oci.Waas.Policy
Explore with Pulumi AI
This resource provides the Waas Policy resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.
Creates a new Web Application Acceleration and Security (WAAS) policy in the specified compartment. A WAAS policy must be established before creating Web Application Firewall (WAF) rules. To use WAF rules, your web application’s origin servers must defined in the WaasPolicy
schema.
A domain name must be specified when creating a WAAS policy. The domain name should be different from the origins specified in your WaasPolicy
. Once domain name is entered and stored, it is unchangeable.
Use the record data returned in the cname
field of the WaasPolicy
object to create a CNAME record in your DNS configuration that will direct your domain’s traffic through the WAF.
For the purposes of access control, you must provide the OCID of the compartment where you want the service to reside. For information about access control and compartments, see Overview of the IAM Service.
You must specify a display name and domain for the WAAS policy. The display name does not have to be unique and can be changed. The domain name should be different from every origin specified in WaasPolicy
.
All Oracle Cloud Infrastructure resources, including WAAS policies, receive a unique, Oracle-assigned ID called an Oracle Cloud Identifier (OCID). When a resource is created, you can find its OCID in the response. You can also retrieve a resource’s OCID by using a list API operation for that resource type, or by viewing the resource in the Console. Fore more information, see Resource Identifiers.
Note: After sending the POST request, the new object’s state will temporarily be CREATING
. Ensure that the resource’s state has changed to ACTIVE
before use.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.Policy;
import com.pulumi.oci.Waas.PolicyArgs;
import com.pulumi.oci.Waas.inputs.PolicyOriginGroupArgs;
import com.pulumi.oci.Waas.inputs.PolicyOriginArgs;
import com.pulumi.oci.Waas.inputs.PolicyPolicyConfigArgs;
import com.pulumi.oci.Waas.inputs.PolicyPolicyConfigHealthChecksArgs;
import com.pulumi.oci.Waas.inputs.PolicyPolicyConfigLoadBalancingMethodArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigAddressRateLimitingArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigDeviceFingerprintChallengeArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigHumanInteractionChallengeArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigJsChallengeArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigJsChallengeChallengeSettingsArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigJsChallengeSetHttpHeaderArgs;
import com.pulumi.oci.Waas.inputs.PolicyWafConfigProtectionSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testWaasPolicy = new Policy("testWaasPolicy", PolicyArgs.builder()
.compartmentId(compartmentId)
.domain(waasPolicyDomain)
.additionalDomains(waasPolicyAdditionalDomains)
.definedTags(Map.of("Operations.CostCenter", "42"))
.displayName(waasPolicyDisplayName)
.freeformTags(Map.of("Department", "Finance"))
.originGroups(PolicyOriginGroupArgs.builder()
.origins(waasPolicyOriginGroupsOrigins)
.build())
.origins(PolicyOriginArgs.builder()
.uri(waasPolicyOriginsUri)
.customHeaders(PolicyOriginCustomHeaderArgs.builder()
.name(waasPolicyOriginsCustomHeadersName)
.value(waasPolicyOriginsCustomHeadersValue)
.build())
.httpPort(waasPolicyOriginsHttpPort)
.httpsPort(waasPolicyOriginsHttpsPort)
.build())
.policyConfig(PolicyPolicyConfigArgs.builder()
.certificateId(testCertificate.id())
.cipherGroup(waasPolicyPolicyConfigCipherGroup)
.clientAddressHeader(waasPolicyPolicyConfigClientAddressHeader)
.healthChecks(PolicyPolicyConfigHealthChecksArgs.builder()
.expectedResponseCodeGroups(waasPolicyPolicyConfigHealthChecksExpectedResponseCodeGroup)
.expectedResponseText(waasPolicyPolicyConfigHealthChecksExpectedResponseText)
.headers(waasPolicyPolicyConfigHealthChecksHeaders)
.healthyThreshold(waasPolicyPolicyConfigHealthChecksHealthyThreshold)
.intervalInSeconds(waasPolicyPolicyConfigHealthChecksIntervalInSeconds)
.isEnabled(waasPolicyPolicyConfigHealthChecksIsEnabled)
.isResponseTextCheckEnabled(waasPolicyPolicyConfigHealthChecksIsResponseTextCheckEnabled)
.method(waasPolicyPolicyConfigHealthChecksMethod)
.path(waasPolicyPolicyConfigHealthChecksPath)
.timeoutInSeconds(waasPolicyPolicyConfigHealthChecksTimeoutInSeconds)
.unhealthyThreshold(waasPolicyPolicyConfigHealthChecksUnhealthyThreshold)
.build())
.isBehindCdn(waasPolicyPolicyConfigIsBehindCdn)
.isCacheControlRespected(waasPolicyPolicyConfigIsCacheControlRespected)
.isHttpsEnabled(waasPolicyPolicyConfigIsHttpsEnabled)
.isHttpsForced(waasPolicyPolicyConfigIsHttpsForced)
.isOriginCompressionEnabled(waasPolicyPolicyConfigIsOriginCompressionEnabled)
.isResponseBufferingEnabled(waasPolicyPolicyConfigIsResponseBufferingEnabled)
.isSniEnabled(waasPolicyPolicyConfigIsSniEnabled)
.loadBalancingMethod(PolicyPolicyConfigLoadBalancingMethodArgs.builder()
.method(waasPolicyPolicyConfigLoadBalancingMethodMethod)
.domain(waasPolicyPolicyConfigLoadBalancingMethodDomain)
.expirationTimeInSeconds(waasPolicyPolicyConfigLoadBalancingMethodExpirationTimeInSeconds)
.name(waasPolicyPolicyConfigLoadBalancingMethodName)
.build())
.tlsProtocols(waasPolicyPolicyConfigTlsProtocols)
.websocketPathPrefixes(waasPolicyPolicyConfigWebsocketPathPrefixes)
.build())
.wafConfig(PolicyWafConfigArgs.builder()
.accessRules(PolicyWafConfigAccessRuleArgs.builder()
.action(waasPolicyWafConfigAccessRulesAction)
.criterias(PolicyWafConfigAccessRuleCriteriaArgs.builder()
.condition(waasPolicyWafConfigAccessRulesCriteriaCondition)
.value(waasPolicyWafConfigAccessRulesCriteriaValue)
.isCaseSensitive(waasPolicyWafConfigAccessRulesCriteriaIsCaseSensitive)
.build())
.name(waasPolicyWafConfigAccessRulesName)
.blockAction(waasPolicyWafConfigAccessRulesBlockAction)
.blockErrorPageCode(waasPolicyWafConfigAccessRulesBlockErrorPageCode)
.blockErrorPageDescription(waasPolicyWafConfigAccessRulesBlockErrorPageDescription)
.blockErrorPageMessage(waasPolicyWafConfigAccessRulesBlockErrorPageMessage)
.blockResponseCode(waasPolicyWafConfigAccessRulesBlockResponseCode)
.bypassChallenges(waasPolicyWafConfigAccessRulesBypassChallenges)
.captchaFooter(waasPolicyWafConfigAccessRulesCaptchaFooter)
.captchaHeader(waasPolicyWafConfigAccessRulesCaptchaHeader)
.captchaSubmitLabel(waasPolicyWafConfigAccessRulesCaptchaSubmitLabel)
.captchaTitle(waasPolicyWafConfigAccessRulesCaptchaTitle)
.redirectResponseCode(waasPolicyWafConfigAccessRulesRedirectResponseCode)
.redirectUrl(waasPolicyWafConfigAccessRulesRedirectUrl)
.responseHeaderManipulations(PolicyWafConfigAccessRuleResponseHeaderManipulationArgs.builder()
.action(waasPolicyWafConfigAccessRulesResponseHeaderManipulationAction)
.header(waasPolicyWafConfigAccessRulesResponseHeaderManipulationHeader)
.value(waasPolicyWafConfigAccessRulesResponseHeaderManipulationValue)
.build())
.build())
.addressRateLimiting(PolicyWafConfigAddressRateLimitingArgs.builder()
.isEnabled(waasPolicyWafConfigAddressRateLimitingIsEnabled)
.allowedRatePerAddress(waasPolicyWafConfigAddressRateLimitingAllowedRatePerAddress)
.blockResponseCode(waasPolicyWafConfigAddressRateLimitingBlockResponseCode)
.maxDelayedCountPerAddress(waasPolicyWafConfigAddressRateLimitingMaxDelayedCountPerAddress)
.build())
.cachingRules(PolicyWafConfigCachingRuleArgs.builder()
.action(waasPolicyWafConfigCachingRulesAction)
.criterias(PolicyWafConfigCachingRuleCriteriaArgs.builder()
.condition(waasPolicyWafConfigCachingRulesCriteriaCondition)
.value(waasPolicyWafConfigCachingRulesCriteriaValue)
.build())
.name(waasPolicyWafConfigCachingRulesName)
.cachingDuration(waasPolicyWafConfigCachingRulesCachingDuration)
.clientCachingDuration(waasPolicyWafConfigCachingRulesClientCachingDuration)
.isClientCachingEnabled(waasPolicyWafConfigCachingRulesIsClientCachingEnabled)
.key(waasPolicyWafConfigCachingRulesKey)
.build())
.captchas(PolicyWafConfigCaptchaArgs.builder()
.failureMessage(waasPolicyWafConfigCaptchasFailureMessage)
.sessionExpirationInSeconds(waasPolicyWafConfigCaptchasSessionExpirationInSeconds)
.submitLabel(waasPolicyWafConfigCaptchasSubmitLabel)
.title(waasPolicyWafConfigCaptchasTitle)
.url(waasPolicyWafConfigCaptchasUrl)
.footerText(waasPolicyWafConfigCaptchasFooterText)
.headerText(waasPolicyWafConfigCaptchasHeaderText)
.build())
.customProtectionRules(PolicyWafConfigCustomProtectionRuleArgs.builder()
.action(waasPolicyWafConfigCustomProtectionRulesAction)
.exclusions(PolicyWafConfigCustomProtectionRuleExclusionArgs.builder()
.exclusions(waasPolicyWafConfigCustomProtectionRulesExclusionsExclusions)
.target(waasPolicyWafConfigCustomProtectionRulesExclusionsTarget)
.build())
.id(waasPolicyWafConfigCustomProtectionRulesId)
.build())
.deviceFingerprintChallenge(PolicyWafConfigDeviceFingerprintChallengeArgs.builder()
.isEnabled(waasPolicyWafConfigDeviceFingerprintChallengeIsEnabled)
.action(waasPolicyWafConfigDeviceFingerprintChallengeAction)
.actionExpirationInSeconds(waasPolicyWafConfigDeviceFingerprintChallengeActionExpirationInSeconds)
.challengeSettings(PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs.builder()
.blockAction(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockAction)
.blockErrorPageCode(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageCode)
.blockErrorPageDescription(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageDescription)
.blockErrorPageMessage(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageMessage)
.blockResponseCode(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockResponseCode)
.captchaFooter(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaFooter)
.captchaHeader(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaHeader)
.captchaSubmitLabel(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaSubmitLabel)
.captchaTitle(waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaTitle)
.build())
.failureThreshold(waasPolicyWafConfigDeviceFingerprintChallengeFailureThreshold)
.failureThresholdExpirationInSeconds(waasPolicyWafConfigDeviceFingerprintChallengeFailureThresholdExpirationInSeconds)
.maxAddressCount(waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCount)
.maxAddressCountExpirationInSeconds(waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCountExpirationInSeconds)
.build())
.humanInteractionChallenge(PolicyWafConfigHumanInteractionChallengeArgs.builder()
.isEnabled(waasPolicyWafConfigHumanInteractionChallengeIsEnabled)
.action(waasPolicyWafConfigHumanInteractionChallengeAction)
.actionExpirationInSeconds(waasPolicyWafConfigHumanInteractionChallengeActionExpirationInSeconds)
.challengeSettings(PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs.builder()
.blockAction(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockAction)
.blockErrorPageCode(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageCode)
.blockErrorPageDescription(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageDescription)
.blockErrorPageMessage(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageMessage)
.blockResponseCode(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockResponseCode)
.captchaFooter(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaFooter)
.captchaHeader(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaHeader)
.captchaSubmitLabel(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaSubmitLabel)
.captchaTitle(waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaTitle)
.build())
.failureThreshold(waasPolicyWafConfigHumanInteractionChallengeFailureThreshold)
.failureThresholdExpirationInSeconds(waasPolicyWafConfigHumanInteractionChallengeFailureThresholdExpirationInSeconds)
.interactionThreshold(waasPolicyWafConfigHumanInteractionChallengeInteractionThreshold)
.isNatEnabled(waasPolicyWafConfigHumanInteractionChallengeIsNatEnabled)
.recordingPeriodInSeconds(waasPolicyWafConfigHumanInteractionChallengeRecordingPeriodInSeconds)
.setHttpHeader(PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs.builder()
.name(waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderName)
.value(waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderValue)
.build())
.build())
.jsChallenge(PolicyWafConfigJsChallengeArgs.builder()
.isEnabled(waasPolicyWafConfigJsChallengeIsEnabled)
.action(waasPolicyWafConfigJsChallengeAction)
.actionExpirationInSeconds(waasPolicyWafConfigJsChallengeActionExpirationInSeconds)
.areRedirectsChallenged(waasPolicyWafConfigJsChallengeAreRedirectsChallenged)
.challengeSettings(PolicyWafConfigJsChallengeChallengeSettingsArgs.builder()
.blockAction(waasPolicyWafConfigJsChallengeChallengeSettingsBlockAction)
.blockErrorPageCode(waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageCode)
.blockErrorPageDescription(waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageDescription)
.blockErrorPageMessage(waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageMessage)
.blockResponseCode(waasPolicyWafConfigJsChallengeChallengeSettingsBlockResponseCode)
.captchaFooter(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaFooter)
.captchaHeader(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaHeader)
.captchaSubmitLabel(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaSubmitLabel)
.captchaTitle(waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaTitle)
.build())
.criterias(PolicyWafConfigJsChallengeCriteriaArgs.builder()
.condition(waasPolicyWafConfigJsChallengeCriteriaCondition)
.value(waasPolicyWafConfigJsChallengeCriteriaValue)
.isCaseSensitive(waasPolicyWafConfigJsChallengeCriteriaIsCaseSensitive)
.build())
.failureThreshold(waasPolicyWafConfigJsChallengeFailureThreshold)
.isNatEnabled(waasPolicyWafConfigJsChallengeIsNatEnabled)
.setHttpHeader(PolicyWafConfigJsChallengeSetHttpHeaderArgs.builder()
.name(waasPolicyWafConfigJsChallengeSetHttpHeaderName)
.value(waasPolicyWafConfigJsChallengeSetHttpHeaderValue)
.build())
.build())
.origin(waasPolicyWafConfigOrigin)
.originGroups(waasPolicyWafConfigOriginGroups)
.protectionSettings(PolicyWafConfigProtectionSettingsArgs.builder()
.allowedHttpMethods(waasPolicyWafConfigProtectionSettingsAllowedHttpMethods)
.blockAction(waasPolicyWafConfigProtectionSettingsBlockAction)
.blockErrorPageCode(waasPolicyWafConfigProtectionSettingsBlockErrorPageCode)
.blockErrorPageDescription(waasPolicyWafConfigProtectionSettingsBlockErrorPageDescription)
.blockErrorPageMessage(waasPolicyWafConfigProtectionSettingsBlockErrorPageMessage)
.blockResponseCode(waasPolicyWafConfigProtectionSettingsBlockResponseCode)
.isResponseInspected(waasPolicyWafConfigProtectionSettingsIsResponseInspected)
.maxArgumentCount(waasPolicyWafConfigProtectionSettingsMaxArgumentCount)
.maxNameLengthPerArgument(waasPolicyWafConfigProtectionSettingsMaxNameLengthPerArgument)
.maxResponseSizeInKiB(waasPolicyWafConfigProtectionSettingsMaxResponseSizeInKiB)
.maxTotalNameLengthOfArguments(waasPolicyWafConfigProtectionSettingsMaxTotalNameLengthOfArguments)
.mediaTypes(waasPolicyWafConfigProtectionSettingsMediaTypes)
.recommendationsPeriodInDays(waasPolicyWafConfigProtectionSettingsRecommendationsPeriodInDays)
.build())
.whitelists(PolicyWafConfigWhitelistArgs.builder()
.name(waasPolicyWafConfigWhitelistsName)
.addressLists(waasPolicyWafConfigWhitelistsAddressLists)
.addresses(waasPolicyWafConfigWhitelistsAddresses)
.build())
.build())
.build());
}
}
resources:
testWaasPolicy:
type: oci:Waas:Policy
name: test_waas_policy
properties:
compartmentId: ${compartmentId}
domain: ${waasPolicyDomain}
additionalDomains: ${waasPolicyAdditionalDomains}
definedTags:
Operations.CostCenter: '42'
displayName: ${waasPolicyDisplayName}
freeformTags:
Department: Finance
originGroups:
- origins: ${waasPolicyOriginGroupsOrigins}
origins:
- uri: ${waasPolicyOriginsUri}
customHeaders:
- name: ${waasPolicyOriginsCustomHeadersName}
value: ${waasPolicyOriginsCustomHeadersValue}
httpPort: ${waasPolicyOriginsHttpPort}
httpsPort: ${waasPolicyOriginsHttpsPort}
policyConfig:
certificateId: ${testCertificate.id}
cipherGroup: ${waasPolicyPolicyConfigCipherGroup}
clientAddressHeader: ${waasPolicyPolicyConfigClientAddressHeader}
healthChecks:
expectedResponseCodeGroups: ${waasPolicyPolicyConfigHealthChecksExpectedResponseCodeGroup}
expectedResponseText: ${waasPolicyPolicyConfigHealthChecksExpectedResponseText}
headers: ${waasPolicyPolicyConfigHealthChecksHeaders}
healthyThreshold: ${waasPolicyPolicyConfigHealthChecksHealthyThreshold}
intervalInSeconds: ${waasPolicyPolicyConfigHealthChecksIntervalInSeconds}
isEnabled: ${waasPolicyPolicyConfigHealthChecksIsEnabled}
isResponseTextCheckEnabled: ${waasPolicyPolicyConfigHealthChecksIsResponseTextCheckEnabled}
method: ${waasPolicyPolicyConfigHealthChecksMethod}
path: ${waasPolicyPolicyConfigHealthChecksPath}
timeoutInSeconds: ${waasPolicyPolicyConfigHealthChecksTimeoutInSeconds}
unhealthyThreshold: ${waasPolicyPolicyConfigHealthChecksUnhealthyThreshold}
isBehindCdn: ${waasPolicyPolicyConfigIsBehindCdn}
isCacheControlRespected: ${waasPolicyPolicyConfigIsCacheControlRespected}
isHttpsEnabled: ${waasPolicyPolicyConfigIsHttpsEnabled}
isHttpsForced: ${waasPolicyPolicyConfigIsHttpsForced}
isOriginCompressionEnabled: ${waasPolicyPolicyConfigIsOriginCompressionEnabled}
isResponseBufferingEnabled: ${waasPolicyPolicyConfigIsResponseBufferingEnabled}
isSniEnabled: ${waasPolicyPolicyConfigIsSniEnabled}
loadBalancingMethod:
method: ${waasPolicyPolicyConfigLoadBalancingMethodMethod}
domain: ${waasPolicyPolicyConfigLoadBalancingMethodDomain}
expirationTimeInSeconds: ${waasPolicyPolicyConfigLoadBalancingMethodExpirationTimeInSeconds}
name: ${waasPolicyPolicyConfigLoadBalancingMethodName}
tlsProtocols: ${waasPolicyPolicyConfigTlsProtocols}
websocketPathPrefixes: ${waasPolicyPolicyConfigWebsocketPathPrefixes}
wafConfig:
accessRules:
- action: ${waasPolicyWafConfigAccessRulesAction}
criterias:
- condition: ${waasPolicyWafConfigAccessRulesCriteriaCondition}
value: ${waasPolicyWafConfigAccessRulesCriteriaValue}
isCaseSensitive: ${waasPolicyWafConfigAccessRulesCriteriaIsCaseSensitive}
name: ${waasPolicyWafConfigAccessRulesName}
blockAction: ${waasPolicyWafConfigAccessRulesBlockAction}
blockErrorPageCode: ${waasPolicyWafConfigAccessRulesBlockErrorPageCode}
blockErrorPageDescription: ${waasPolicyWafConfigAccessRulesBlockErrorPageDescription}
blockErrorPageMessage: ${waasPolicyWafConfigAccessRulesBlockErrorPageMessage}
blockResponseCode: ${waasPolicyWafConfigAccessRulesBlockResponseCode}
bypassChallenges: ${waasPolicyWafConfigAccessRulesBypassChallenges}
captchaFooter: ${waasPolicyWafConfigAccessRulesCaptchaFooter}
captchaHeader: ${waasPolicyWafConfigAccessRulesCaptchaHeader}
captchaSubmitLabel: ${waasPolicyWafConfigAccessRulesCaptchaSubmitLabel}
captchaTitle: ${waasPolicyWafConfigAccessRulesCaptchaTitle}
redirectResponseCode: ${waasPolicyWafConfigAccessRulesRedirectResponseCode}
redirectUrl: ${waasPolicyWafConfigAccessRulesRedirectUrl}
responseHeaderManipulations:
- action: ${waasPolicyWafConfigAccessRulesResponseHeaderManipulationAction}
header: ${waasPolicyWafConfigAccessRulesResponseHeaderManipulationHeader}
value: ${waasPolicyWafConfigAccessRulesResponseHeaderManipulationValue}
addressRateLimiting:
isEnabled: ${waasPolicyWafConfigAddressRateLimitingIsEnabled}
allowedRatePerAddress: ${waasPolicyWafConfigAddressRateLimitingAllowedRatePerAddress}
blockResponseCode: ${waasPolicyWafConfigAddressRateLimitingBlockResponseCode}
maxDelayedCountPerAddress: ${waasPolicyWafConfigAddressRateLimitingMaxDelayedCountPerAddress}
cachingRules:
- action: ${waasPolicyWafConfigCachingRulesAction}
criterias:
- condition: ${waasPolicyWafConfigCachingRulesCriteriaCondition}
value: ${waasPolicyWafConfigCachingRulesCriteriaValue}
name: ${waasPolicyWafConfigCachingRulesName}
cachingDuration: ${waasPolicyWafConfigCachingRulesCachingDuration}
clientCachingDuration: ${waasPolicyWafConfigCachingRulesClientCachingDuration}
isClientCachingEnabled: ${waasPolicyWafConfigCachingRulesIsClientCachingEnabled}
key: ${waasPolicyWafConfigCachingRulesKey}
captchas:
- failureMessage: ${waasPolicyWafConfigCaptchasFailureMessage}
sessionExpirationInSeconds: ${waasPolicyWafConfigCaptchasSessionExpirationInSeconds}
submitLabel: ${waasPolicyWafConfigCaptchasSubmitLabel}
title: ${waasPolicyWafConfigCaptchasTitle}
url: ${waasPolicyWafConfigCaptchasUrl}
footerText: ${waasPolicyWafConfigCaptchasFooterText}
headerText: ${waasPolicyWafConfigCaptchasHeaderText}
customProtectionRules:
- action: ${waasPolicyWafConfigCustomProtectionRulesAction}
exclusions:
- exclusions: ${waasPolicyWafConfigCustomProtectionRulesExclusionsExclusions}
target: ${waasPolicyWafConfigCustomProtectionRulesExclusionsTarget}
id: ${waasPolicyWafConfigCustomProtectionRulesId}
deviceFingerprintChallenge:
isEnabled: ${waasPolicyWafConfigDeviceFingerprintChallengeIsEnabled}
action: ${waasPolicyWafConfigDeviceFingerprintChallengeAction}
actionExpirationInSeconds: ${waasPolicyWafConfigDeviceFingerprintChallengeActionExpirationInSeconds}
challengeSettings:
blockAction: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockAction}
blockErrorPageCode: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageCode}
blockErrorPageDescription: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageDescription}
blockErrorPageMessage: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockErrorPageMessage}
blockResponseCode: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsBlockResponseCode}
captchaFooter: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaFooter}
captchaHeader: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaHeader}
captchaSubmitLabel: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaSubmitLabel}
captchaTitle: ${waasPolicyWafConfigDeviceFingerprintChallengeChallengeSettingsCaptchaTitle}
failureThreshold: ${waasPolicyWafConfigDeviceFingerprintChallengeFailureThreshold}
failureThresholdExpirationInSeconds: ${waasPolicyWafConfigDeviceFingerprintChallengeFailureThresholdExpirationInSeconds}
maxAddressCount: ${waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCount}
maxAddressCountExpirationInSeconds: ${waasPolicyWafConfigDeviceFingerprintChallengeMaxAddressCountExpirationInSeconds}
humanInteractionChallenge:
isEnabled: ${waasPolicyWafConfigHumanInteractionChallengeIsEnabled}
action: ${waasPolicyWafConfigHumanInteractionChallengeAction}
actionExpirationInSeconds: ${waasPolicyWafConfigHumanInteractionChallengeActionExpirationInSeconds}
challengeSettings:
blockAction: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockAction}
blockErrorPageCode: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageCode}
blockErrorPageDescription: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageDescription}
blockErrorPageMessage: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockErrorPageMessage}
blockResponseCode: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsBlockResponseCode}
captchaFooter: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaFooter}
captchaHeader: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaHeader}
captchaSubmitLabel: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaSubmitLabel}
captchaTitle: ${waasPolicyWafConfigHumanInteractionChallengeChallengeSettingsCaptchaTitle}
failureThreshold: ${waasPolicyWafConfigHumanInteractionChallengeFailureThreshold}
failureThresholdExpirationInSeconds: ${waasPolicyWafConfigHumanInteractionChallengeFailureThresholdExpirationInSeconds}
interactionThreshold: ${waasPolicyWafConfigHumanInteractionChallengeInteractionThreshold}
isNatEnabled: ${waasPolicyWafConfigHumanInteractionChallengeIsNatEnabled}
recordingPeriodInSeconds: ${waasPolicyWafConfigHumanInteractionChallengeRecordingPeriodInSeconds}
setHttpHeader:
name: ${waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderName}
value: ${waasPolicyWafConfigHumanInteractionChallengeSetHttpHeaderValue}
jsChallenge:
isEnabled: ${waasPolicyWafConfigJsChallengeIsEnabled}
action: ${waasPolicyWafConfigJsChallengeAction}
actionExpirationInSeconds: ${waasPolicyWafConfigJsChallengeActionExpirationInSeconds}
areRedirectsChallenged: ${waasPolicyWafConfigJsChallengeAreRedirectsChallenged}
challengeSettings:
blockAction: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockAction}
blockErrorPageCode: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageCode}
blockErrorPageDescription: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageDescription}
blockErrorPageMessage: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockErrorPageMessage}
blockResponseCode: ${waasPolicyWafConfigJsChallengeChallengeSettingsBlockResponseCode}
captchaFooter: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaFooter}
captchaHeader: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaHeader}
captchaSubmitLabel: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaSubmitLabel}
captchaTitle: ${waasPolicyWafConfigJsChallengeChallengeSettingsCaptchaTitle}
criterias:
- condition: ${waasPolicyWafConfigJsChallengeCriteriaCondition}
value: ${waasPolicyWafConfigJsChallengeCriteriaValue}
isCaseSensitive: ${waasPolicyWafConfigJsChallengeCriteriaIsCaseSensitive}
failureThreshold: ${waasPolicyWafConfigJsChallengeFailureThreshold}
isNatEnabled: ${waasPolicyWafConfigJsChallengeIsNatEnabled}
setHttpHeader:
name: ${waasPolicyWafConfigJsChallengeSetHttpHeaderName}
value: ${waasPolicyWafConfigJsChallengeSetHttpHeaderValue}
origin: ${waasPolicyWafConfigOrigin}
originGroups: ${waasPolicyWafConfigOriginGroups}
protectionSettings:
allowedHttpMethods: ${waasPolicyWafConfigProtectionSettingsAllowedHttpMethods}
blockAction: ${waasPolicyWafConfigProtectionSettingsBlockAction}
blockErrorPageCode: ${waasPolicyWafConfigProtectionSettingsBlockErrorPageCode}
blockErrorPageDescription: ${waasPolicyWafConfigProtectionSettingsBlockErrorPageDescription}
blockErrorPageMessage: ${waasPolicyWafConfigProtectionSettingsBlockErrorPageMessage}
blockResponseCode: ${waasPolicyWafConfigProtectionSettingsBlockResponseCode}
isResponseInspected: ${waasPolicyWafConfigProtectionSettingsIsResponseInspected}
maxArgumentCount: ${waasPolicyWafConfigProtectionSettingsMaxArgumentCount}
maxNameLengthPerArgument: ${waasPolicyWafConfigProtectionSettingsMaxNameLengthPerArgument}
maxResponseSizeInKiB: ${waasPolicyWafConfigProtectionSettingsMaxResponseSizeInKiB}
maxTotalNameLengthOfArguments: ${waasPolicyWafConfigProtectionSettingsMaxTotalNameLengthOfArguments}
mediaTypes: ${waasPolicyWafConfigProtectionSettingsMediaTypes}
recommendationsPeriodInDays: ${waasPolicyWafConfigProtectionSettingsRecommendationsPeriodInDays}
whitelists:
- name: ${waasPolicyWafConfigWhitelistsName}
addressLists: ${waasPolicyWafConfigWhitelistsAddressLists}
addresses: ${waasPolicyWafConfigWhitelistsAddresses}
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
compartment_id: Optional[str] = None,
domain: Optional[str] = None,
additional_domains: Optional[Sequence[str]] = None,
defined_tags: Optional[Mapping[str, str]] = None,
display_name: Optional[str] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
origin_groups: Optional[Sequence[_waas.PolicyOriginGroupArgs]] = None,
origins: Optional[Sequence[_waas.PolicyOriginArgs]] = None,
policy_config: Optional[_waas.PolicyPolicyConfigArgs] = None,
waf_config: Optional[_waas.PolicyWafConfigArgs] = None)
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: oci:Waas:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ociPolicyResource = new Oci.Waas.Policy("ociPolicyResource", new()
{
CompartmentId = "string",
Domain = "string",
AdditionalDomains = new[]
{
"string",
},
DefinedTags =
{
{ "string", "string" },
},
DisplayName = "string",
FreeformTags =
{
{ "string", "string" },
},
OriginGroups = new[]
{
new Oci.Waas.Inputs.PolicyOriginGroupArgs
{
Label = "string",
OriginGroups = new[]
{
new Oci.Waas.Inputs.PolicyOriginGroupOriginGroupArgs
{
Origin = "string",
Weight = 0,
},
},
},
},
Origins = new[]
{
new Oci.Waas.Inputs.PolicyOriginArgs
{
Label = "string",
Uri = "string",
CustomHeaders = new[]
{
new Oci.Waas.Inputs.PolicyOriginCustomHeaderArgs
{
Name = "string",
Value = "string",
},
},
HttpPort = 0,
HttpsPort = 0,
},
},
PolicyConfig = new Oci.Waas.Inputs.PolicyPolicyConfigArgs
{
CertificateId = "string",
CipherGroup = "string",
ClientAddressHeader = "string",
HealthChecks = new Oci.Waas.Inputs.PolicyPolicyConfigHealthChecksArgs
{
ExpectedResponseCodeGroups = new[]
{
"string",
},
ExpectedResponseText = "string",
Headers =
{
{ "string", "string" },
},
HealthyThreshold = 0,
IntervalInSeconds = 0,
IsEnabled = false,
IsResponseTextCheckEnabled = false,
Method = "string",
Path = "string",
TimeoutInSeconds = 0,
UnhealthyThreshold = 0,
},
IsBehindCdn = false,
IsCacheControlRespected = false,
IsHttpsEnabled = false,
IsHttpsForced = false,
IsOriginCompressionEnabled = false,
IsResponseBufferingEnabled = false,
IsSniEnabled = false,
LoadBalancingMethod = new Oci.Waas.Inputs.PolicyPolicyConfigLoadBalancingMethodArgs
{
Method = "string",
Domain = "string",
ExpirationTimeInSeconds = 0,
Name = "string",
},
TlsProtocols = new[]
{
"string",
},
WebsocketPathPrefixes = new[]
{
"string",
},
},
WafConfig = new Oci.Waas.Inputs.PolicyWafConfigArgs
{
AccessRules = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigAccessRuleArgs
{
Action = "string",
Name = "string",
Criterias = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigAccessRuleCriteriaArgs
{
Condition = "string",
Value = "string",
IsCaseSensitive = false,
},
},
BlockErrorPageMessage = "string",
BlockErrorPageDescription = "string",
BlockResponseCode = 0,
BypassChallenges = new[]
{
"string",
},
CaptchaFooter = "string",
CaptchaHeader = "string",
CaptchaSubmitLabel = "string",
CaptchaTitle = "string",
BlockErrorPageCode = "string",
BlockAction = "string",
RedirectResponseCode = "string",
RedirectUrl = "string",
ResponseHeaderManipulations = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigAccessRuleResponseHeaderManipulationArgs
{
Action = "string",
Header = "string",
Value = "string",
},
},
},
},
AddressRateLimiting = new Oci.Waas.Inputs.PolicyWafConfigAddressRateLimitingArgs
{
IsEnabled = false,
AllowedRatePerAddress = 0,
BlockResponseCode = 0,
MaxDelayedCountPerAddress = 0,
},
CachingRules = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigCachingRuleArgs
{
Action = "string",
Criterias = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigCachingRuleCriteriaArgs
{
Condition = "string",
Value = "string",
},
},
Name = "string",
CachingDuration = "string",
ClientCachingDuration = "string",
IsClientCachingEnabled = false,
Key = "string",
},
},
Captchas = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigCaptchaArgs
{
FailureMessage = "string",
SessionExpirationInSeconds = 0,
SubmitLabel = "string",
Title = "string",
Url = "string",
FooterText = "string",
HeaderText = "string",
},
},
CustomProtectionRules = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigCustomProtectionRuleArgs
{
Action = "string",
Exclusions = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigCustomProtectionRuleExclusionArgs
{
Exclusions = new[]
{
"string",
},
Target = "string",
},
},
Id = "string",
},
},
DeviceFingerprintChallenge = new Oci.Waas.Inputs.PolicyWafConfigDeviceFingerprintChallengeArgs
{
IsEnabled = false,
Action = "string",
ActionExpirationInSeconds = 0,
ChallengeSettings = new Oci.Waas.Inputs.PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs
{
BlockAction = "string",
BlockErrorPageCode = "string",
BlockErrorPageDescription = "string",
BlockErrorPageMessage = "string",
BlockResponseCode = 0,
CaptchaFooter = "string",
CaptchaHeader = "string",
CaptchaSubmitLabel = "string",
CaptchaTitle = "string",
},
FailureThreshold = 0,
FailureThresholdExpirationInSeconds = 0,
MaxAddressCount = 0,
MaxAddressCountExpirationInSeconds = 0,
},
HumanInteractionChallenge = new Oci.Waas.Inputs.PolicyWafConfigHumanInteractionChallengeArgs
{
IsEnabled = false,
Action = "string",
ActionExpirationInSeconds = 0,
ChallengeSettings = new Oci.Waas.Inputs.PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs
{
BlockAction = "string",
BlockErrorPageCode = "string",
BlockErrorPageDescription = "string",
BlockErrorPageMessage = "string",
BlockResponseCode = 0,
CaptchaFooter = "string",
CaptchaHeader = "string",
CaptchaSubmitLabel = "string",
CaptchaTitle = "string",
},
FailureThreshold = 0,
FailureThresholdExpirationInSeconds = 0,
InteractionThreshold = 0,
IsNatEnabled = false,
RecordingPeriodInSeconds = 0,
SetHttpHeader = new Oci.Waas.Inputs.PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs
{
Name = "string",
Value = "string",
},
},
JsChallenge = new Oci.Waas.Inputs.PolicyWafConfigJsChallengeArgs
{
IsEnabled = false,
Action = "string",
ActionExpirationInSeconds = 0,
AreRedirectsChallenged = false,
ChallengeSettings = new Oci.Waas.Inputs.PolicyWafConfigJsChallengeChallengeSettingsArgs
{
BlockAction = "string",
BlockErrorPageCode = "string",
BlockErrorPageDescription = "string",
BlockErrorPageMessage = "string",
BlockResponseCode = 0,
CaptchaFooter = "string",
CaptchaHeader = "string",
CaptchaSubmitLabel = "string",
CaptchaTitle = "string",
},
Criterias = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigJsChallengeCriteriaArgs
{
Condition = "string",
Value = "string",
IsCaseSensitive = false,
},
},
FailureThreshold = 0,
IsNatEnabled = false,
SetHttpHeader = new Oci.Waas.Inputs.PolicyWafConfigJsChallengeSetHttpHeaderArgs
{
Name = "string",
Value = "string",
},
},
Origin = "string",
OriginGroups = new[]
{
"string",
},
ProtectionSettings = new Oci.Waas.Inputs.PolicyWafConfigProtectionSettingsArgs
{
AllowedHttpMethods = new[]
{
"string",
},
BlockAction = "string",
BlockErrorPageCode = "string",
BlockErrorPageDescription = "string",
BlockErrorPageMessage = "string",
BlockResponseCode = 0,
IsResponseInspected = false,
MaxArgumentCount = 0,
MaxNameLengthPerArgument = 0,
MaxResponseSizeInKiB = 0,
MaxTotalNameLengthOfArguments = 0,
MediaTypes = new[]
{
"string",
},
RecommendationsPeriodInDays = 0,
},
Whitelists = new[]
{
new Oci.Waas.Inputs.PolicyWafConfigWhitelistArgs
{
Name = "string",
AddressLists = new[]
{
"string",
},
Addresses = new[]
{
"string",
},
},
},
},
});
example, err := Waas.NewPolicy(ctx, "ociPolicyResource", &Waas.PolicyArgs{
CompartmentId: pulumi.String("string"),
Domain: pulumi.String("string"),
AdditionalDomains: pulumi.StringArray{
pulumi.String("string"),
},
DefinedTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
FreeformTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
OriginGroups: waas.PolicyOriginGroupArray{
&waas.PolicyOriginGroupArgs{
Label: pulumi.String("string"),
OriginGroups: waas.PolicyOriginGroupOriginGroupArray{
&waas.PolicyOriginGroupOriginGroupArgs{
Origin: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
},
},
Origins: waas.PolicyOriginArray{
&waas.PolicyOriginArgs{
Label: pulumi.String("string"),
Uri: pulumi.String("string"),
CustomHeaders: waas.PolicyOriginCustomHeaderArray{
&waas.PolicyOriginCustomHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
HttpPort: pulumi.Int(0),
HttpsPort: pulumi.Int(0),
},
},
PolicyConfig: &waas.PolicyPolicyConfigArgs{
CertificateId: pulumi.String("string"),
CipherGroup: pulumi.String("string"),
ClientAddressHeader: pulumi.String("string"),
HealthChecks: &waas.PolicyPolicyConfigHealthChecksArgs{
ExpectedResponseCodeGroups: pulumi.StringArray{
pulumi.String("string"),
},
ExpectedResponseText: pulumi.String("string"),
Headers: pulumi.StringMap{
"string": pulumi.String("string"),
},
HealthyThreshold: pulumi.Int(0),
IntervalInSeconds: pulumi.Int(0),
IsEnabled: pulumi.Bool(false),
IsResponseTextCheckEnabled: pulumi.Bool(false),
Method: pulumi.String("string"),
Path: pulumi.String("string"),
TimeoutInSeconds: pulumi.Int(0),
UnhealthyThreshold: pulumi.Int(0),
},
IsBehindCdn: pulumi.Bool(false),
IsCacheControlRespected: pulumi.Bool(false),
IsHttpsEnabled: pulumi.Bool(false),
IsHttpsForced: pulumi.Bool(false),
IsOriginCompressionEnabled: pulumi.Bool(false),
IsResponseBufferingEnabled: pulumi.Bool(false),
IsSniEnabled: pulumi.Bool(false),
LoadBalancingMethod: &waas.PolicyPolicyConfigLoadBalancingMethodArgs{
Method: pulumi.String("string"),
Domain: pulumi.String("string"),
ExpirationTimeInSeconds: pulumi.Int(0),
Name: pulumi.String("string"),
},
TlsProtocols: pulumi.StringArray{
pulumi.String("string"),
},
WebsocketPathPrefixes: pulumi.StringArray{
pulumi.String("string"),
},
},
WafConfig: &waas.PolicyWafConfigArgs{
AccessRules: waas.PolicyWafConfigAccessRuleArray{
&waas.PolicyWafConfigAccessRuleArgs{
Action: pulumi.String("string"),
Name: pulumi.String("string"),
Criterias: waas.PolicyWafConfigAccessRuleCriteriaArray{
&waas.PolicyWafConfigAccessRuleCriteriaArgs{
Condition: pulumi.String("string"),
Value: pulumi.String("string"),
IsCaseSensitive: pulumi.Bool(false),
},
},
BlockErrorPageMessage: pulumi.String("string"),
BlockErrorPageDescription: pulumi.String("string"),
BlockResponseCode: pulumi.Int(0),
BypassChallenges: pulumi.StringArray{
pulumi.String("string"),
},
CaptchaFooter: pulumi.String("string"),
CaptchaHeader: pulumi.String("string"),
CaptchaSubmitLabel: pulumi.String("string"),
CaptchaTitle: pulumi.String("string"),
BlockErrorPageCode: pulumi.String("string"),
BlockAction: pulumi.String("string"),
RedirectResponseCode: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
ResponseHeaderManipulations: waas.PolicyWafConfigAccessRuleResponseHeaderManipulationArray{
&waas.PolicyWafConfigAccessRuleResponseHeaderManipulationArgs{
Action: pulumi.String("string"),
Header: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
AddressRateLimiting: &waas.PolicyWafConfigAddressRateLimitingArgs{
IsEnabled: pulumi.Bool(false),
AllowedRatePerAddress: pulumi.Int(0),
BlockResponseCode: pulumi.Int(0),
MaxDelayedCountPerAddress: pulumi.Int(0),
},
CachingRules: waas.PolicyWafConfigCachingRuleArray{
&waas.PolicyWafConfigCachingRuleArgs{
Action: pulumi.String("string"),
Criterias: waas.PolicyWafConfigCachingRuleCriteriaArray{
&waas.PolicyWafConfigCachingRuleCriteriaArgs{
Condition: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
CachingDuration: pulumi.String("string"),
ClientCachingDuration: pulumi.String("string"),
IsClientCachingEnabled: pulumi.Bool(false),
Key: pulumi.String("string"),
},
},
Captchas: waas.PolicyWafConfigCaptchaArray{
&waas.PolicyWafConfigCaptchaArgs{
FailureMessage: pulumi.String("string"),
SessionExpirationInSeconds: pulumi.Int(0),
SubmitLabel: pulumi.String("string"),
Title: pulumi.String("string"),
Url: pulumi.String("string"),
FooterText: pulumi.String("string"),
HeaderText: pulumi.String("string"),
},
},
CustomProtectionRules: waas.PolicyWafConfigCustomProtectionRuleArray{
&waas.PolicyWafConfigCustomProtectionRuleArgs{
Action: pulumi.String("string"),
Exclusions: waas.PolicyWafConfigCustomProtectionRuleExclusionArray{
&waas.PolicyWafConfigCustomProtectionRuleExclusionArgs{
Exclusions: pulumi.StringArray{
pulumi.String("string"),
},
Target: pulumi.String("string"),
},
},
Id: pulumi.String("string"),
},
},
DeviceFingerprintChallenge: &waas.PolicyWafConfigDeviceFingerprintChallengeArgs{
IsEnabled: pulumi.Bool(false),
Action: pulumi.String("string"),
ActionExpirationInSeconds: pulumi.Int(0),
ChallengeSettings: &waas.PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs{
BlockAction: pulumi.String("string"),
BlockErrorPageCode: pulumi.String("string"),
BlockErrorPageDescription: pulumi.String("string"),
BlockErrorPageMessage: pulumi.String("string"),
BlockResponseCode: pulumi.Int(0),
CaptchaFooter: pulumi.String("string"),
CaptchaHeader: pulumi.String("string"),
CaptchaSubmitLabel: pulumi.String("string"),
CaptchaTitle: pulumi.String("string"),
},
FailureThreshold: pulumi.Int(0),
FailureThresholdExpirationInSeconds: pulumi.Int(0),
MaxAddressCount: pulumi.Int(0),
MaxAddressCountExpirationInSeconds: pulumi.Int(0),
},
HumanInteractionChallenge: &waas.PolicyWafConfigHumanInteractionChallengeArgs{
IsEnabled: pulumi.Bool(false),
Action: pulumi.String("string"),
ActionExpirationInSeconds: pulumi.Int(0),
ChallengeSettings: &waas.PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs{
BlockAction: pulumi.String("string"),
BlockErrorPageCode: pulumi.String("string"),
BlockErrorPageDescription: pulumi.String("string"),
BlockErrorPageMessage: pulumi.String("string"),
BlockResponseCode: pulumi.Int(0),
CaptchaFooter: pulumi.String("string"),
CaptchaHeader: pulumi.String("string"),
CaptchaSubmitLabel: pulumi.String("string"),
CaptchaTitle: pulumi.String("string"),
},
FailureThreshold: pulumi.Int(0),
FailureThresholdExpirationInSeconds: pulumi.Int(0),
InteractionThreshold: pulumi.Int(0),
IsNatEnabled: pulumi.Bool(false),
RecordingPeriodInSeconds: pulumi.Int(0),
SetHttpHeader: &waas.PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
JsChallenge: &waas.PolicyWafConfigJsChallengeArgs{
IsEnabled: pulumi.Bool(false),
Action: pulumi.String("string"),
ActionExpirationInSeconds: pulumi.Int(0),
AreRedirectsChallenged: pulumi.Bool(false),
ChallengeSettings: &waas.PolicyWafConfigJsChallengeChallengeSettingsArgs{
BlockAction: pulumi.String("string"),
BlockErrorPageCode: pulumi.String("string"),
BlockErrorPageDescription: pulumi.String("string"),
BlockErrorPageMessage: pulumi.String("string"),
BlockResponseCode: pulumi.Int(0),
CaptchaFooter: pulumi.String("string"),
CaptchaHeader: pulumi.String("string"),
CaptchaSubmitLabel: pulumi.String("string"),
CaptchaTitle: pulumi.String("string"),
},
Criterias: waas.PolicyWafConfigJsChallengeCriteriaArray{
&waas.PolicyWafConfigJsChallengeCriteriaArgs{
Condition: pulumi.String("string"),
Value: pulumi.String("string"),
IsCaseSensitive: pulumi.Bool(false),
},
},
FailureThreshold: pulumi.Int(0),
IsNatEnabled: pulumi.Bool(false),
SetHttpHeader: &waas.PolicyWafConfigJsChallengeSetHttpHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Origin: pulumi.String("string"),
OriginGroups: pulumi.StringArray{
pulumi.String("string"),
},
ProtectionSettings: &waas.PolicyWafConfigProtectionSettingsArgs{
AllowedHttpMethods: pulumi.StringArray{
pulumi.String("string"),
},
BlockAction: pulumi.String("string"),
BlockErrorPageCode: pulumi.String("string"),
BlockErrorPageDescription: pulumi.String("string"),
BlockErrorPageMessage: pulumi.String("string"),
BlockResponseCode: pulumi.Int(0),
IsResponseInspected: pulumi.Bool(false),
MaxArgumentCount: pulