErrorPageCode(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageCode)
                            .blockErrorPageDescription(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageDescription)
                            .blockErrorPageMessage(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageMessage)
                            .blockResponseCode(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockResponseCode)
                            .captchaFooter(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaFooter)
                            .captchaHeader(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaHeader)
                            .captchaSubmitLabel(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaSubmitLabel)
                            .captchaTitle(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaTitle)
                            .build())
                        .failureThreshold(waasPolicyWafConfigHumanInteractionChallengeFailureThreshold)
                        .failureThresholdExpirationInSeconds(waasPolicyWafConfigHumanInteractionChallengeFailureThresholdExpirationInSeconds)
                        .interactionThreshold(waasPolicyWafConfigHumanInteractionChallengeInteractionThreshold)
                        .isNatEnabled(waasPolicyWafConfigHumanInteractionChallengeIsNatEnabled)
                        .recordingPeriodInSeconds(waasPolicyWafConfigHumanInteractionChallengeRecordingPeriodInSeconds)
                        .setHttpHeader(PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs.builder()
                            .name(waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderName)
                            .value(waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderValue)
                            .build())
                        .build())
                    .jsChallenge(PolicyWafConfigJsChallengeArgs.builder()
                        .isEnabled(waasPolicyWafConfigJsChallengeIsEnabled)
                        .action(waasPolicyWafConfigJsChallengeAction)
                        .actionExpirationInSeconds(waasPolicyWafConfigJsChallengeActionExpirationInSeconds)
                        .areRedirectsChallenged(waasPolicyWafConfigJsChallengeAreRedirectsChallenged)
                        .challengeSettings(PolicyWafConfigJsChallengeChallengeSettingsArgs.builder()
                            .blockAction(waasPolicyWafConfigJsChallengeChallengeSettingsBlockAction)
                            .blockErrorPageCode(waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageCode)
                            .blockErrorPageDescription(waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageDescription)
                            .blockErrorPageMessage(waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageMessage)
                            .blockResponseCode(waasPolicyWafConfigJsChallengeChallengeSettingsBlockResponseCode)
                            .captchaFooter(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaFooter)
                            .captchaHeader(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaHeader)
                            .captchaSubmitLabel(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaSubmitLabel)
                            .captchaTitle(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaTitle)
                            .build())
                        .criterias(PolicyWafConfigJsChallengeCriteriaArgs.builder()
                            .condition(waasPolicyWafConfigJsChallengeCriteriaCondition)
                            .value(waasPolicyWafConfigJsChallengeCriteriaValue)
                            .isCaseSensitive(waasPolicyWafConfigJsChallengeCriteriaIsCaseSensitive)
                            .build())
                        .failureThreshold(waasPolicyWafConfigJsChallengeFailureThreshold)
                        .isNatEnabled(waasPolicyWafConfigJsChallengeIsNatEnabled)
                        .setHttpHeader(PolicyWafConfigJsChallengeSetHttpHeaderArgs.builder()
                            .name(waasPolicyWafConfigJsChallengeSetHttpHeaderName)
                            .value(waasPolicyWafConfigJsChallengeSetHttpHeaderValue)
                            .build())
                        .build())
                    .origin(waasPolicyWafConfigOrigin)
                    .originGroups(waasPolicyWafConfigOriginGroups)
                    .protectionSettings(PolicyWafConfigProtectionSettingsArgs.builder()
                        .allowedHttpMethods(waasPolicyWafConfigProtectionSettingsAllowedHttpMethods)
                        .blockAction(waasPolicyWafConfigProtectionSettingsBlockAction)
                        .blockErrorPageCode(waasPolicyWafConfigProtectionSettingsBlockErrorPageCode)
                        .blockErrorPageDescription(waasPolicyWafConfigProtectionSettingsBlockErrorPageDescription)
                        .blockErrorPageMessage(waasPolicyWafConfigProtectionSettingsBlockErrorPageMessage)
                        .blockResponseCode(waasPolicyWafConfigProtectionSettingsBlockResponseCode)
                        .isResponseInspected(waasPolicyWafConfigProtectionSettingsIsResponseInspected)
                        .maxArgumentCount(waasPolicyWafConfigProtectionSettingsMaxArgumentCount)
                        .maxNameLengthPerArgument(waasPolicyWafConfigProtectionSettingsMaxNameLengthPerArgument)
                        .maxResponseSizeInKiB(waasPolicyWafConfigProtectionSettingsMaxResponseSizeInKiB)
                        .maxTotalNameLengthOfArguments(waasPolicyWafConfigProtectionSettingsMaxTotalNameLengthOfArguments)
                        .mediaTypes(waasPolicyWafConfigProtectionSettingsMediaTypes)
                        .recommendationsPeriodInDays(waasPolicyWafConfigProtectionSettingsRecommendationsPeriodInDays)
                        .build())
                    .whitelists(PolicyWafConfigWhitelistArgs.builder()
                        .name(waasPolicyWafConfigWhitelistsName)
                        .addressLists(waasPolicyWafConfigWhitelistsAddressLists)
                        .addresses(waasPolicyWafConfigWhitelistsAddresses)
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      testWaasPolicy:
        type: oci:Waas:Policy
        name: test_waas_policy
        properties:
          compartmentId: ${compartmentId}
          domain: ${waasPolicyDomain}
          additionalDomains: ${waasPolicyAdditionalDomains}
          definedTags:
            Operations.CostCenter: '42'
          displayName: ${waasPolicyDisplayName}
          freeformTags:
            Department: Finance
          originGroups:
            - origins: ${waasPolicyOriginGroupsOrigins}
          origins:
            - uri: ${waasPolicyOriginsUri}
              customHeaders:
                - name: ${waasPolicyOriginsCustomHeadersName}
                  value: ${waasPolicyOriginsCustomHeadersValue}
              httpPort: ${waasPolicyOriginsHttpPort}
              httpsPort: ${waasPolicyOriginsHttpsPort}
          policyConfig:
            certificateId: ${testCertificate.id}
            cipherGroup: ${waasPolicyPolicyConfigCipherGroup}
            clientAddressHeader: ${waasPolicyPolicyConfigClientAddressHeader}
            healthChecks:
              expectedResponseCodeGroups: ${waasPolicyPolicyConfigHealthChecksExpectedResponseCodeGroup}
              expectedResponseText: ${waasPolicyPolicyConfigHealthChecksExpectedResponseText}
              headers: ${waasPolicyPolicyConfigHealthChecksHeaders}
              healthyThreshold: ${waasPolicyPolicyConfigHealthChecksHealthyThreshold}
              intervalInSeconds: ${waasPolicyPolicyConfigHealthChecksIntervalInSeconds}
              isEnabled: ${waasPolicyPolicyConfigHealthChecksIsEnabled}
              isResponseTextCheckEnabled: ${waasPolicyPolicyConfigHealthChecksIsResponseTextCheckEnabled}
              method: ${waasPolicyPolicyConfigHealthChecksMethod}
              path: ${waasPolicyPolicyConfigHealthChecksPath}
              timeoutInSeconds: ${waasPolicyPolicyConfigHealthChecksTimeoutInSeconds}
              unhealthyThreshold: ${waasPolicyPolicyConfigHealthChecksUnhealthyThreshold}
            isBehindCdn: ${waasPolicyPolicyConfigIsBehindCdn}
            isCacheControlRespected: ${waasPolicyPolicyConfigIsCacheControlRespected}
            isHttpsEnabled: ${waasPolicyPolicyConfigIsHttpsEnabled}
            isHttpsForced: ${waasPolicyPolicyConfigIsHttpsForced}
            isOriginCompressionEnabled: ${waasPolicyPolicyConfigIsOriginCompressionEnabled}
            isResponseBufferingEnabled: ${waasPolicyPolicyConfigIsResponseBufferingEnabled}
            isSniEnabled: ${waasPolicyPolicyConfigIsSniEnabled}
            loadBalancingMethod:
              method: ${waasPolicyPolicyConfigLoadBalancingMethodMethod}
              domain: ${waasPolicyPolicyConfigLoadBalancingMethodDomain}
              expirationTimeInSeconds: ${waasPolicyPolicyConfigLoadBalancingMethodExpirationTimeInSeconds}
              name: ${waasPolicyPolicyConfigLoadBalancingMethodName}
            tlsProtocols: ${waasPolicyPolicyConfigTlsProtocols}
            websocketPathPrefixes: ${waasPolicyPolicyConfigWebsocketPathPrefixes}
          wafConfig:
            accessRules:
              - action: ${waasPolicyWafConfigAccessRulesAction}
                criterias:
                  - condition: ${waasPolicyWafConfigAccessRulesCriteriaCondition}
                    value: ${waasPolicyWafConfigAccessRulesCriteriaValue}
                    isCaseSensitive: ${waasPolicyWafConfigAccessRulesCriteriaIsCaseSensitive}
                name: ${waasPolicyWafConfigAccessRulesName}
                blockAction: ${waasPolicyWafConfigAccessRulesBlockAction}
                blockErrorPageCode: ${waasPolicyWafConfigAccessRulesBlockErrorPageCode}
                blockErrorPageDescription: ${waasPolicyWafConfigAccessRulesBlockErrorPageDescription}
                blockErrorPageMessage: ${waasPolicyWafConfigAccessRulesBlockErrorPageMessage}
                blockResponseCode: ${waasPolicyWafConfigAccessRulesBlockResponseCode}
                bypassChallenges: ${waasPolicyWafConfigAccessRulesBypassChallenges}
                captchaFooter: ${waasPolicyWafConfigAccessRulesCaptchaFooter}
                captchaHeader: ${waasPolicyWafConfigAccessRulesCaptchaHeader}
                captchaSubmitLabel: ${waasPolicyWafConfigAccessRulesCaptchaSubmitLabel}
                captchaTitle: ${waasPolicyWafConfigAccessRulesCaptchaTitle}
                redirectResponseCode: ${waasPolicyWafConfigAccessRulesRedirectResponseCode}
                redirectUrl: ${waasPolicyWafConfigAccessRulesRedirectUrl}
                responseHeaderManipulations:
                  - action: ${waasPolicyWafConfigAccessRulesResponseHeaderManipulationAction}
                    header: ${waasPolicyWafConfigAccessRulesResponseHeaderManipulationHeader}
                    value: ${waasPolicyWafConfigAccessRulesResponseHeaderManipulationValue}
            addressRateLimiting:
              isEnabled: ${waasPolicyWafConfigAddressRateLimitingIsEnabled}
              allowedRatePerAddress: ${waasPolicyWafConfigAddressRateLimitingAllowedRatePerAddress}
              blockResponseCode: ${waasPolicyWafConfigAddressRateLimitingBlockResponseCode}
              maxDelayedCountPerAddress: ${waasPolicyWafConfigAddressRateLimitingMaxDelayedCountPerAddress}
            cachingRules:
              - action: ${waasPolicyWafConfigCachingRulesAction}
                criterias:
                  - condition: ${waasPolicyWafConfigCachingRulesCriteriaCondition}
                    value: ${waasPolicyWafConfigCachingRulesCriteriaValue}
                name: ${waasPolicyWafConfigCachingRulesName}
                cachingDuration: ${waasPolicyWafConfigCachingRulesCachingDuration}
                clientCachingDuration: ${waasPolicyWafConfigCachingRulesClientCachingDuration}
                isClientCachingEnabled: ${waasPolicyWafConfigCachingRulesIsClientCachingEnabled}
                key: ${waasPolicyWafConfigCachingRulesKey}
            captchas:
              - failureMessage: ${waasPolicyWafConfigCaptchasFailureMessage}
                sessionExpirationInSeconds: ${waasPolicyWafConfigCaptchasSessionExpirationInSeconds}
                submitLabel: ${waasPolicyWafConfigCaptchasSubmitLabel}
                title: ${waasPolicyWafConfigCaptchasTitle}
                url: ${waasPolicyWafConfigCaptchasUrl}
                footerText: ${waasPolicyWafConfigCaptchasFooterText}
                headerText: ${waasPolicyWafConfigCaptchasHeaderText}
            customProtectionRules:
              - action: ${waasPolicyWafConfigCustomProtectionRulesAction}
                exclusions:
                  - exclusions: ${waasPolicyWafConfigCustomProtectionRulesExclusionsExclusions}
                    target: ${waasPolicyWafConfigCustomProtectionRulesExclusionsTarget}
                id: ${waasPolicyWafConfigCustomProtectionRulesId}
            deviceFingerprintChallenge:
              isEnabled: ${waasPolicyWafConfigDeviceFingerprintChallengeIsEnabled}
              action: ${waasPolicyWafConfigDeviceFingerprintChallengeAction}
              actionExpirationInSeconds: ${waasPolicyWafConfigDeviceFingerprintChallengeActionExpirationInSeconds}
              challengeSettings:
                blockAction: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockAction}
                blockErrorPageCode: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageCode}
                blockErrorPageDescription: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageDescription}
                blockErrorPageMessage: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageMessage}
                blockResponseCode: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockResponseCode}
                captchaFooter: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaFooter}
                captchaHeader: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaHeader}
                captchaSubmitLabel: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaSubmitLabel}
                captchaTitle: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaTitle}
              failureThreshold: ${waasPolicyWafConfigDeviceFingerprintChallengeFailureThreshold}
              failureThresholdExpirationInSeconds: ${waasPolicyWafConfigDeviceFingerprintChallengeFailureThresholdExpirationInSeconds}
              maxAddressCount: ${waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCount}
              maxAddressCountExpirationInSeconds: ${waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCountExpirationInSeconds}
            humanInteractionChallenge:
              isEnabled: ${waasPolicyWafConfigHumanInteractionChallengeIsEnabled}
              action: ${waasPolicyWafConfigHumanInteractionChallengeAction}
              actionExpirationInSeconds: ${waasPolicyWafConfigHumanInteractionChallengeActionExpirationInSeconds}
              challengeSettings:
                blockAction: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockAction}
                blockErrorPageCode: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageCode}
                blockErrorPageDescription: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageDescription}
                blockErrorPageMessage: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageMessage}
                blockResponseCode: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockResponseCode}
                captchaFooter: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaFooter}
                captchaHeader: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaHeader}
                captchaSubmitLabel: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaSubmitLabel}
                captchaTitle: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaTitle}
              failureThreshold: ${waasPolicyWafConfigHumanInteractionChallengeFailureThreshold}
              failureThresholdExpirationInSeconds: ${waasPolicyWafConfigHumanInteractionChallengeFailureThresholdExpirationInSeconds}
              interactionThreshold: ${waasPolicyWafConfigHumanInteractionChallengeInteractionThreshold}
              isNatEnabled: ${waasPolicyWafConfigHumanInteractionChallengeIsNatEnabled}
              recordingPeriodInSeconds: ${waasPolicyWafConfigHumanInteractionChallengeRecordingPeriodInSeconds}
              setHttpHeader:
                name: ${waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderName}
                value: ${waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderValue}
            jsChallenge:
              isEnabled: ${waasPolicyWafConfigJsChallengeIsEnabled}
              action: ${waasPolicyWafConfigJsChallengeAction}
              actionExpirationInSeconds: ${waasPolicyWafConfigJsChallengeActionExpirationInSeconds}
              areRedirectsChallenged: ${waasPolicyWafConfigJsChallengeAreRedirectsChallenged}
              challengeSettings:
                blockAction: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockAction}
                blockErrorPageCode: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageCode}
                blockErrorPageDescription: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageDescription}
                blockErrorPageMessage: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageMessage}
                blockResponseCode: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockResponseCode}
                captchaFooter: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaFooter}
                captchaHeader: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaHeader}
                captchaSubmitLabel: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaSubmitLabel}
                captchaTitle: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaTitle}
              criterias:
                - condition: ${waasPolicyWafConfigJsChallengeCriteriaCondition}
                  value: ${waasPolicyWafConfigJsChallengeCriteriaValue}
                  isCaseSensitive: ${waasPolicyWafConfigJsChallengeCriteriaIsCaseSensitive}
              failureThreshold: ${waasPolicyWafConfigJsChallengeFailureThreshold}
              isNatEnabled: ${waasPolicyWafConfigJsChallengeIsNatEnabled}
              setHttpHeader:
                name: ${waasPolicyWafConfigJsChallengeSetHttpHeaderName}
                value: ${waasPolicyWafConfigJsChallengeSetHttpHeaderValue}
            origin: ${waasPolicyWafConfigOrigin}
            originGroups: ${waasPolicyWafConfigOriginGroups}
            protectionSettings:
              allowedHttpMethods: ${waasPolicyWafConfigProtectionSettingsAllowedHttpMethods}
              blockAction: ${waasPolicyWafConfigProtectionSettingsBlockAction}
              blockErrorPageCode: ${waasPolicyWafConfigProtectionSettingsBlockErrorPageCode}
              blockErrorPageDescription: ${waasPolicyWafConfigProtectionSettingsBlockErrorPageDescription}
              blockErrorPageMessage: ${waasPolicyWafConfigProtectionSettingsBlockErrorPageMessage}
              blockResponseCode: ${waasPolicyWafConfigProtectionSettingsBlockResponseCode}
              isResponseInspected: ${waasPolicyWafConfigProtectionSettingsIsResponseInspected}
              maxArgumentCount: ${waasPolicyWafConfigProtectionSettingsMaxArgumentCount}
              maxNameLengthPerArgument: ${waasPolicyWafConfigProtectionSettingsMaxNameLengthPerArgument}
              maxResponseSizeInKiB: ${waasPolicyWafConfigProtectionSettingsMaxResponseSizeInKiB}
              maxTotalNameLengthOfArguments: ${waasPolicyWafConfigProtectionSettingsMaxTotalNameLengthOfArguments}
              mediaTypes: ${waasPolicyWafConfigProtectionSettingsMediaTypes}
              recommendationsPeriodInDays: ${waasPolicyWafConfigProtectionSettingsRecommendationsPeriodInDays}
            whitelists:
              - name: ${waasPolicyWafConfigWhitelistsName}
                addressLists: ${waasPolicyWafConfigWhitelistsAddressLists}
                addresses: ${waasPolicyWafConfigWhitelistsAddresses}
    

    Create Policy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
    @overload
    def Policy(resource_name: str,
               args: PolicyArgs,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Policy(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               compartment_id: Optional[str] = None,
               domain: Optional[str] = None,
               additional_domains: Optional[Sequence[str]] = None,
               defined_tags: Optional[Mapping[str, str]] = None,
               display_name: Optional[str] = None,
               freeform_tags: Optional[Mapping[str, str]] = None,
               origin_groups: Optional[Sequence[_waas.PolicyOriginGroupArgs]] = None,
               origins: Optional[Sequence[_waas.PolicyOriginArgs]] = None,
               policy_config: Optional[_waas.PolicyPolicyConfigArgs] = None,
               waf_config: Optional[_waas.PolicyWafConfigArgs] = None)
    func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
    public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
    public Policy(String name, PolicyArgs args)
    public Policy(String name, PolicyArgs args, CustomResourceOptions options)
    
    type: oci:Waas:Policy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var ociPolicyResource = new Oci.Waas.Policy("ociPolicyResource", new()
    {
        CompartmentId = "string",
        Domain = "string",
        AdditionalDomains = new[]
        {
            "string",
        },
        DefinedTags = 
        {
            { "string", "string" },
        },
        DisplayName = "string",
        FreeformTags = 
        {
            { "string", "string" },
        },
        OriginGroups = new[]
        {
            new Oci.Waas.Inputs.PolicyOriginGroupArgs
            {
                Label = "string",
                OriginGroups = new[]
                {
                    new Oci.Waas.Inputs.PolicyOriginGroupOriginGroupArgs
                    {
                        Origin = "string",
                        Weight = 0,
                    },
                },
            },
        },
        Origins = new[]
        {
            new Oci.Waas.Inputs.PolicyOriginArgs
            {
                Label = "string",
                Uri = "string",
                CustomHeaders = new[]
                {
                    new Oci.Waas.Inputs.PolicyOriginCustomHeaderArgs
                    {
                        Name = "string",
                        Value = "string",
                    },
                },
                HttpPort = 0,
                HttpsPort = 0,
            },
        },
        PolicyConfig = new Oci.Waas.Inputs.PolicyPolicyConfigArgs
        {
            CertificateId = "string",
            CipherGroup = "string",
            ClientAddressHeader = "string",
            HealthChecks = new Oci.Waas.Inputs.PolicyPolicyConfigHealthChecksArgs
            {
                ExpectedResponseCodeGroups = new[]
                {
                    "string",
                },
                ExpectedResponseText = "string",
                Headers = 
                {
                    { "string", "string" },
                },
                HealthyThreshold = 0,
                IntervalInSeconds = 0,
                IsEnabled = false,
                IsResponseTextCheckEnabled = false,
                Method = "string",
                Path = "string",
                TimeoutInSeconds = 0,
                UnhealthyThreshold = 0,
            },
            IsBehindCdn = false,
            IsCacheControlRespected = false,
            IsHttpsEnabled = false,
            IsHttpsForced = false,
            IsOriginCompressionEnabled = false,
            IsResponseBufferingEnabled = false,
            IsSniEnabled = false,
            LoadBalancingMethod = new Oci.Waas.Inputs.PolicyPolicyConfigLoadBalancingMethodArgs
            {
                Method = "string",
                Domain = "string",
                ExpirationTimeInSeconds = 0,
                Name = "string",
            },
            TlsProtocols = new[]
            {
                "string",
            },
            WebsocketPathPrefixes = new[]
            {
                "string",
            },
        },
        WafConfig = new Oci.Waas.Inputs.PolicyWafConfigArgs
        {
            AccessRules = new[]
            {
                new Oci.Waas.Inputs.PolicyWafConfigAccessRuleArgs
                {
                    Action = "string",
                    Name = "string",
                    Criterias = new[]
                    {
                        new Oci.Waas.Inputs.PolicyWafConfigAccessRuleCriteriaArgs
                        {
                            Condition = "string",
                            Value = "string",
                            IsCaseSensitive = false,
                        },
                    },
                    BlockErrorPageMessage = "string",
                    BlockErrorPageDescription = "string",
                    BlockResponseCode = 0,
                    BypassChallenges = new[]
                    {
                        "string",
                    },
                    CaptchaFooter = "string",
                    CaptchaHeader = "string",
                    CaptchaSubmitLabel = "string",
                    CaptchaTitle = "string",
                    BlockErrorPageCode = "string",
                    BlockAction = "string",
                    RedirectResponseCode = "string",
                    RedirectUrl = "string",
                    ResponseHeaderManipulations = new[]
                    {
                        new Oci.Waas.Inputs.PolicyWafConfigAccessRuleResponseHeaderManipulationArgs
                        {
                            Action = "string",
                            Header = "string",
                            Value = "string",
                        },
                    },
                },
            },
            AddressRateLimiting = new Oci.Waas.Inputs.PolicyWafConfigAddressRateLimitingArgs
            {
                IsEnabled = false,
                AllowedRatePerAddress = 0,
                BlockResponseCode = 0,
                MaxDelayedCountPerAddress = 0,
            },
            CachingRules = new[]
            {
                new Oci.Waas.Inputs.PolicyWafConfigCachingRuleArgs
                {
                    Action = "string",
                    Criterias = new[]
                    {
                        new Oci.Waas.Inputs.PolicyWafConfigCachingRuleCriteriaArgs
                        {
                            Condition = "string",
                            Value = "string",
                        },
                    },
                    Name = "string",
                    CachingDuration = "string",
                    ClientCachingDuration = "string",
                    IsClientCachingEnabled = false,
                    Key = "string",
                },
            },
            Captchas = new[]
            {
                new Oci.Waas.Inputs.PolicyWafConfigCaptchaArgs
                {
                    FailureMessage = "string",
                    SessionExpirationInSeconds = 0,
                    SubmitLabel = "string",
                    Title = "string",
                    Url = "string",
                    FooterText = "string",
                    HeaderText = "string",
                },
            },
            CustomProtectionRules = new[]
            {
                new Oci.Waas.Inputs.PolicyWafConfigCustomProtectionRuleArgs
                {
                    Action = "string",
                    Exclusions = new[]
                    {
                        new Oci.Waas.Inputs.PolicyWafConfigCustomProtectionRuleExclusionArgs
                        {
                            Exclusions = new[]
                            {
                                "string",
                            },
                            Target = "string",
                        },
                    },
                    Id = "string",
                },
            },
            DeviceFingerprintChallenge = new Oci.Waas.Inputs.PolicyWafConfigDeviceFingerprintChallengeArgs
            {
                IsEnabled = false,
                Action = "string",
                ActionExpirationInSeconds = 0,
                ChallengeSettings = new Oci.Waas.Inputs.PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs
                {
                    BlockAction = "string",
                    BlockErrorPageCode = "string",
                    BlockErrorPageDescription = "string",
                    BlockErrorPageMessage = "string",
                    BlockResponseCode = 0,
                    CaptchaFooter = "string",
                    CaptchaHeader = "string",
                    CaptchaSubmitLabel = "string",
                    CaptchaTitle = "string",
                },
                FailureThreshold = 0,
                FailureThresholdExpirationInSeconds = 0,
                MaxAddressCount = 0,
                MaxAddressCountExpirationInSeconds = 0,
            },
            HumanInteractionChallenge = new Oci.Waas.Inputs.PolicyWafConfigHumanInteractionChallengeArgs
            {
                IsEnabled = false,
                Action = "string",
                ActionExpirationInSeconds = 0,
                ChallengeSettings = new Oci.Waas.Inputs.PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs
                {
                    BlockAction = "string",
                    BlockErrorPageCode = "string",
                    BlockErrorPageDescription = "string",
                    BlockErrorPageMessage = "string",
                    BlockResponseCode = 0,
                    CaptchaFooter = "string",
                    CaptchaHeader = "string",
                    CaptchaSubmitLabel = "string",
                    CaptchaTitle = "string",
                },
                FailureThreshold = 0,
                FailureThresholdExpirationInSeconds = 0,
                InteractionThreshold = 0,
                IsNatEnabled = false,
                RecordingPeriodInSeconds = 0,
                SetHttpHeader = new Oci.Waas.Inputs.PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs
                {
                    Name = "string",
                    Value = "string",
                },
            },
            JsChallenge = new Oci.Waas.Inputs.PolicyWafConfigJsChallengeArgs
            {
                IsEnabled = false,
                Action = "string",
                ActionExpirationInSeconds = 0,
                AreRedirectsChallenged = false,
                ChallengeSettings = new Oci.Waas.Inputs.PolicyWafConfigJsChallengeChallengeSettingsArgs
                {
                    BlockAction = "string",
                    BlockErrorPageCode = "string",
                    BlockErrorPageDescription = "string",
                    BlockErrorPageMessage = "string",
                    BlockResponseCode = 0,
                    CaptchaFooter = "string",
                    CaptchaHeader = "string",
                    CaptchaSubmitLabel = "string",
                    CaptchaTitle = "string",
                },
                Criterias = new[]
                {
                    new Oci.Waas.Inputs.PolicyWafConfigJsChallengeCriteriaArgs
                    {
                        Condition = "string",
                        Value = "string",
                        IsCaseSensitive = false,
                    },
                },
                FailureThreshold = 0,
                IsNatEnabled = false,
                SetHttpHeader = new Oci.Waas.Inputs.PolicyWafConfigJsChallengeSetHttpHeaderArgs
                {
                    Name = "string",
                    Value = "string",
                },
            },
            Origin = "string",
            OriginGroups = new[]
            {
                "string",
            },
            ProtectionSettings = new Oci.Waas.Inputs.PolicyWafConfigProtectionSettingsArgs
            {
                AllowedHttpMethods = new[]
                {
                    "string",
                },
                BlockAction = "string",
                BlockErrorPageCode = "string",
                BlockErrorPageDescription = "string",
                BlockErrorPageMessage = "string",
                BlockResponseCode = 0,
                IsResponseInspected = false,
                MaxArgumentCount = 0,
                MaxNameLengthPerArgument = 0,
                MaxResponseSizeInKiB = 0,
                MaxTotalNameLengthOfArguments = 0,
                MediaTypes = new[]
                {
                    "string",
                },
                RecommendationsPeriodInDays = 0,
            },
            Whitelists = new[]
            {
                new Oci.Waas.Inputs.PolicyWafConfigWhitelistArgs
                {
                    Name = "string",
                    AddressLists = new[]
                    {
                        "string",
                    },
                    Addresses = new[]
                    {
                        "string",
                    },
                },
            },
        },
    });
    
    example, err := Waas.NewPolicy(ctx, "ociPolicyResource", &Waas.PolicyArgs{
    	CompartmentId: pulumi.String("string"),
    	Domain:        pulumi.String("string"),
    	AdditionalDomains: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DefinedTags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	DisplayName: pulumi.String("string"),
    	FreeformTags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	OriginGroups: waas.PolicyOriginGroupArray{
    		&waas.PolicyOriginGroupArgs{
    			Label: pulumi.String("string"),
    			OriginGroups: waas.PolicyOriginGroupOriginGroupArray{
    				&waas.PolicyOriginGroupOriginGroupArgs{
    					Origin: pulumi.String("string"),
    					Weight: pulumi.Int(0),
    				},
    			},
    		},
    	},
    	Origins: waas.PolicyOriginArray{
    		&waas.PolicyOriginArgs{
    			Label: pulumi.String("string"),
    			Uri:   pulumi.String("string"),
    			CustomHeaders: waas.PolicyOriginCustomHeaderArray{
    				&waas.PolicyOriginCustomHeaderArgs{
    					Name:  pulumi.String("string"),
    					Value: pulumi.String("string"),
    				},
    			},
    			HttpPort:  pulumi.Int(0),
    			HttpsPort: pulumi.Int(0),
    		},
    	},
    	PolicyConfig: &waas.PolicyPolicyConfigArgs{
    		CertificateId:       pulumi.String("string"),
    		CipherGroup:         pulumi.String("string"),
    		ClientAddressHeader: pulumi.String("string"),
    		HealthChecks: &waas.PolicyPolicyConfigHealthChecksArgs{
    			ExpectedResponseCodeGroups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ExpectedResponseText: pulumi.String("string"),
    			Headers: pulumi.StringMap{
    				"string": pulumi.String("string"),
    			},
    			HealthyThreshold:           pulumi.Int(0),
    			IntervalInSeconds:          pulumi.Int(0),
    			IsEnabled:                  pulumi.Bool(false),
    			IsResponseTextCheckEnabled: pulumi.Bool(false),
    			Method:                     pulumi.String("string"),
    			Path:                       pulumi.String("string"),
    			TimeoutInSeconds:           pulumi.Int(0),
    			UnhealthyThreshold:         pulumi.Int(0),
    		},
    		IsBehindCdn:                pulumi.Bool(false),
    		IsCacheControlRespected:    pulumi.Bool(false),
    		IsHttpsEnabled:             pulumi.Bool(false),
    		IsHttpsForced:              pulumi.Bool(false),
    		IsOriginCompressionEnabled: pulumi.Bool(false),
    		IsResponseBufferingEnabled: pulumi.Bool(false),
    		IsSniEnabled:               pulumi.Bool(false),
    		LoadBalancingMethod: &waas.PolicyPolicyConfigLoadBalancingMethodArgs{
    			Method:                  pulumi.String("string"),
    			Domain:                  pulumi.String("string"),
    			ExpirationTimeInSeconds: pulumi.Int(0),
    			Name:                    pulumi.String("string"),
    		},
    		TlsProtocols: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		WebsocketPathPrefixes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	WafConfig: &waas.PolicyWafConfigArgs{
    		AccessRules: waas.PolicyWafConfigAccessRuleArray{
    			&waas.PolicyWafConfigAccessRuleArgs{
    				Action: pulumi.String("string"),
    				Name:   pulumi.String("string"),
    				Criterias: waas.PolicyWafConfigAccessRuleCriteriaArray{
    					&waas.PolicyWafConfigAccessRuleCriteriaArgs{
    						Condition:       pulumi.String("string"),
    						Value:           pulumi.String("string"),
    						IsCaseSensitive: pulumi.Bool(false),
    					},
    				},
    				BlockErrorPageMessage:     pulumi.String("string"),
    				BlockErrorPageDescription: pulumi.String("string"),
    				BlockResponseCode:         pulumi.Int(0),
    				BypassChallenges: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				CaptchaFooter:        pulumi.String("string"),
    				CaptchaHeader:        pulumi.String("string"),
    				CaptchaSubmitLabel:   pulumi.String("string"),
    				CaptchaTitle:         pulumi.String("string"),
    				BlockErrorPageCode:   pulumi.String("string"),
    				BlockAction:          pulumi.String("string"),
    				RedirectResponseCode: pulumi.String("string"),
    				RedirectUrl:          pulumi.String("string"),
    				ResponseHeaderManipulations: waas.PolicyWafConfigAccessRuleResponseHeaderManipulationArray{
    					&waas.PolicyWafConfigAccessRuleResponseHeaderManipulationArgs{
    						Action: pulumi.String("string"),
    						Header: pulumi.String("string"),
    						Value:  pulumi.String("string"),
    					},
    				},
    			},
    		},
    		AddressRateLimiting: &waas.PolicyWafConfigAddressRateLimitingArgs{
    			IsEnabled:                 pulumi.Bool(false),
    			AllowedRatePerAddress:     pulumi.Int(0),
    			BlockResponseCode:         pulumi.Int(0),
    			MaxDelayedCountPerAddress: pulumi.Int(0),
    		},
    		CachingRules: waas.PolicyWafConfigCachingRuleArray{
    			&waas.PolicyWafConfigCachingRuleArgs{
    				Action: pulumi.String("string"),
    				Criterias: waas.PolicyWafConfigCachingRuleCriteriaArray{
    					&waas.PolicyWafConfigCachingRuleCriteriaArgs{
    						Condition: pulumi.String("string"),
    						Value:     pulumi.String("string"),
    					},
    				},
    				Name:                   pulumi.String("string"),
    				CachingDuration:        pulumi.String("string"),
    				ClientCachingDuration:  pulumi.String("string"),
    				IsClientCachingEnabled: pulumi.Bool(false),
    				Key:                    pulumi.String("string"),
    			},
    		},
    		Captchas: waas.PolicyWafConfigCaptchaArray{
    			&waas.PolicyWafConfigCaptchaArgs{
    				FailureMessage:             pulumi.String("string"),
    				SessionExpirationInSeconds: pulumi.Int(0),
    				SubmitLabel:                pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Url:                        pulumi.String("string"),
    				FooterText:                 pulumi.String("string"),
    				HeaderText:                 pulumi.String("string"),
    			},
    		},
    		CustomProtectionRules: waas.PolicyWafConfigCustomProtectionRuleArray{
    			&waas.PolicyWafConfigCustomProtectionRuleArgs{
    				Action: pulumi.String("string"),
    				Exclusions: waas.PolicyWafConfigCustomProtectionRuleExclusionArray{
    					&waas.PolicyWafConfigCustomProtectionRuleExclusionArgs{
    						Exclusions: pulumi.StringArray{
    							pulumi.String("string"),
    						},
    						Target: pulumi.String("string"),
    					},
    				},
    				Id: pulumi.String("string"),
    			},
    		},
    		DeviceFingerprintChallenge: &waas.PolicyWafConfigDeviceFingerprintChallengeArgs{
    			IsEnabled:                 pulumi.Bool(false),
    			Action:                    pulumi.String("string"),
    			ActionExpirationInSeconds: pulumi.Int(0),
    			ChallengeSettings: &waas.PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs{
    				BlockAction:               pulumi.String("string"),
    				BlockErrorPageCode:        pulumi.String("string"),
    				BlockErrorPageDescription: pulumi.String("string"),
    				BlockErrorPageMessage:     pulumi.String("string"),
    				BlockResponseCode:         pulumi.Int(0),
    				CaptchaFooter:             pulumi.String("string"),
    				CaptchaHeader:             pulumi.String("string"),
    				CaptchaSubmitLabel:        pulumi.String("string"),
    				CaptchaTitle:              pulumi.String("string"),
    			},
    			FailureThreshold:                    pulumi.Int(0),
    			FailureThresholdExpirationInSeconds: pulumi.Int(0),
    			MaxAddressCount:                     pulumi.Int(0),
    			MaxAddressCountExpirationInSeconds:  pulumi.Int(0),
    		},
    		HumanInteractionChallenge: &waas.PolicyWafConfigHumanInteractionChallengeArgs{
    			IsEnabled:                 pulumi.Bool(false),
    			Action:                    pulumi.String("string"),
    			ActionExpirationInSeconds: pulumi.Int(0),
    			ChallengeSettings: &waas.PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs{
    				BlockAction:               pulumi.String("string"),
    				BlockErrorPageCode:        pulumi.String("string"),
    				BlockErrorPageDescription: pulumi.String("string"),
    				BlockErrorPageMessage:     pulumi.String("string"),
    				BlockResponseCode:         pulumi.Int(0),
    				CaptchaFooter:             pulumi.String("string"),
    				CaptchaHeader:             pulumi.String("string"),
    				CaptchaSubmitLabel:        pulumi.String("string"),
    				CaptchaTitle:              pulumi.String("string"),
    			},
    			FailureThreshold:                    pulumi.Int(0),
    			FailureThresholdExpirationInSeconds: pulumi.Int(0),
    			InteractionThreshold:                pulumi.Int(0),
    			IsNatEnabled:                        pulumi.Bool(false),
    			RecordingPeriodInSeconds:            pulumi.Int(0),
    			SetHttpHeader: &waas.PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs{
    				Name:  pulumi.String("string"),
    				Value: pulumi.String("string"),
    			},
    		},
    		JsChallenge: &waas.PolicyWafConfigJsChallengeArgs{
    			IsEnabled:                 pulumi.Bool(false),
    			Action:                    pulumi.String("string"),
    			ActionExpirationInSeconds: pulumi.Int(0),
    			AreRedirectsChallenged:    pulumi.Bool(false),
    			ChallengeSettings: &waas.PolicyWafConfigJsChallengeChallengeSettingsArgs{
    				BlockAction:               pulumi.String("string"),
    				BlockErrorPageCode:        pulumi.String("string"),
    				BlockErrorPageDescription: pulumi.String("string"),
    				BlockErrorPageMessage:     pulumi.String("string"),
    				BlockResponseCode:         pulumi.Int(0),
    				CaptchaFooter:             pulumi.String("string"),
    				CaptchaHeader:             pulumi.String("string"),
    				CaptchaSubmitLabel:        pulumi.String("string"),
    				CaptchaTitle:              pulumi.String("string"),
    			},
    			Criterias: waas.PolicyWafConfigJsChallengeCriteriaArray{
    				&waas.PolicyWafConfigJsChallengeCriteriaArgs{
    					Condition:       pulumi.String("string"),
    					Value:           pulumi.String("string"),
    					IsCaseSensitive: pulumi.Bool(false),
    				},
    			},
    			FailureThreshold: pulumi.Int(0),
    			IsNatEnabled:     pulumi.Bool(false),
    			SetHttpHeader: &waas.PolicyWafConfigJsChallengeSetHttpHeaderArgs{
    				Name:  pulumi.String("string"),
    				Value: pulumi.String("string"),
    			},
    		},
    		Origin: pulumi.String("string"),
    		OriginGroups: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ProtectionSettings: &waas.PolicyWafConfigProtectionSettingsArgs{
    			AllowedHttpMethods: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			BlockAction:                   pulumi.String("string"),
    			BlockErrorPageCode:            pulumi.String("string"),
    			BlockErrorPageDescription:     pulumi.String("string"),
    			BlockErrorPageMessage:         pulumi.String("string"),
    			BlockResponseCode:             pulumi.Int(0),
    			IsResponseInspected:           pulumi.Bool(false),
    			MaxArgumentCount:              pulumi.Int(0),
    			MaxNameLengthPerArgument:      pulumi.Int(0),
    			MaxResponseSizeInKiB:          pulumi.Int(0),
    			MaxTotalNameLengthOfArguments: pulumi.Int(0),
    			MediaTypes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			RecommendationsPeriodInDays: pulumi.Int(0),
    		},
    		Whitelists: waas.PolicyWafConfigWhitelistArray{
    			&waas.PolicyWafConfigWhitelistArgs{
    				Name: pulumi.String("string"),
    				AddressLists: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Addresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    		},
    	},
    })
    
    var ociPolicyResource = new Policy("ociPolicyResource", PolicyArgs.builder()
        .compartmentId("string")
        .domain("string")
        .additionalDomains("string")
        .definedTags(Map.of("string", "string"))
        .displayName("string")
        .freeformTags(Map.of("string", "string"))
        .originGroups(PolicyOriginGroupArgs.builder()
            .label("string")
            .originGroups(PolicyOriginGroupOriginGroupArgs.builder()
                .origin("string")
                .weight(0)
                .build())
            .build())
        .origins(PolicyOriginArgs.builder()
            .label("string")
            .uri("string")
            .customHeaders(PolicyOriginCustomHeaderArgs.builder()
                .name("string")
                .value("string")
                .build())
            .httpPort(0)
            .httpsPort(0)
            .build())
        .policyConfig(PolicyPolicyConfigArgs.builder()
            .certificateId("string")
            .cipherGroup("string")
            .clientAddressHeader("string")
            .healthChecks(PolicyPolicyConfigHealthChecksArgs.builder()
                .expectedResponseCodeGroups("string")
                .expectedResponseText("string")
                .headers(Map.of("string", "string"))
                .healthyThreshold(0)
                .intervalInSeconds(0)
                .isEnabled(false)
                .isResponseTextCheckEnabled(false)
                .method("string")
                .path("string")
                .timeoutInSeconds(0)
                .unhealthyThreshold(0)
                .build())
            .isBehindCdn(false)
            .isCacheControlRespected(false)
            .isHttpsEnabled(false)
            .isHttpsForced(false)
            .isOriginCompressionEnabled(false)
            .isResponseBufferingEnabled(false)
            .isSniEnabled(false)
            .loadBalancingMethod(PolicyPolicyConfigLoadBalancingMethodArgs.builder()
                .method("string")
                .domain("string")
                .expirationTimeInSeconds(0)
                .name("string")
                .build())
            .tlsProtocols("string")
            .websocketPathPrefixes("string")
            .build())
        .wafConfig(PolicyWafConfigArgs.builder()
            .accessRules(PolicyWafConfigAccessRuleArgs.builder()
                .action("string")
                .name("string")
                .criterias(PolicyWafConfigAccessRuleCriteriaArgs.builder()
                    .condition("string")
                    .value("string")
                    .isCaseSensitive(false)
                    .build())
                .blockErrorPageMessage("string")
                .blockErrorPageDescription("string")
                .blockResponseCode(0)
                .bypassChallenges("string")
                .captchaFooter("string")
                .captchaHeader("string")
                .captchaSubmitLabel("string")
                .captchaTitle("string")
                .blockErrorPageCode("string")
                .blockAction("string")
                .redirectResponseCode("string")
                .redirectUrl("string")
                .responseHeaderManipulations(PolicyWafConfigAccessRuleResponseHeaderManipulationArgs.builder()
                    .action("string")
                    .header("string")
                    .value("string")
                    .build())
                .build())
            .addressRateLimiting(PolicyWafConfigAddressRateLimitingArgs.builder()
                .isEnabled(false)
                .allowedRatePerAddress(0)
                .blockResponseCode(0)
                .maxDelayedCountPerAddress(0)
                .build())
            .cachingRules(PolicyWafConfigCachingRuleArgs.builder()
                .action("string")
                .criterias(PolicyWafConfigCachingRuleCriteriaArgs.builder()
                    .condition("string")
                    .value("string")
                    .build())
                .name("string")
                .cachingDuration("string")
                .clientCachingDuration("string")
                .isClientCachingEnabled(false)
                .key("string")
                .build())
            .captchas(PolicyWafConfigCaptchaArgs.builder()
                .failureMessage("string")
                .sessionExpirationInSeconds(0)
                .submitLabel("string")
                .title("string")
                .url("string")
                .footerText("string")
                .headerText("string")
                .build())
            .customProtectionRules(PolicyWafConfigCustomProtectionRuleArgs.builder()
                .action("string")
                .exclusions(PolicyWafConfigCustomProtectionRuleExclusionArgs.builder()
                    .exclusions("string")
                    .target("string")
                    .build())
                .id("string")
                .build())
            .deviceFingerprintChallenge(PolicyWafConfigDeviceFingerprintChallengeArgs.builder()
                .isEnabled(false)
                .action("string")
                .actionExpirationInSeconds(0)
                .challengeSettings(PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs.builder()
                    .blockAction("string")
                    .blockErrorPageCode("string")
                    .blockErrorPageDescription("string")
                    .blockErrorPageMessage("string")
                    .blockResponseCode(0)
                    .captchaFooter("string")
                    .captchaHeader("string")
                    .captchaSubmitLabel("string")
                    .captchaTitle("string")
                    .build())
                .failureThreshold(0)
                .failureThresholdExpirationInSeconds(0)
                .maxAddressCount(0)
                .maxAddressCountExpirationInSeconds(0)
                .build())
            .humanInteractionChallenge(PolicyWafConfigHumanInteractionChallengeArgs.builder()
                .isEnabled(false)
                .action("string")
                .actionExpirationInSeconds(0)
                .challengeSettings(PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs.builder()
                    .blockAction("string")
                    .blockErrorPageCode("string")
                    .blockErrorPageDescription("string")
                    .blockErrorPageMessage("string")
                    .blockResponseCode(0)
                    .captchaFooter("string")
                    .captchaHeader("string")
                    .captchaSubmitLabel("string")
                    .captchaTitle("string")
                    .build())
                .failureThreshold(0)
                .failureThresholdExpirationInSeconds(0)
                .interactionThreshold(0)
                .isNatEnabled(false)
                .recordingPeriodInSeconds(0)
                .setHttpHeader(PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs.builder()
                    .name("string")
                    .value("string")
                    .build())
                .build())
            .jsChallenge(PolicyWafConfigJsChallengeArgs.builder()
                .isEnabled(false)
                .action("string")
                .actionExpirationInSeconds(0)
                .areRedirectsChallenged(false)
                .challengeSettings(PolicyWafConfigJsChallengeChallengeSettingsArgs.builder()
                    .blockAction("string")
                    .blockErrorPageCode("string")
                    .blockErrorPageDescription("string")
                    .blockErrorPageMessage("string")
                    .blockResponseCode(0)
                    .captchaFooter("string")
                    .captchaHeader("string")
                    .captchaSubmitLabel("string")
                    .captchaTitle("string")
                    .build())
                .criterias(PolicyWafConfigJsChallengeCriteriaArgs.builder()
                    .condition("string")
                    .value("string")
                    .isCaseSensitive(false)
                    .build())
                .failureThreshold(0)
                .isNatEnabled(false)
                .setHttpHeader(PolicyWafConfigJsChallengeSetHttpHeaderArgs.builder()
                    .name("string")
                    .value("string")
                    .build())
                .build())
            .origin("string")
            .originGroups("string")
            .protectionSettings(PolicyWafConfigProtectionSettingsArgs.builder()
                .allowedHttpMethods("string")
                .blockAction("string")
                .blockErrorPageCode("string")
                .blockErrorPageDescription("string")
                .blockErrorPageMessage("string")
                .blockResponseCode(0)
                .isResponseInspected(false)
                .maxArgumentCount(0)
                .maxNameLengthPerArgument(0)
                .maxResponseSizeInKiB(0)
                .maxTotalNameLengthOfArguments(0)
                .mediaTypes("string")
                .recommendationsPeriodInDays(0)
                .build())
            .whitelists(PolicyWafConfigWhitelistArgs.builder()
                .name("string")
                .addressLists("string")
                .addresses("string")
                .build())
            .build())
        .build());
    
    oci_policy_resource = oci.waas.Policy("ociPolicyResource",
        compartment_id="string",
        domain="string",
        additional_domains=["string"],
        defined_tags={
            "string": "string",
        },
        display_name="string",
        freeform_tags={
            "string": "string",
        },
        origin_groups=[{
            "label": "string",
            "origin_groups": [{
                "origin": "string",
                "weight": 0,
            }],
        }],
        origins=[{
            "label": "string",
            "uri": "string",
            "custom_headers": [{
                "name": "string",
                "value": "string",
            }],
            "http_port": 0,
            "https_port": 0,
        }],
        policy_config={
            "certificate_id": "string",
            "cipher_group": "string",
            "client_address_header": "string",
            "health_checks": {
                "expected_response_code_groups": ["string"],
                "expected_response_text": "string",
                "headers": {
                    "string": "string",
                },
                "healthy_threshold": 0,
                "interval_in_seconds": 0,
                "is_enabled": False,
                "is_response_text_check_enabled": False,
                "method": "string",
                "path": "string",
                "timeout_in_seconds": 0,
                "unhealthy_threshold": 0,
            },
            "is_behind_cdn": False,
            "is_cache_control_respected": False,
            "is_https_enabled": False,
            "is_https_forced": False,
            "is_origin_compression_enabled": False,
            "is_response_buffering_enabled": False,
            "is_sni_enabled": False,
            "load_balancing_method": {
                "method": "string",
                "domain": "string",
                "expiration_time_in_seconds": 0,
                "name": "string",
            },
            "tls_protocols": ["string"],
            "websocket_path_prefixes": ["string"],
        },
        waf_config={
            "access_rules": [{
                "action": "string",
                "name": "string",
                "criterias": [{
                    "condition": "string",
                    "value": "string",
                    "is_case_sensitive": False,
                }],
                "block_error_page_message": "string",
                "block_error_page_description": "string",
                "block_response_code": 0,
                "bypass_challenges": ["string"],
                "captcha_footer": "string",
                "captcha_header": "string",
                "captcha_submit_label": "string",
                "captcha_title": "string",
                "block_error_page_code": "string",
                "block_action": "string",
                "redirect_response_code": "string",
                "redirect_url": "string",
                "response_header_manipulations": [{
                    "action": "string",
                    "header": "string",
                    "value": "string",
                }],
            }],
            "address_rate_limiting": {
                "is_enabled": False,
                "allowed_rate_per_address": 0,
                "block_response_code": 0,
                "max_delayed_count_per_address": 0,
            },
            "caching_rules": [{
                "action": "string",
                "criterias": [{
                    "condition": "string",
                    "value": "string",
                }],
                "name": "string",
                "caching_duration": "string",
                "client_caching_duration": "string",
                "is_client_caching_enabled": False,
                "key": "string",
            }],
            "captchas": [{
                "failure_message": "string",
                "session_expiration_in_seconds": 0,
                "submit_label": "string",
                "title": "string",
                "url": "string",
                "footer_text": "string",
                "header_text": "string",
            }],
            "custom_protection_rules": [{
                "action": "string",
                "exclusions": [{
                    "exclusions": ["string"],
                    "target": "string",
                }],
                "id": "string",
            }],
            "device_fingerprint_challenge": {
                "is_enabled": False,
                "action": "string",
                "action_expiration_in_seconds": 0,
                "challenge_settings": {
                    "block_action": "string",
                    "block_error_page_code": "string",
                    "block_error_page_description": "string",
                    "block_error_page_message": "string",
                    "block_response_code": 0,
                    "captcha_footer": "string",
                    "captcha_header": "string",
                    "captcha_submit_label": "string",
                    "captcha_title": "string",
                },
                "failure_threshold": 0,
                "failure_threshold_expiration_in_seconds": 0,
                "max_address_count": 0,
                "max_address_count_expiration_in_seconds": 0,
            },
            "human_interaction_challenge": {
                "is_enabled": False,
                "action": "string",
                "action_expiration_in_seconds": 0,
                "challenge_settings": {
                    "block_action": "string",
                    "block_error_page_code": "string",
                    "block_error_page_description": "string",
                    "block_error_page_message": "string",
                    "block_response_code": 0,
                    "captcha_footer": "string",
                    "captcha_header": "string",
                    "captcha_submit_label": "string",
                    "captcha_title": "string",
                },
                "failure_threshold": 0,
                "failure_threshold_expiration_in_seconds": 0,
                "interaction_threshold": 0,
                "is_nat_enabled": False,
                "recording_period_in_seconds": 0,
                "set_http_header": {
                    "name": "string",
                    "value": "string",
                },
            },
            "js_challenge": {
                "is_enabled": False,
                "action": "string",
                "action_expiration_in_seconds": 0,
                "are_redirects_challenged": False,
                "challenge_settings": {
                    "block_action": "string",
                    "block_error_page_code": "string",
                    "block_error_page_description": "string",
                    "block_error_page_message": "string",
                    "block_response_code": 0,
                    "captcha_footer": "string",
                    "captcha_header": "string",
                    "captcha_submit_label": "string",
                    "captcha_title": "string",
                },
                "criterias": [{
                    "condition": "string",
                    "value": "string",
                    "is_case_sensitive": False,
                }],
                "failure_threshold": 0,
                "is_nat_enabled": False,
                "set_http_header": {
                    "name": "string",
                    "value": "string",
                },
            },
            "origin": "string",
            "origin_groups": ["string"],
            "protection_settings": {
                "allowed_http_methods": ["string"],
                "block_action": "string",
                "block_error_page_code": "string",
                "block_error_page_description": "string",
                "block_error_page_message": "string",
                "block_response_code": 0,
                "is_response_inspected": False,
                "max_argument_count": 0,
                "max_name_length_per_argument": 0,
                "max_response_size_in_ki_b": 0,
                "max_total_name_length_of_arguments": 0,
                "media_types": ["string"],
                "recommendations_period_in_days": 0,
            },
            "whitelists": [{
                "name": "string",
                "address_lists": ["string"],
                "addresses": ["string"],
            }],
        })
    
    const ociPolicyResource = new oci.waas.Policy("ociPolicyResource", {
        compartmentId: "string",
        domain: "string",
        additionalDomains: ["string"],
        definedTags: {
            string: "string",
        },
        displayName: "string",
        freeformTags: {
            string: "string",
        },
        originGroups: [{
            label: "string",
            originGroups: [{
                origin: "string",
                weight: 0,
            }],
        }],
        origins: [{
            label: "string",
            uri: "string",
            customHeaders: [{
                name: "string",
                value: "string",
            }],
            httpPort: 0,
            httpsPort: 0,
        }],
        policyConfig: {
            certificateId: "string",
            cipherGroup: "string",
            clientAddressHeader: "string",
            healthChecks: {
                expectedResponseCodeGroups: ["string"],
                expectedResponseText: "string",
                headers: {
                    string: "string",
                },
                healthyThreshold: 0,
                intervalInSeconds: 0,
                isEnabled: false,
                isResponseTextCheckEnabled: false,
                method: "string",
                path: "string",
                timeoutInSeconds: 0,
                unhealthyThreshold: 0,
            },
            isBehindCdn: false,
            isCacheControlRespected: false,
            isHttpsEnabled: false,
            isHttpsForced: false,
            isOriginCompressionEnabled: false,
            isResponseBufferingEnabled: false,
            isSniEnabled: false,
            loadBalancingMethod: {
                method: "string",
                domain: "string",
                expirationTimeInSeconds: 0,
                name: "string",
            },
            tlsProtocols: ["string"],
            websocketPathPrefixes: ["string"],
        },
        wafConfig: {
            accessRules: [{
                action: "string",
                name: "string",
                criterias: [{
                    condition: "string",
                    value: "string",
                    isCaseSensitive: false,
                }],
                blockErrorPageMessage: "string",
                blockErrorPageDescription: "string",
                blockResponseCode: 0,
                bypassChallenges: ["string"],
                captchaFooter: "string",
                captchaHeader: "string",
                captchaSubmitLabel: "string",
                captchaTitle: "string",
                blockErrorPageCode: "string",
                blockAction: "string",
                redirectResponseCode: "string",
                redirectUrl: "string",
                responseHeaderManipulations: [{
                    action: "string",
                    header: "string",
                    value: "string",
                }],
            }],
            addressRateLimiting: {
                isEnabled: false,
                allowedRatePerAddress: 0,
                blockResponseCode: 0,
                maxDelayedCountPerAddress: 0,
            },
            cachingRules: [{
                action: "string",
                criterias: [{
                    condition: "string",
                    value: "string",
                }],
                name: "string",
                cachingDuration: "string",
                clientCachingDuration: "string",
                isClientCachingEnabled: false,
                key: "string",
            }],
            captchas: [{
                failureMessage: "string",
                sessionExpirationInSeconds: 0,
                submitLabel: "string",
                title: "string",
                url: "string",
                footerText: "string",
                headerText: "string",
            }],
            customProtectionRules: [{
                action: "string",
                exclusions: [{
                    exclusions: ["string"],
                    target: "string",
                }],
                id: "string",
            }],
            deviceFingerprintChallenge: {
                isEnabled: false,
                action: "string",
                actionExpirationInSeconds: 0,
                challengeSettings: {
                    blockAction: "string",
                    blockErrorPageCode: "string",
                    blockErrorPageDescription: "string",
                    blockErrorPageMessage: "string",
                    blockResponseCode: 0,
                    captchaFooter: "string",
                    captchaHeader: "string",
                    captchaSubmitLabel: "string",
                    captchaTitle: "string",
                },
                failureThreshold: 0,
                failureThresholdExpirationInSeconds: 0,
                maxAddressCount: 0,
                maxAddressCountExpirationInSeconds: 0,
            },
            humanInteractionChallenge: {
                isEnabled: false,
                action: "string",
                actionExpirationInSeconds: 0,
                challengeSettings: {
                    blockAction: "string",
                    blockErrorPageCode: "string",
                    blockErrorPageDescription: "string",
                    blockErrorPageMessage: "string",
                    blockResponseCode: 0,
                    captchaFooter: "string",
                    captchaHeader: "string",
                    captchaSubmitLabel: "string",
                    captchaTitle: "string",
                },
                failureThreshold: 0,
                failureThresholdExpirationInSeconds: 0,
                interactionThreshold: 0,
                isNatEnabled: false,
                recordingPeriodInSeconds: 0,
                setHttpHeader: {
                    name: "string",
                    value: "string",
                },
            },
            jsChallenge: {
                isEnabled: false,
                action: "string",
                actionExpirationInSeconds: 0,
                areRedirectsChallenged: false,
                challengeSettings: {
                    blockAction: "string",
                    blockErrorPageCode: "string",
                    blockErrorPageDescription: "string",
                    blockErrorPageMessage: "string",
                    blockResponseCode: 0,
                    captchaFooter: "string",
                    captchaHeader: "string",
                    captchaSubmitLabel: "string",
                    captchaTitle: "string",
                },
                criterias: [{
                    condition: "string",
                    value: "string",
                    isCaseSensitive: false,
                }],
                failureThreshold: 0,
                isNatEnabled: false,
                setHttpHeader: {
                    name: "string",
                    value: "string",
                },
            },
            origin: "string",
            originGroups: ["string"],
            protectionSettings: {
                allowedHttpMethods: ["string"],
                blockAction: "string",
                blockErrorPageCode: "string",
                blockErrorPageDescription: "string",
                blockErrorPageMessage: "string",
                blockResponseCode: 0,
                isResponseInspected: false,
                maxArgumentCount: 0,
                maxNameLengthPerArgument: 0,
                maxResponseSizeInKiB: 0,
                maxTotalNameLengthOfArguments: 0,
                mediaTypes: ["string"],
                recommendationsPeriodInDays: 0,
            },
            whitelists: [{
                name: "string",
                addressLists: ["string"],
                addresses: ["string"],
            }],
        },
    });
    
    type: oci:Waas:Policy
    properties:
        additionalDomains:
            - string
        compartmentId: string
        definedTags:
            string: string
        displayName: string
        domain: string
        freeformTags:
            string: string
        originGroups:
            - label: string
              originGroups:
                - origin: string
                  weight: 0
        origins:
            - customHeaders:
                - name: string
                  value: string
              httpPort: 0
              httpsPort: 0
              label: string
              uri: string
        policyConfig:
            certificateId: string
            cipherGroup: string
            clientAddressHeader: string
            healthChecks:
                expectedResponseCodeGroups:
                    - string
                expectedResponseText: string
                headers:
                    string: string
                healthyThreshold: 0
                intervalInSeconds: 0
                isEnabled: false
                isResponseTextCheckEnabled: false
                method: string
                path: string
                timeoutInSeconds: 0
                unhealthyThreshold: 0
            isBehindCdn: false
            isCacheControlRespected: false
            isHttpsEnabled: false
            isHttpsForced: false
            isOriginCompressionEnabled: false
            isResponseBufferingEnabled: false
            isSniEnabled: false
            loadBalancingMethod:
                domain: string
                expirationTimeInSeconds: 0
                method: string
                name: string
            tlsProtocols:
                - string
            websocketPathPrefixes:
                - string
        wafConfig:
            accessRules:
                - action: string
                  blockAction: string
                  blockErrorPageCode: string
                  blockErrorPageDescription: string
                  blockErrorPageMessage: string
                  blockResponseCode: 0
                  bypassChallenges:
                    - string
                  captchaFooter: string
                  captchaHeader: string
                  captchaSubmitLabel: string
                  captchaTitle: string
                  criterias:
                    - condition: string
                      isCaseSensitive: false
                      value: string
                  name: string
                  redirectResponseCode: string
                  redirectUrl: string
                  responseHeaderManipulations:
                    - action: string
                      header: string
                      value: string
            addressRateLimiting:
                allowedRatePerAddress: 0
                blockResponseCode: 0
                isEnabled: false
                maxDelayedCountPerAddress: 0
            cachingRules:
                - action: string
                  cachingDuration: string
                  clientCachingDuration: string
                  criterias:
                    - condition: string
                      value: string
                  isClientCachingEnabled: false
                  key: string
                  name: string
            captchas:
                - failureMessage: string
                  footerText: string
                  headerText: string
                  sessionExpirationInSeconds: 0
                  submitLabel: string
                  title: string
                  url: string
            customProtectionRules:
                - action: string
                  exclusions:
                    - exclusions:
                        - string
                      target: string
                  id: string
            deviceFingerprintChallenge:
                action: string
                actionExpirationInSeconds: 0
                challengeSettings:
                    blockAction: string
                    blockErrorPageCode: string
                    blockErrorPageDescription: string
                    blockErrorPageMessage: string
                    blockResponseCode: 0
                    captchaFooter: string
                    captchaHeader: string
                    captchaSubmitLabel: string
                    captchaTitle: string
                failureThreshold: 0
                failureThresholdExpirationInSeconds: 0
                isEnabled: false
                maxAddressCount: 0
                maxAddressCountExpirationInSeconds: 0
            humanInteractionChallenge:
                action: string
                actionExpirationInSeconds: 0
                challengeSettings:
                    blockAction: string
                    blockErrorPageCode: string
                    blockErrorPageDescription: string
                    blockErrorPageMessage: string
                    blockResponseCode: 0
                    captchaFooter: string
                    captchaHeader: string
                    captchaSubmitLabel: string
                    captchaTitle: string
                failureThreshold: 0
                failureThresholdExpirationInSeconds: 0
                interactionThreshold: 0
                isEnabled: false
                isNatEnabled: false
                recordingPeriodInSeconds: 0
                setHttpHeader:
                    name: string
                    value: string
            jsChallenge:
                action: string
                actionExpirationInSeconds: 0
                areRedirectsChallenged: false
                challengeSettings:
                    blockAction: string
                    blockErrorPageCode: string
                    blockErrorPageDescription: string
                    blockErrorPageMessage: string
                    blockResponseCode: 0
                    captchaFooter: string
                    captchaHeader: string
                    captchaSubmitLabel: string
                    captchaTitle: string
                criterias:
                    - condition: string
                      isCaseSensitive: false
                      value: string
                failureThreshold: 0
                isEnabled: false
                isNatEnabled: false
                setHttpHeader:
                    name: string
                    value: string
            origin: string
            originGroups:
                - string
            protectionSettings:
                allowedHttpMethods:
                    - string
                blockAction: string
                blockErrorPageCode: string
                blockErrorPageDescription: string
                blockErrorPageMessage: string
                blockResponseCode: 0
                isResponseInspected: false
                maxArgumentCount: 0
                maxNameLengthPerArgument: 0
                maxResponseSizeInKiB: 0
                maxTotalNameLengthOfArguments: 0
                mediaTypes:
                    - string
                recommendationsPeriodInDays: 0
            whitelists:
                - addressLists:
                    - string
                  addresses:
                    - string
                  name: string
    

    Policy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Policy resource accepts the following input properties:

    CompartmentId string
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    Domain string
    The web application domain that the WAAS policy protects.
    AdditionalDomains List<string>
    (Updatable) An array of additional domains for the specified web application.
    DefinedTags Dictionary<string, string>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    FreeformTags Dictionary<string, string>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    OriginGroups List<PolicyOriginGroup>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins List<PolicyOrigin>
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    PolicyConfig PolicyPolicyConfig
    (Updatable) The configuration details for the WAAS policy.
    WafConfig PolicyWafConfig
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    CompartmentId string
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    Domain string
    The web application domain that the WAAS policy protects.
    AdditionalDomains []string
    (Updatable) An array of additional domains for the specified web application.
    DefinedTags map[string]string
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    FreeformTags map[string]string
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    OriginGroups []PolicyOriginGroupArgs
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins []PolicyOriginArgs
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    PolicyConfig PolicyPolicyConfigArgs
    (Updatable) The configuration details for the WAAS policy.
    WafConfig PolicyWafConfigArgs
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    compartmentId String
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    domain String
    The web application domain that the WAAS policy protects.
    additionalDomains List<String>
    (Updatable) An array of additional domains for the specified web application.
    definedTags Map<String,String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    freeformTags Map<String,String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    originGroups List<PolicyOriginGroup>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<PolicyOrigin>
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policyConfig PolicyPolicyConfig
    (Updatable) The configuration details for the WAAS policy.
    wafConfig PolicyWafConfig
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    compartmentId string
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    domain string
    The web application domain that the WAAS policy protects.
    additionalDomains string[]
    (Updatable) An array of additional domains for the specified web application.
    definedTags {[key: string]: string}
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName string
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    freeformTags {[key: string]: string}
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    originGroups PolicyOriginGroup[]
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins PolicyOrigin[]
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policyConfig PolicyPolicyConfig
    (Updatable) The configuration details for the WAAS policy.
    wafConfig PolicyWafConfig
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    compartment_id str
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    domain str
    The web application domain that the WAAS policy protects.
    additional_domains Sequence[str]
    (Updatable) An array of additional domains for the specified web application.
    defined_tags Mapping[str, str]
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    display_name str
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    freeform_tags Mapping[str, str]
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    origin_groups Sequence[waas.PolicyOriginGroupArgs]
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins Sequence[waas.PolicyOriginArgs]
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policy_config waas.PolicyPolicyConfigArgs
    (Updatable) The configuration details for the WAAS policy.
    waf_config waas.PolicyWafConfigArgs
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    compartmentId String
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    domain String
    The web application domain that the WAAS policy protects.
    additionalDomains List<String>
    (Updatable) An array of additional domains for the specified web application.
    definedTags Map<String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    freeformTags Map<String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    originGroups List<Property Map>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<Property Map>
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policyConfig Property Map
    (Updatable) The configuration details for the WAAS policy.
    wafConfig Property Map
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    Id string
    The provider-assigned unique ID for this managed resource.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    Id string
    The provider-assigned unique ID for this managed resource.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    id String
    The provider-assigned unique ID for this managed resource.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    id string
    The provider-assigned unique ID for this managed resource.
    state string
    The current lifecycle state of the WAAS policy.
    timeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    cname str
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    id str
    The provider-assigned unique ID for this managed resource.
    state str
    The current lifecycle state of the WAAS policy.
    time_created str
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    id String
    The provider-assigned unique ID for this managed resource.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.

    Look up Existing Policy Resource

    Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            additional_domains: Optional[Sequence[str]] = None,
            cname: Optional[str] = None,
            compartment_id: Optional[str] = None,
            defined_tags: Optional[Mapping[str, str]] = None,
            display_name: Optional[str] = None,
            domain: Optional[str] = None,
            freeform_tags: Optional[Mapping[str, str]] = None,
            origin_groups: Optional[Sequence[_waas.PolicyOriginGroupArgs]] = None,
            origins: Optional[Sequence[_waas.PolicyOriginArgs]] = None,
            policy_config: Optional[_waas.PolicyPolicyConfigArgs] = None,
            state: Optional[str] = None,
            time_created: Optional[str] = None,
            waf_config: Optional[_waas.PolicyWafConfigArgs] = None) -> Policy
    func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
    public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
    public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AdditionalDomains List<string>
    (Updatable) An array of additional domains for the specified web application.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    CompartmentId string
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    DefinedTags Dictionary<string, string>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    Domain string
    The web application domain that the WAAS policy protects.
    FreeformTags Dictionary<string, string>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    OriginGroups List<PolicyOriginGroup>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins List<PolicyOrigin>
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    PolicyConfig PolicyPolicyConfig
    (Updatable) The configuration details for the WAAS policy.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    WafConfig PolicyWafConfig
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    AdditionalDomains []string
    (Updatable) An array of additional domains for the specified web application.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    CompartmentId string
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    DefinedTags map[string]string
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    Domain string
    The web application domain that the WAAS policy protects.
    FreeformTags map[string]string
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    OriginGroups []PolicyOriginGroupArgs
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins []PolicyOriginArgs
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    PolicyConfig PolicyPolicyConfigArgs
    (Updatable) The configuration details for the WAAS policy.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    WafConfig PolicyWafConfigArgs
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    additionalDomains List<String>
    (Updatable) An array of additional domains for the specified web application.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId String
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    definedTags Map<String,String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    domain String
    The web application domain that the WAAS policy protects.
    freeformTags Map<String,String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    originGroups List<PolicyOriginGroup>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<PolicyOrigin>
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policyConfig PolicyPolicyConfig
    (Updatable) The configuration details for the WAAS policy.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    wafConfig PolicyWafConfig
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    additionalDomains string[]
    (Updatable) An array of additional domains for the specified web application.
    cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId string
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    definedTags {[key: string]: string}
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName string
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    domain string
    The web application domain that the WAAS policy protects.
    freeformTags {[key: string]: string}
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    originGroups PolicyOriginGroup[]
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins PolicyOrigin[]
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policyConfig PolicyPolicyConfig
    (Updatable) The configuration details for the WAAS policy.
    state string
    The current lifecycle state of the WAAS policy.
    timeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    wafConfig PolicyWafConfig
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    additional_domains Sequence[str]
    (Updatable) An array of additional domains for the specified web application.
    cname str
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartment_id str
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    defined_tags Mapping[str, str]
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    display_name str
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    domain str
    The web application domain that the WAAS policy protects.
    freeform_tags Mapping[str, str]
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    origin_groups Sequence[waas.PolicyOriginGroupArgs]
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins Sequence[waas.PolicyOriginArgs]
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policy_config waas.PolicyPolicyConfigArgs
    (Updatable) The configuration details for the WAAS policy.
    state str
    The current lifecycle state of the WAAS policy.
    time_created str
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    waf_config waas.PolicyWafConfigArgs
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
    additionalDomains List<String>
    (Updatable) An array of additional domains for the specified web application.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId String
    (Updatable) The OCID of the compartment in which to create the WAAS policy.
    definedTags Map<String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
    domain String
    The web application domain that the WAAS policy protects.
    freeformTags Map<String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    originGroups List<Property Map>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<Property Map>
    (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
    policyConfig Property Map
    (Updatable) The configuration details for the WAAS policy.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    wafConfig Property Map
    (Updatable) The Web Application Firewall configuration for the WAAS policy creation.

    Supporting Types

    PolicyOrigin, PolicyOriginArgs

    Label string
    Uri string
    (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    CustomHeaders List<PolicyOriginCustomHeader>
    (Updatable) A list of HTTP headers to forward to your origin.
    HttpPort int
    (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    HttpsPort int
    (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    Label string
    Uri string
    (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    CustomHeaders []PolicyOriginCustomHeader
    (Updatable) A list of HTTP headers to forward to your origin.
    HttpPort int
    (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    HttpsPort int
    (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label String
    uri String
    (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    customHeaders List<PolicyOriginCustomHeader>
    (Updatable) A list of HTTP headers to forward to your origin.
    httpPort Integer
    (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort Integer
    (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label string
    uri string
    (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    customHeaders PolicyOriginCustomHeader[]
    (Updatable) A list of HTTP headers to forward to your origin.
    httpPort number
    (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort number
    (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label str
    uri str
    (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    custom_headers Sequence[waas.PolicyOriginCustomHeader]
    (Updatable) A list of HTTP headers to forward to your origin.
    http_port int
    (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    https_port int
    (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label String
    uri String
    (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    customHeaders List<Property Map>
    (Updatable) A list of HTTP headers to forward to your origin.
    httpPort Number
    (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort Number
    (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

    PolicyOriginCustomHeader, PolicyOriginCustomHeaderArgs

    Name string
    (Updatable) The name of the header.
    Value string
    (Updatable) The value of the header.
    Name string
    (Updatable) The name of the header.
    Value string
    (Updatable) The value of the header.
    name String
    (Updatable) The name of the header.
    value String
    (Updatable) The value of the header.
    name string
    (Updatable) The name of the header.
    value string
    (Updatable) The value of the header.
    name str
    (Updatable) The name of the header.
    value str
    (Updatable) The value of the header.
    name String
    (Updatable) The name of the header.
    value String
    (Updatable) The value of the header.

    PolicyOriginGroup, PolicyOriginGroupArgs

    PolicyOriginGroupOriginGroup, PolicyOriginGroupOriginGroupArgs

    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    Weight int
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    Weight int
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight Integer
    origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight number
    origin str
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight int
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight Number

    PolicyPolicyConfig, PolicyPolicyConfigArgs

    CertificateId string
    (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
    CipherGroup string
    (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ClientAddressHeader string

    (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

    The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

    Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

    In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

    • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
    • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
    • X_REAL_IP: Corresponds to X-Real-Ip header name.
    • CLIENT_IP: Corresponds to Client-Ip header name.
    • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.
    HealthChecks PolicyPolicyConfigHealthChecks
    (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    IsBehindCdn bool
    (Updatable) Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    IsCacheControlRespected bool
    (Updatable) Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    IsHttpsEnabled bool
    (Updatable) Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    IsHttpsForced bool
    (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    IsOriginCompressionEnabled bool
    (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    IsResponseBufferingEnabled bool
    (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    IsSniEnabled bool
    (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    LoadBalancingMethod PolicyPolicyConfigLoadBalancingMethod
    (Updatable) An object that represents a load balancing method and its properties.
    TlsProtocols List<string>

    (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.

    Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

    WebsocketPathPrefixes List<string>
    (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    CertificateId string
    (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
    CipherGroup string
    (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ClientAddressHeader string

    (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

    The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

    Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

    In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

    • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
    • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
    • X_REAL_IP: Corresponds to X-Real-Ip header name.
    • CLIENT_IP: Corresponds to Client-Ip header name.
    • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.
    HealthChecks PolicyPolicyConfigHealthChecks
    (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    IsBehindCdn bool
    (Updatable) Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    IsCacheControlRespected bool
    (Updatable) Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    IsHttpsEnabled bool
    (Updatable) Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    IsHttpsForced bool
    (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    IsOriginCompressionEnabled bool
    (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    IsResponseBufferingEnabled bool
    (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    IsSniEnabled bool
    (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    LoadBalancingMethod PolicyPolicyConfigLoadBalancingMethod
    (Updatable) An object that represents a load balancing method and its properties.
    TlsProtocols []string

    (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.

    Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

    WebsocketPathPrefixes []string
    (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId String
    (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup String
    (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader String

    (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

    The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

    Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

    In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

    • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
    • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
    • X_REAL_IP: Corresponds to X-Real-Ip header name.
    • CLIENT_IP: Corresponds to Client-Ip header name.
    • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.
    healthChecks PolicyPolicyConfigHealthChecks
    (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn Boolean
    (Updatable) Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected Boolean
    (Updatable) Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled Boolean
    (Updatable) Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced Boolean
    (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled Boolean
    (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled Boolean
    (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled Boolean
    (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethod PolicyPolicyConfigLoadBalancingMethod
    (Updatable) An object that represents a load balancing method and its properties.
    tlsProtocols List<String>

    (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.

    Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

    websocketPathPrefixes List<String>
    (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId string
    (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup string
    (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader string

    (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

    The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

    Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

    In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

    • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
    • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
    • X_REAL_IP: Corresponds to X-Real-Ip header name.
    • CLIENT_IP: Corresponds to Client-Ip header name.
    • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.
    healthChecks PolicyPolicyConfigHealthChecks
    (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn boolean
    (Updatable) Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected boolean
    (Updatable) Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled boolean
    (Updatable) Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced boolean
    (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled boolean
    (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled boolean
    (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled boolean
    (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethod PolicyPolicyConfigLoadBalancingMethod
    (Updatable) An object that represents a load balancing method and its properties.
    tlsProtocols string[]

    (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.

    Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

    websocketPathPrefixes string[]
    (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificate_id str
    (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
    cipher_group str
    (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    client_address_header str

    (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

    The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

    Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

    In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

    • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
    • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
    • X_REAL_IP: Corresponds to X-Real-Ip header name.
    • CLIENT_IP: Corresponds to Client-Ip header name.
    • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.
    health_checks waas.PolicyPolicyConfigHealthChecks
    (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    is_behind_cdn bool
    (Updatable) Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    is_cache_control_respected bool
    (Updatable) Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    is_https_enabled bool
    (Updatable) Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    is_https_forced bool
    (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    is_origin_compression_enabled bool
    (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    is_response_buffering_enabled bool
    (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    is_sni_enabled bool
    (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    load_balancing_method waas.PolicyPolicyConfigLoadBalancingMethod
    (Updatable) An object that represents a load balancing method and its properties.
    tls_protocols Sequence[str]

    (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.

    Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

    websocket_path_prefixes Sequence[str]
    (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId String
    (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup String
    (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader String

    (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

    The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

    Example: X-Client-Ip: 11.1.1.1, 13.3.3.3

    In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

    • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
    • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
    • X_REAL_IP: Corresponds to X-Real-Ip header name.
    • CLIENT_IP: Corresponds to Client-Ip header name.
    • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.
    healthChecks Property Map
    (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn Boolean
    (Updatable) Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected Boolean
    (Updatable) Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled Boolean
    (Updatable) Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced Boolean
    (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled Boolean
    (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled Boolean
    (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled Boolean
    (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethod Property Map
    (Updatable) An object that represents a load balancing method and its properties.
    tlsProtocols List<String>

    (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.

    Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

    websocketPathPrefixes List<String>
    (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.

    PolicyPolicyConfigHealthChecks, PolicyPolicyConfigHealthChecksArgs

    ExpectedResponseCodeGroups List<string>
    (Updatable) The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    ExpectedResponseText string
    (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    Headers Dictionary<string, string>

    (Updatable) HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

    Note: The only currently-supported header fields are Host and User-Agent.

    HealthyThreshold int
    (Updatable) Number of successful health checks after which the server is marked up.
    IntervalInSeconds int
    (Updatable) Time between health checks of an individual origin server, in seconds.
    IsEnabled bool
    (Updatable) Enables or disables the health checks.
    IsResponseTextCheckEnabled bool
    (Updatable) Enables or disables additional check for predefined text in addition to response code.
    Method string
    (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
    Path string
    (Updatable) Path to visit on your origins when performing the health check.
    TimeoutInSeconds int
    (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
    UnhealthyThreshold int
    (Updatable) Number of failed health checks after which the server is marked down.
    ExpectedResponseCodeGroups []string
    (Updatable) The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    ExpectedResponseText string
    (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    Headers map[string]string

    (Updatable) HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

    Note: The only currently-supported header fields are Host and User-Agent.

    HealthyThreshold int
    (Updatable) Number of successful health checks after which the server is marked up.
    IntervalInSeconds int
    (Updatable) Time between health checks of an individual origin server, in seconds.
    IsEnabled bool
    (Updatable) Enables or disables the health checks.
    IsResponseTextCheckEnabled bool
    (Updatable) Enables or disables additional check for predefined text in addition to response code.
    Method string
    (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
    Path string
    (Updatable) Path to visit on your origins when performing the health check.
    TimeoutInSeconds int
    (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
    UnhealthyThreshold int
    (Updatable) Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups List<String>
    (Updatable) The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText String
    (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Map<String,String>

    (Updatable) HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

    Note: The only currently-supported header fields are Host and User-Agent.

    healthyThreshold Integer
    (Updatable) Number of successful health checks after which the server is marked up.
    intervalInSeconds Integer
    (Updatable) Time between health checks of an individual origin server, in seconds.
    isEnabled Boolean
    (Updatable) Enables or disables the health checks.
    isResponseTextCheckEnabled Boolean
    (Updatable) Enables or disables additional check for predefined text in addition to response code.
    method String
    (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
    path String
    (Updatable) Path to visit on your origins when performing the health check.
    timeoutInSeconds Integer
    (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold Integer
    (Updatable) Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups string[]
    (Updatable) The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText string
    (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers {[key: string]: string}

    (Updatable) HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

    Note: The only currently-supported header fields are Host and User-Agent.

    healthyThreshold number
    (Updatable) Number of successful health checks after which the server is marked up.
    intervalInSeconds number
    (Updatable) Time between health checks of an individual origin server, in seconds.
    isEnabled boolean
    (Updatable) Enables or disables the health checks.
    isResponseTextCheckEnabled boolean
    (Updatable) Enables or disables additional check for predefined text in addition to response code.
    method string
    (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
    path string
    (Updatable) Path to visit on your origins when performing the health check.
    timeoutInSeconds number
    (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold number
    (Updatable) Number of failed health checks after which the server is marked down.
    expected_response_code_groups Sequence[str]
    (Updatable) The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expected_response_text str
    (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Mapping[str, str]

    (Updatable) HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

    Note: The only currently-supported header fields are Host and User-Agent.

    healthy_threshold int
    (Updatable) Number of successful health checks after which the server is marked up.
    interval_in_seconds int
    (Updatable) Time between health checks of an individual origin server, in seconds.
    is_enabled bool
    (Updatable) Enables or disables the health checks.
    is_response_text_check_enabled bool
    (Updatable) Enables or disables additional check for predefined text in addition to response code.
    method str
    (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
    path str
    (Updatable) Path to visit on your origins when performing the health check.
    timeout_in_seconds int
    (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
    unhealthy_threshold int
    (Updatable) Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups List<String>
    (Updatable) The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText String
    (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Map<String>

    (Updatable) HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

    Note: The only currently-supported header fields are Host and User-Agent.

    healthyThreshold Number
    (Updatable) Number of successful health checks after which the server is marked up.
    intervalInSeconds Number
    (Updatable) Time between health checks of an individual origin server, in seconds.
    isEnabled Boolean
    (Updatable) Enables or disables the health checks.
    isResponseTextCheckEnabled Boolean
    (Updatable) Enables or disables additional check for predefined text in addition to response code.
    method String
    (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
    path String
    (Updatable) Path to visit on your origins when performing the health check.
    timeoutInSeconds Number
    (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold Number
    (Updatable) Number of failed health checks after which the server is marked down.

    PolicyPolicyConfigLoadBalancingMethod, PolicyPolicyConfigLoadBalancingMethodArgs

    Method string
    (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Domain string
    (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
    ExpirationTimeInSeconds int
    (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    Name string
    (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
    Method string
    (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Domain string
    (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
    ExpirationTimeInSeconds int
    (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    Name string
    (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
    method String
    (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    domain String
    (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds Integer
    (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    name String
    (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
    method string
    (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    domain string
    (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds number
    (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    name string
    (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
    method str
    (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    domain str
    (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
    expiration_time_in_seconds int
    (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    name str
    (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
    method String
    (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    domain String
    (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds Number
    (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    name String
    (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.

    PolicyWafConfig, PolicyWafConfigArgs

    AccessRules List<PolicyWafConfigAccessRule>
    (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and ALLOW, DETECT, or BLOCK actions to be taken on a request when specified criteria are met.
    AddressRateLimiting PolicyWafConfigAddressRateLimiting
    (Updatable) The settings used to limit the number of requests from an IP address.
    CachingRules List<PolicyWafConfigCachingRule>
    (Updatable) A list of caching rules applied to the web application.
    Captchas List<PolicyWafConfigCaptcha>
    (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
    CustomProtectionRules List<PolicyWafConfigCustomProtectionRule>
    (Updatable) A list of the custom protection rule OCIDs and their actions.
    DeviceFingerprintChallenge PolicyWafConfigDeviceFingerprintChallenge
    (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
    HumanInteractionChallenge PolicyWafConfigHumanInteractionChallenge
    (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    JsChallenge PolicyWafConfigJsChallenge
    (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
    Origin string
    (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but is not required upon updating the configuration.
    OriginGroups List<string>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    ProtectionSettings PolicyWafConfigProtectionSettings
    (Updatable) The settings applied to protection rules.
    Whitelists List<PolicyWafConfigWhitelist>
    (Updatable) A list of IP addresses that bypass the Web Application Firewall.
    AccessRules []PolicyWafConfigAccessRule
    (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and ALLOW, DETECT, or BLOCK actions to be taken on a request when specified criteria are met.
    AddressRateLimiting PolicyWafConfigAddressRateLimiting
    (Updatable) The settings used to limit the number of requests from an IP address.
    CachingRules []PolicyWafConfigCachingRule
    (Updatable) A list of caching rules applied to the web application.
    Captchas []PolicyWafConfigCaptcha
    (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
    CustomProtectionRules []PolicyWafConfigCustomProtectionRule
    (Updatable) A list of the custom protection rule OCIDs and their actions.
    DeviceFingerprintChallenge PolicyWafConfigDeviceFingerprintChallenge
    (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
    HumanInteractionChallenge PolicyWafConfigHumanInteractionChallenge
    (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    JsChallenge PolicyWafConfigJsChallenge
    (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
    Origin string
    (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but is not required upon updating the configuration.
    OriginGroups []string
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    ProtectionSettings PolicyWafConfigProtectionSettings
    (Updatable) The settings applied to protection rules.
    Whitelists []PolicyWafConfigWhitelist
    (Updatable) A list of IP addresses that bypass the Web Application Firewall.
    accessRules List<PolicyWafConfigAccessRule>
    (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and ALLOW, DETECT, or BLOCK actions to be taken on a request when specified criteria are met.
    addressRateLimiting PolicyWafConfigAddressRateLimiting
    (Updatable) The settings used to limit the number of requests from an IP address.
    cachingRules List<PolicyWafConfigCachingRule>
    (Updatable) A list of caching rules applied to the web application.
    captchas List<PolicyWafConfigCaptcha>
    (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
    customProtectionRules List<PolicyWafConfigCustomProtectionRule>
    (Updatable) A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenge PolicyWafConfigDeviceFingerprintChallenge
    (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
    humanInteractionChallenge PolicyWafConfigHumanInteractionChallenge
    (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenge PolicyWafConfigJsChallenge
    (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
    origin String
    (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but is not required upon updating the configuration.
    originGroups List<String>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings PolicyWafConfigProtectionSettings
    (Updatable) The settings applied to protection rules.
    whitelists List<PolicyWafConfigWhitelist>
    (Updatable) A list of IP addresses that bypass the Web Application Firewall.
    accessRules PolicyWafConfigAccessRule[]
    (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and ALLOW, DETECT, or BLOCK actions to be taken on a request when specified criteria are met.
    addressRateLimiting PolicyWafConfigAddressRateLimiting
    (Updatable) The settings used to limit the number of requests from an IP address.
    cachingRules PolicyWafConfigCachingRule[]
    (Updatable) A list of caching rules applied to the web application.
    captchas PolicyWafConfigCaptcha[]
    (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
    customProtectionRules PolicyWafConfigCustomProtectionRule[]
    (Updatable) A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenge PolicyWafConfigDeviceFingerprintChallenge
    (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
    humanInteractionChallenge PolicyWafConfigHumanInteractionChallenge
    (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenge PolicyWafConfigJsChallenge
    (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
    origin string
    (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but is not required upon updating the configuration.
    originGroups string[]
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings PolicyWafConfigProtectionSettings
    (Updatable) The settings applied to protection rules.
    whitelists PolicyWafConfigWhitelist[]
    (Updatable) A list of IP addresses that bypass the Web Application Firewall.
    access_rules Sequence[waas.PolicyWafConfigAccessRule]
    (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and ALLOW, DETECT, or BLOCK actions to be taken on a request when specified criteria are met.
    address_rate_limiting waas.PolicyWafConfigAddressRateLimiting
    (Updatable) The settings used to limit the number of requests from an IP address.
    caching_rules Sequence[waas.PolicyWafConfigCachingRule]
    (Updatable) A list of caching rules applied to the web application.
    captchas Sequence[waas.PolicyWafConfigCaptcha]
    (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
    custom_protection_rules Sequence[waas.PolicyWafConfigCustomProtectionRule]
    (Updatable) A list of the custom protection rule OCIDs and their actions.
    device_fingerprint_challenge waas.PolicyWafConfigDeviceFingerprintChallenge
    (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
    human_interaction_challenge waas.PolicyWafConfigHumanInteractionChallenge
    (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    js_challenge waas.PolicyWafConfigJsChallenge
    (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
    origin str
    (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but is not required upon updating the configuration.
    origin_groups Sequence[str]
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protection_settings waas.PolicyWafConfigProtectionSettings
    (Updatable) The settings applied to protection rules.
    whitelists Sequence[waas.PolicyWafConfigWhitelist]
    (Updatable) A list of IP addresses that bypass the Web Application Firewall.
    accessRules List<Property Map>
    (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and ALLOW, DETECT, or BLOCK actions to be taken on a request when specified criteria are met.
    addressRateLimiting Property Map
    (Updatable) The settings used to limit the number of requests from an IP address.
    cachingRules List<Property Map>
    (Updatable) A list of caching rules applied to the web application.
    captchas List<Property Map>
    (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
    customProtectionRules List<Property Map>
    (Updatable) A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenge Property Map
    (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
    humanInteractionChallenge Property Map
    (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenge Property Map
    (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
    origin String
    (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but is not required upon updating the configuration.
    originGroups List<String>
    (Updatable) The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings Property Map
    (Updatable) The settings applied to protection rules.
    whitelists List<Property Map>
    (Updatable) A list of IP addresses that bypass the Web Application Firewall.

    PolicyWafConfigAccessRule, PolicyWafConfigAccessRuleArgs

    Action string

    (Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to ALLOW.

    • ALLOW: Takes no action, just logs the request.
    • DETECT: Takes no action, but creates an alert for the request.
    • BLOCK: Blocks the request by returning specified response code or showing error page.
    • BYPASS: Bypasses some or all challenges.
    • REDIRECT: Redirects the request to the specified URL. These fields are required when REDIRECT is selected: redirectUrl, redirectResponseCode.
    • SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.

    Regardless of action, no further rules are processed once a rule is matched.

    Criterias List<PolicyWafConfigAccessRuleCriteria>
    (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
    Name string
    (Updatable) The unique name of the access rule.
    BlockAction string
    (Updatable) The method used to block requests if action is set to BLOCK and the access criteria are met. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access rules'.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the access criteria are met. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    BypassChallenges List<string>
    (Updatable) The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to SHOW_CAPTCHA and the request is challenged.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    RedirectResponseCode string
    (Updatable) The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    RedirectUrl string
    (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    ResponseHeaderManipulations List<PolicyWafConfigAccessRuleResponseHeaderManipulation>
    (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    Action string

    (Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to ALLOW.

    • ALLOW: Takes no action, just logs the request.
    • DETECT: Takes no action, but creates an alert for the request.
    • BLOCK: Blocks the request by returning specified response code or showing error page.
    • BYPASS: Bypasses some or all challenges.
    • REDIRECT: Redirects the request to the specified URL. These fields are required when REDIRECT is selected: redirectUrl, redirectResponseCode.
    • SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.

    Regardless of action, no further rules are processed once a rule is matched.

    Criterias []PolicyWafConfigAccessRuleCriteria
    (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
    Name string
    (Updatable) The unique name of the access rule.
    BlockAction string
    (Updatable) The method used to block requests if action is set to BLOCK and the access criteria are met. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access rules'.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the access criteria are met. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    BypassChallenges []string
    (Updatable) The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to SHOW_CAPTCHA and the request is challenged.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    RedirectResponseCode string
    (Updatable) The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    RedirectUrl string
    (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    ResponseHeaderManipulations []PolicyWafConfigAccessRuleResponseHeaderManipulation
    (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action String

    (Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to ALLOW.

    • ALLOW: Takes no action, just logs the request.
    • DETECT: Takes no action, but creates an alert for the request.
    • BLOCK: Blocks the request by returning specified response code or showing error page.
    • BYPASS: Bypasses some or all challenges.
    • REDIRECT: Redirects the request to the specified URL. These fields are required when REDIRECT is selected: redirectUrl, redirectResponseCode.
    • SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.

    Regardless of action, no further rules are processed once a rule is matched.

    criterias List<PolicyWafConfigAccessRuleCriteria>
    (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
    name String
    (Updatable) The unique name of the access rule.
    blockAction String
    (Updatable) The method used to block requests if action is set to BLOCK and the access criteria are met. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access rules'.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the access criteria are met. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    bypassChallenges List<String>
    (Updatable) The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    redirectResponseCode String
    (Updatable) The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl String
    (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations List<PolicyWafConfigAccessRuleResponseHeaderManipulation>
    (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action string

    (Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to ALLOW.

    • ALLOW: Takes no action, just logs the request.
    • DETECT: Takes no action, but creates an alert for the request.
    • BLOCK: Blocks the request by returning specified response code or showing error page.
    • BYPASS: Bypasses some or all challenges.
    • REDIRECT: Redirects the request to the specified URL. These fields are required when REDIRECT is selected: redirectUrl, redirectResponseCode.
    • SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.

    Regardless of action, no further rules are processed once a rule is matched.

    criterias PolicyWafConfigAccessRuleCriteria[]
    (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
    name string
    (Updatable) The unique name of the access rule.
    blockAction string
    (Updatable) The method used to block requests if action is set to BLOCK and the access criteria are met. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access rules'.
    blockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
    blockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the access criteria are met. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    bypassChallenges string[]
    (Updatable) The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    redirectResponseCode string
    (Updatable) The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl string
    (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations PolicyWafConfigAccessRuleResponseHeaderManipulation[]
    (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action str

    (Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to ALLOW.

    • ALLOW: Takes no action, just logs the request.
    • DETECT: Takes no action, but creates an alert for the request.
    • BLOCK: Blocks the request by returning specified response code or showing error page.
    • BYPASS: Bypasses some or all challenges.
    • REDIRECT: Redirects the request to the specified URL. These fields are required when REDIRECT is selected: redirectUrl, redirectResponseCode.
    • SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.

    Regardless of action, no further rules are processed once a rule is matched.

    criterias Sequence[waas.PolicyWafConfigAccessRuleCriteria]
    (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
    name str
    (Updatable) The unique name of the access rule.
    block_action str
    (Updatable) The method used to block requests if action is set to BLOCK and the access criteria are met. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access rules'.
    block_error_page_description str
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
    block_error_page_message str
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the access criteria are met. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    bypass_challenges Sequence[str]
    (Updatable) The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captcha_footer str
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captcha_header str
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captcha_submit_label str
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to SHOW_CAPTCHA and the request is challenged.
    captcha_title str
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    redirect_response_code str
    (Updatable) The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirect_url str
    (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    response_header_manipulations Sequence[waas.PolicyWafConfigAccessRuleResponseHeaderManipulation]
    (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action String

    (Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to ALLOW.

    • ALLOW: Takes no action, just logs the request.
    • DETECT: Takes no action, but creates an alert for the request.
    • BLOCK: Blocks the request by returning specified response code or showing error page.
    • BYPASS: Bypasses some or all challenges.
    • REDIRECT: Redirects the request to the specified URL. These fields are required when REDIRECT is selected: redirectUrl, redirectResponseCode.
    • SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.

    Regardless of action, no further rules are processed once a rule is matched.

    criterias List<Property Map>
    (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
    name String
    (Updatable) The unique name of the access rule.
    blockAction String
    (Updatable) The method used to block requests if action is set to BLOCK and the access criteria are met. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access rules'.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the access criteria are met. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    bypassChallenges List<String>
    (Updatable) The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to SHOW_CAPTCHA and the request is challenged.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to SHOW_CAPTCHA and the request is challenged.
    redirectResponseCode String
    (Updatable) The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl String
    (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations List<Property Map>
    (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

    PolicyWafConfigAccessRuleCriteria, PolicyWafConfigAccessRuleCriteriaArgs

    Condition string

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    Value string
    (Updatable) The criteria value.
    IsCaseSensitive bool
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    Condition string

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    Value string
    (Updatable) The criteria value.
    IsCaseSensitive bool
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition String

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value String
    (Updatable) The criteria value.
    isCaseSensitive Boolean
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition string

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value string
    (Updatable) The criteria value.
    isCaseSensitive boolean
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition str

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value str
    (Updatable) The criteria value.
    is_case_sensitive bool
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition String

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value String
    (Updatable) The criteria value.
    isCaseSensitive Boolean
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.

    PolicyWafConfigAccessRuleResponseHeaderManipulation, PolicyWafConfigAccessRuleResponseHeaderManipulationArgs

    Action string
    (Updatable) The action can be one of these values: ADD_HTTP_RESPONSE_HEADER, EXTEND_HTTP_RESPONSE_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    Header string
    (Updatable) A header field name that conforms to RFC 7230. Example: example_header_name
    Value string
    (Updatable) A header field value that conforms to RFC 7230. Example: example_value
    Action string
    (Updatable) The action can be one of these values: ADD_HTTP_RESPONSE_HEADER, EXTEND_HTTP_RESPONSE_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    Header string
    (Updatable) A header field name that conforms to RFC 7230. Example: example_header_name
    Value string
    (Updatable) A header field value that conforms to RFC 7230. Example: example_value
    action String
    (Updatable) The action can be one of these values: ADD_HTTP_RESPONSE_HEADER, EXTEND_HTTP_RESPONSE_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    header String
    (Updatable) A header field name that conforms to RFC 7230. Example: example_header_name
    value String
    (Updatable) A header field value that conforms to RFC 7230. Example: example_value
    action string
    (Updatable) The action can be one of these values: ADD_HTTP_RESPONSE_HEADER, EXTEND_HTTP_RESPONSE_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    header string
    (Updatable) A header field name that conforms to RFC 7230. Example: example_header_name
    value string
    (Updatable) A header field value that conforms to RFC 7230. Example: example_value
    action str
    (Updatable) The action can be one of these values: ADD_HTTP_RESPONSE_HEADER, EXTEND_HTTP_RESPONSE_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    header str
    (Updatable) A header field name that conforms to RFC 7230. Example: example_header_name
    value str
    (Updatable) A header field value that conforms to RFC 7230. Example: example_value
    action String
    (Updatable) The action can be one of these values: ADD_HTTP_RESPONSE_HEADER, EXTEND_HTTP_RESPONSE_HEADER, REMOVE_HTTP_RESPONSE_HEADER
    header String
    (Updatable) A header field name that conforms to RFC 7230. Example: example_header_name
    value String
    (Updatable) A header field value that conforms to RFC 7230. Example: example_value

    PolicyWafConfigAddressRateLimiting, PolicyWafConfigAddressRateLimitingArgs

    IsEnabled bool
    (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
    AllowedRatePerAddress int
    (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    BlockResponseCode int
    (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to 503. The list of available response codes: 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    MaxDelayedCountPerAddress int
    (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    IsEnabled bool
    (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
    AllowedRatePerAddress int
    (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    BlockResponseCode int
    (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to 503. The list of available response codes: 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    MaxDelayedCountPerAddress int
    (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    isEnabled Boolean
    (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
    allowedRatePerAddress Integer
    (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode Integer
    (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to 503. The list of available response codes: 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    maxDelayedCountPerAddress Integer
    (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    isEnabled boolean
    (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
    allowedRatePerAddress number
    (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode number
    (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to 503. The list of available response codes: 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    maxDelayedCountPerAddress number
    (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    is_enabled bool
    (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
    allowed_rate_per_address int
    (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    block_response_code int
    (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to 503. The list of available response codes: 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    max_delayed_count_per_address int
    (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    isEnabled Boolean
    (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
    allowedRatePerAddress Number
    (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode Number
    (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to 503. The list of available response codes: 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    maxDelayedCountPerAddress Number
    (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

    PolicyWafConfigCachingRule, PolicyWafConfigCachingRuleArgs

    Action string
    (Updatable) The action to take when the criteria of a caching rule are met.

    • CACHE: Caches requested content when the criteria of the rule are met.
    • BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
    Criterias List<PolicyWafConfigCachingRuleCriteria>
    (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
    Name string
    (Updatable) The name of the caching rule.
    CachingDuration string
    (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    ClientCachingDuration string
    (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    IsClientCachingEnabled bool
    (Updatable) Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    Key string
    (Updatable) The unique key for the caching rule.
    Action string
    (Updatable) The action to take when the criteria of a caching rule are met.

    • CACHE: Caches requested content when the criteria of the rule are met.
    • BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
    Criterias []PolicyWafConfigCachingRuleCriteria
    (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
    Name string
    (Updatable) The name of the caching rule.
    CachingDuration string
    (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    ClientCachingDuration string
    (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    IsClientCachingEnabled bool
    (Updatable) Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    Key string
    (Updatable) The unique key for the caching rule.
    action String
    (Updatable) The action to take when the criteria of a caching rule are met.

    • CACHE: Caches requested content when the criteria of the rule are met.
    • BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
    criterias List<PolicyWafConfigCachingRuleCriteria>
    (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
    name String
    (Updatable) The name of the caching rule.
    cachingDuration String
    (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration String
    (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    isClientCachingEnabled Boolean
    (Updatable) Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key String
    (Updatable) The unique key for the caching rule.
    action string
    (Updatable) The action to take when the criteria of a caching rule are met.

    • CACHE: Caches requested content when the criteria of the rule are met.
    • BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
    criterias PolicyWafConfigCachingRuleCriteria[]
    (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
    name string
    (Updatable) The name of the caching rule.
    cachingDuration string
    (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration string
    (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    isClientCachingEnabled boolean
    (Updatable) Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key string
    (Updatable) The unique key for the caching rule.
    action str
    (Updatable) The action to take when the criteria of a caching rule are met.

    • CACHE: Caches requested content when the criteria of the rule are met.
    • BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
    criterias Sequence[waas.PolicyWafConfigCachingRuleCriteria]
    (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
    name str
    (Updatable) The name of the caching rule.
    caching_duration str
    (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    client_caching_duration str
    (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    is_client_caching_enabled bool
    (Updatable) Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key str
    (Updatable) The unique key for the caching rule.
    action String
    (Updatable) The action to take when the criteria of a caching rule are met.

    • CACHE: Caches requested content when the criteria of the rule are met.
    • BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
    criterias List<Property Map>
    (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
    name String
    (Updatable) The name of the caching rule.
    cachingDuration String
    (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration String
    (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    isClientCachingEnabled Boolean
    (Updatable) Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key String
    (Updatable) The unique key for the caching rule.

    PolicyWafConfigCachingRuleCriteria, PolicyWafConfigCachingRuleCriteriaArgs

    Condition string

    (Updatable) The condition of the caching rule criteria.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.

    URLs must start with a /. URLs can't contain restricted double slashes //. URLs can't contain the restricted ' & ? symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

    Value string
    (Updatable) The value of the caching rule criteria.
    Condition string

    (Updatable) The condition of the caching rule criteria.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.

    URLs must start with a /. URLs can't contain restricted double slashes //. URLs can't contain the restricted ' & ? symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

    Value string
    (Updatable) The value of the caching rule criteria.
    condition String

    (Updatable) The condition of the caching rule criteria.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.

    URLs must start with a /. URLs can't contain restricted double slashes //. URLs can't contain the restricted ' & ? symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

    value String
    (Updatable) The value of the caching rule criteria.
    condition string

    (Updatable) The condition of the caching rule criteria.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.

    URLs must start with a /. URLs can't contain restricted double slashes //. URLs can't contain the restricted ' & ? symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

    value string
    (Updatable) The value of the caching rule criteria.
    condition str

    (Updatable) The condition of the caching rule criteria.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.

    URLs must start with a /. URLs can't contain restricted double slashes //. URLs can't contain the restricted ' & ? symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

    value str
    (Updatable) The value of the caching rule criteria.
    condition String

    (Updatable) The condition of the caching rule criteria.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.

    URLs must start with a /. URLs can't contain restricted double slashes //. URLs can't contain the restricted ' & ? symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

    value String
    (Updatable) The value of the caching rule criteria.

    PolicyWafConfigCaptcha, PolicyWafConfigCaptchaArgs

    FailureMessage string
    (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    SessionExpirationInSeconds int
    (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    SubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    Title string
    (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    Url string
    (Updatable) The unique URL path at which to show the CAPTCHA challenge.
    FooterText string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    HeaderText string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    FailureMessage string
    (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    SessionExpirationInSeconds int
    (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    SubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    Title string
    (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    Url string
    (Updatable) The unique URL path at which to show the CAPTCHA challenge.
    FooterText string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    HeaderText string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    failureMessage String
    (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    sessionExpirationInSeconds Integer
    (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title String
    (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url String
    (Updatable) The unique URL path at which to show the CAPTCHA challenge.
    footerText String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    failureMessage string
    (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    sessionExpirationInSeconds number
    (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title string
    (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url string
    (Updatable) The unique URL path at which to show the CAPTCHA challenge.
    footerText string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    failure_message str
    (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    session_expiration_in_seconds int
    (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submit_label str
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title str
    (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url str
    (Updatable) The unique URL path at which to show the CAPTCHA challenge.
    footer_text str
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    header_text str
    (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    failureMessage String
    (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    sessionExpirationInSeconds Number
    (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title String
    (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url String
    (Updatable) The unique URL path at which to show the CAPTCHA challenge.
    footerText String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'

    PolicyWafConfigCustomProtectionRule, PolicyWafConfigCustomProtectionRuleArgs

    Action string
    (Updatable) The action to take when the custom protection rule is triggered. DETECT - Logs the request when the criteria of the custom protection rule are met. BLOCK - Blocks the request when the criteria of the custom protection rule are met.
    Exclusions List<PolicyWafConfigCustomProtectionRuleExclusion>
    (Updatable)
    Id string
    (Updatable) The OCID of the custom protection rule.
    Action string
    (Updatable) The action to take when the custom protection rule is triggered. DETECT - Logs the request when the criteria of the custom protection rule are met. BLOCK - Blocks the request when the criteria of the custom protection rule are met.
    Exclusions []PolicyWafConfigCustomProtectionRuleExclusion
    (Updatable)
    Id string
    (Updatable) The OCID of the custom protection rule.
    action String
    (Updatable) The action to take when the custom protection rule is triggered. DETECT - Logs the request when the criteria of the custom protection rule are met. BLOCK - Blocks the request when the criteria of the custom protection rule are met.
    exclusions List<PolicyWafConfigCustomProtectionRuleExclusion>
    (Updatable)
    id String
    (Updatable) The OCID of the custom protection rule.
    action string
    (Updatable) The action to take when the custom protection rule is triggered. DETECT - Logs the request when the criteria of the custom protection rule are met. BLOCK - Blocks the request when the criteria of the custom protection rule are met.
    exclusions PolicyWafConfigCustomProtectionRuleExclusion[]
    (Updatable)
    id string
    (Updatable) The OCID of the custom protection rule.
    action str
    (Updatable) The action to take when the custom protection rule is triggered. DETECT - Logs the request when the criteria of the custom protection rule are met. BLOCK - Blocks the request when the criteria of the custom protection rule are met.
    exclusions Sequence[waas.PolicyWafConfigCustomProtectionRuleExclusion]
    (Updatable)
    id str
    (Updatable) The OCID of the custom protection rule.
    action String
    (Updatable) The action to take when the custom protection rule is triggered. DETECT - Logs the request when the criteria of the custom protection rule are met. BLOCK - Blocks the request when the criteria of the custom protection rule are met.
    exclusions List<Property Map>
    (Updatable)
    id String
    (Updatable) The OCID of the custom protection rule.

    PolicyWafConfigCustomProtectionRuleExclusion, PolicyWafConfigCustomProtectionRuleExclusionArgs

    Exclusions List<string>
    (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Target string
    (Updatable) The target of the exclusion.
    Exclusions []string
    (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Target string
    (Updatable) The target of the exclusion.
    exclusions List<String>
    (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target String
    (Updatable) The target of the exclusion.
    exclusions string[]
    (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target string
    (Updatable) The target of the exclusion.
    exclusions Sequence[str]
    (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target str
    (Updatable) The target of the exclusion.
    exclusions List<String>
    (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target String
    (Updatable) The target of the exclusion.

    PolicyWafConfigDeviceFingerprintChallenge, PolicyWafConfigDeviceFingerprintChallengeArgs

    IsEnabled bool
    (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
    Action string
    (Updatable) The action to take on requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    ChallengeSettings PolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    FailureThreshold int
    (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    MaxAddressCount int
    (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    MaxAddressCountExpirationInSeconds int
    (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    IsEnabled bool
    (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
    Action string
    (Updatable) The action to take on requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    ChallengeSettings PolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    FailureThreshold int
    (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    MaxAddressCount int
    (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    MaxAddressCountExpirationInSeconds int
    (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    isEnabled Boolean
    (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
    action String
    (Updatable) The action to take on requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challengeSettings PolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    failureThreshold Integer
    (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Integer
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    maxAddressCount Integer
    (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds Integer
    (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    isEnabled boolean
    (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
    action string
    (Updatable) The action to take on requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challengeSettings PolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    failureThreshold number
    (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds number
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    maxAddressCount number
    (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds number
    (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    is_enabled bool
    (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
    action str
    (Updatable) The action to take on requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challenge_settings waas.PolicyWafConfigDeviceFingerprintChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    failure_threshold int
    (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to 10.
    failure_threshold_expiration_in_seconds int
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    max_address_count int
    (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    max_address_count_expiration_in_seconds int
    (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    isEnabled Boolean
    (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
    action String
    (Updatable) The action to take on requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challengeSettings Property Map
    (Updatable) The challenge settings if action is set to BLOCK.
    failureThreshold Number
    (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Number
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    maxAddressCount Number
    (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds Number
    (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

    PolicyWafConfigDeviceFingerprintChallengeChallengeSettings, PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs

    BlockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode Integer
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    block_error_page_code str
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    block_error_page_description str
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    block_response_code int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode Number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    PolicyWafConfigHumanInteractionChallenge, PolicyWafConfigHumanInteractionChallengeArgs

    IsEnabled bool
    (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
    Action string
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    ChallengeSettings PolicyWafConfigHumanInteractionChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    FailureThreshold int
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    InteractionThreshold int
    (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    IsNatEnabled bool
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    RecordingPeriodInSeconds int
    (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    SetHttpHeader PolicyWafConfigHumanInteractionChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    IsEnabled bool
    (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
    Action string
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    ChallengeSettings PolicyWafConfigHumanInteractionChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    FailureThreshold int
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    InteractionThreshold int
    (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    IsNatEnabled bool
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    RecordingPeriodInSeconds int
    (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    SetHttpHeader PolicyWafConfigHumanInteractionChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    isEnabled Boolean
    (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
    action String
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challengeSettings PolicyWafConfigHumanInteractionChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    failureThreshold Integer
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Integer
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold Integer
    (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isNatEnabled Boolean
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds Integer
    (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeader PolicyWafConfigHumanInteractionChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    isEnabled boolean
    (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
    action string
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challengeSettings PolicyWafConfigHumanInteractionChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    failureThreshold number
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds number
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold number
    (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isNatEnabled boolean
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds number
    (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeader PolicyWafConfigHumanInteractionChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    is_enabled bool
    (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
    action str
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challenge_settings waas.PolicyWafConfigHumanInteractionChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    failure_threshold int
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    failure_threshold_expiration_in_seconds int
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interaction_threshold int
    (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    is_nat_enabled bool
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recording_period_in_seconds int
    (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    set_http_header waas.PolicyWafConfigHumanInteractionChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    isEnabled Boolean
    (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
    action String
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to 60.
    challengeSettings Property Map
    (Updatable) The challenge settings if action is set to BLOCK.
    failureThreshold Number
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Number
    (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold Number
    (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isNatEnabled Boolean
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds Number
    (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeader Property Map
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

    PolicyWafConfigHumanInteractionChallengeChallengeSettings, PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs

    BlockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode Integer
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    block_error_page_code str
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    block_error_page_description str
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    block_response_code int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode Number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    PolicyWafConfigHumanInteractionChallengeSetHttpHeader, PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs

    Name string
    (Updatable) The name of the header.
    Value string
    (Updatable) The value of the header.
    Name string
    (Updatable) The name of the header.
    Value string
    (Updatable) The value of the header.
    name String
    (Updatable) The name of the header.
    value String
    (Updatable) The value of the header.
    name string
    (Updatable) The name of the header.
    value string
    (Updatable) The value of the header.
    name str
    (Updatable) The name of the header.
    value str
    (Updatable) The value of the header.
    name String
    (Updatable) The name of the header.
    value String
    (Updatable) The value of the header.

    PolicyWafConfigJsChallenge, PolicyWafConfigJsChallengeArgs

    IsEnabled bool
    (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
    Action string
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    AreRedirectsChallenged bool
    (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    ChallengeSettings PolicyWafConfigJsChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    Criterias List<PolicyWafConfigJsChallengeCriteria>
    (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    FailureThreshold int
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    IsNatEnabled bool
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    SetHttpHeader PolicyWafConfigJsChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    IsEnabled bool
    (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
    Action string
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    AreRedirectsChallenged bool
    (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    ChallengeSettings PolicyWafConfigJsChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    Criterias []PolicyWafConfigJsChallengeCriteria
    (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    FailureThreshold int
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    IsNatEnabled bool
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    SetHttpHeader PolicyWafConfigJsChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    isEnabled Boolean
    (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
    action String
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged Boolean
    (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings PolicyWafConfigJsChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    criterias List<PolicyWafConfigJsChallengeCriteria>
    (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold Integer
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    isNatEnabled Boolean
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeader PolicyWafConfigJsChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    isEnabled boolean
    (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
    action string
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged boolean
    (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings PolicyWafConfigJsChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    criterias PolicyWafConfigJsChallengeCriteria[]
    (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold number
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    isNatEnabled boolean
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeader PolicyWafConfigJsChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    is_enabled bool
    (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
    action str
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    are_redirects_challenged bool
    (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challenge_settings waas.PolicyWafConfigJsChallengeChallengeSettings
    (Updatable) The challenge settings if action is set to BLOCK.
    criterias Sequence[waas.PolicyWafConfigJsChallengeCriteria]
    (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failure_threshold int
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    is_nat_enabled bool
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    set_http_header waas.PolicyWafConfigJsChallengeSetHttpHeader
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    isEnabled Boolean
    (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
    action String
    (Updatable) The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged Boolean
    (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings Property Map
    (Updatable) The challenge settings if action is set to BLOCK.
    criterias List<Property Map>
    (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold Number
    (Updatable) The number of failed requests before taking action. If unspecified, defaults to 10.
    isNatEnabled Boolean
    (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeader Property Map
    (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

    PolicyWafConfigJsChallengeChallengeSettings, PolicyWafConfigJsChallengeChallengeSettingsArgs

    BlockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    BlockResponseCode int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode Integer
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    block_error_page_code str
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    block_error_page_description str
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    block_response_code int
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    (Updatable) The method used to block requests that fail the challenge, if action is set to BLOCK. If unspecified, defaults to SHOW_ERROR_PAGE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE and the request is blocked. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to Access to the website is blocked.
    blockResponseCode Number
    (Updatable) The response status code to return when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE or SHOW_ERROR_PAGE, and the request is blocked. If unspecified, defaults to 403. The list of available response codes: 200, 201, 202, 204, 206, 300, 301, 302, 303, 304, 307, 400, 401, 403, 404, 405, 408, 409, 411, 412, 413, 414, 415, 416, 422, 444, 494, 495, 496, 497, 499, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    (Updatable) The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    (Updatable) The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    (Updatable) The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    (Updatable) The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    PolicyWafConfigJsChallengeCriteria, PolicyWafConfigJsChallengeCriteriaArgs

    Condition string

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    Value string
    (Updatable) The criteria value.
    IsCaseSensitive bool
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    Condition string

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    Value string
    (Updatable) The criteria value.
    IsCaseSensitive bool
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition String

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value String
    (Updatable) The criteria value.
    isCaseSensitive Boolean
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition string

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value string
    (Updatable) The criteria value.
    isCaseSensitive boolean
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition str

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value str
    (Updatable) The criteria value.
    is_case_sensitive bool
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.
    condition String

    (Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the value field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

    Example: "GET\nPOST"

    • COUNTRY_IS: Matches if the request originates from one of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the value field. The value in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM"
    • USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    • USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the value field. Example: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
    value String
    (Updatable) The criteria value.
    isCaseSensitive Boolean
    (Updatable) When enabled, the condition will be matched with case-sensitive rules.

    PolicyWafConfigJsChallengeSetHttpHeader, PolicyWafConfigJsChallengeSetHttpHeaderArgs

    Name string
    (Updatable) The name of the header.
    Value string
    (Updatable) The value of the header.
    Name string
    (Updatable) The name of the header.
    Value string
    (Updatable) The value of the header.
    name String
    (Updatable) The name of the header.
    value String
    (Updatable) The value of the header.
    name string
    (Updatable) The name of the header.
    value string
    (Updatable) The value of the header.
    name str
    (Updatable) The name of the header.
    value str
    (Updatable) The value of the header.
    name String
    (Updatable) The name of the header.
    value String
    (Updatable) The value of the header.

    PolicyWafConfigProtectionSettings, PolicyWafConfigProtectionSettingsArgs

    AllowedHttpMethods List<string>
    (Updatable) The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    BlockAction string
    (Updatable) If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    (Updatable) The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsResponseInspected bool

    (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.

    Note: Only origin responses with a Content-Type matching a value in mediaTypes will be inspected.

    MaxArgumentCount int
    (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    MaxNameLengthPerArgument int
    (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    MaxResponseSizeInKiB int
    (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    MaxTotalNameLengthOfArguments int
    (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    MediaTypes List<string>

    (Updatable) The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].

    Supported MIME types include:

    • text/html
    • text/plain
    • text/asp
    • text/css
    • text/x-script
    • application/json
    • text/webviewhtml
    • text/x-java-source
    • application/x-javascript
    • application/javascript
    • application/ecmascript
    • text/javascript
    • text/ecmascript
    • text/x-script.perl
    • text/x-script.phyton
    • application/plain
    • application/xml
    • text/xml
    RecommendationsPeriodInDays int

    (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    Use GET /waasPolicies/{waasPolicyId}/wafRecommendations to view WAF recommendations.

    AllowedHttpMethods []string
    (Updatable) The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    BlockAction string
    (Updatable) If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    (Updatable) The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsResponseInspected bool

    (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.

    Note: Only origin responses with a Content-Type matching a value in mediaTypes will be inspected.

    MaxArgumentCount int
    (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    MaxNameLengthPerArgument int
    (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    MaxResponseSizeInKiB int
    (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    MaxTotalNameLengthOfArguments int
    (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    MediaTypes []string

    (Updatable) The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].

    Supported MIME types include:

    • text/html
    • text/plain
    • text/asp
    • text/css
    • text/x-script
    • application/json
    • text/webviewhtml
    • text/x-java-source
    • application/x-javascript
    • application/javascript
    • application/ecmascript
    • text/javascript
    • text/ecmascript
    • text/x-script.perl
    • text/x-script.phyton
    • application/plain
    • application/xml
    • text/xml
    RecommendationsPeriodInDays int

    (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    Use GET /waasPolicies/{waasPolicyId}/wafRecommendations to view WAF recommendations.

    allowedHttpMethods List<String>
    (Updatable) The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction String
    (Updatable) If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    (Updatable) The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected Boolean

    (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.

    Note: Only origin responses with a Content-Type matching a value in mediaTypes will be inspected.

    maxArgumentCount Integer
    (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument Integer
    (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB Integer
    (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments Integer
    (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes List<String>

    (Updatable) The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].

    Supported MIME types include:

    • text/html
    • text/plain
    • text/asp
    • text/css
    • text/x-script
    • application/json
    • text/webviewhtml
    • text/x-java-source
    • application/x-javascript
    • application/javascript
    • application/ecmascript
    • text/javascript
    • text/ecmascript
    • text/x-script.perl
    • text/x-script.phyton
    • application/plain
    • application/xml
    • text/xml
    recommendationsPeriodInDays Integer

    (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    Use GET /waasPolicies/{waasPolicyId}/wafRecommendations to view WAF recommendations.

    allowedHttpMethods string[]
    (Updatable) The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction string
    (Updatable) If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    (Updatable) The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected boolean

    (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.

    Note: Only origin responses with a Content-Type matching a value in mediaTypes will be inspected.

    maxArgumentCount number
    (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument number
    (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB number
    (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments number
    (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes string[]

    (Updatable) The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].

    Supported MIME types include:

    • text/html
    • text/plain
    • text/asp
    • text/css
    • text/x-script
    • application/json
    • text/webviewhtml
    • text/x-java-source
    • application/x-javascript
    • application/javascript
    • application/ecmascript
    • text/javascript
    • text/ecmascript
    • text/x-script.perl
    • text/x-script.phyton
    • application/plain
    • application/xml
    • text/xml
    recommendationsPeriodInDays number

    (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    Use GET /waasPolicies/{waasPolicyId}/wafRecommendations to view WAF recommendations.

    allowed_http_methods Sequence[str]
    (Updatable) The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    block_action str
    (Updatable) If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    (Updatable) The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    is_response_inspected bool

    (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.

    Note: Only origin responses with a Content-Type matching a value in mediaTypes will be inspected.

    max_argument_count int
    (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    max_name_length_per_argument int
    (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    max_response_size_in_ki_b int
    (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    max_total_name_length_of_arguments int
    (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    media_types Sequence[str]

    (Updatable) The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].

    Supported MIME types include:

    • text/html
    • text/plain
    • text/asp
    • text/css
    • text/x-script
    • application/json
    • text/webviewhtml
    • text/x-java-source
    • application/x-javascript
    • application/javascript
    • application/ecmascript
    • text/javascript
    • text/ecmascript
    • text/x-script.perl
    • text/x-script.phyton
    • application/plain
    • application/xml
    • text/xml
    recommendations_period_in_days int

    (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    Use GET /waasPolicies/{waasPolicyId}/wafRecommendations to view WAF recommendations.

    allowedHttpMethods List<String>
    (Updatable) The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction String
    (Updatable) If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    (Updatable) The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    (Updatable) The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    (Updatable) The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    (Updatable) The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected Boolean

    (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.

    Note: Only origin responses with a Content-Type matching a value in mediaTypes will be inspected.

    maxArgumentCount Number
    (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument Number
    (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB Number
    (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments Number
    (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes List<String>

    (Updatable) The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].

    Supported MIME types include:

    • text/html
    • text/plain
    • text/asp
    • text/css
    • text/x-script
    • application/json
    • text/webviewhtml
    • text/x-java-source
    • application/x-javascript
    • application/javascript
    • application/ecmascript
    • text/javascript
    • text/ecmascript
    • text/x-script.perl
    • text/x-script.phyton
    • application/plain
    • application/xml
    • text/xml
    recommendationsPeriodInDays Number

    (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    Use GET /waasPolicies/{waasPolicyId}/wafRecommendations to view WAF recommendations.

    PolicyWafConfigWhitelist, PolicyWafConfigWhitelistArgs

    Name string

    (Updatable) The unique name of the whitelist.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    AddressLists List<string>
    (Updatable) A list of OCID of IP address lists to include in the whitelist.
    Addresses List<string>
    (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
    Name string

    (Updatable) The unique name of the whitelist.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    AddressLists []string
    (Updatable) A list of OCID of IP address lists to include in the whitelist.
    Addresses []string
    (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
    name String

    (Updatable) The unique name of the whitelist.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    addressLists List<String>
    (Updatable) A list of OCID of IP address lists to include in the whitelist.
    addresses List<String>
    (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
    name string

    (Updatable) The unique name of the whitelist.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    addressLists string[]
    (Updatable) A list of OCID of IP address lists to include in the whitelist.
    addresses string[]
    (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
    name str

    (Updatable) The unique name of the whitelist.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    address_lists Sequence[str]
    (Updatable) A list of OCID of IP address lists to include in the whitelist.
    addresses Sequence[str]
    (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
    name String

    (Updatable) The unique name of the whitelist.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    addressLists List<String>
    (Updatable) A list of OCID of IP address lists to include in the whitelist.
    addresses List<String>
    (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.

    Import

    WaasPolicies can be imported using the id, e.g.

    $ pulumi import oci:Waas/policy:Policy test_waas_policy "id"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi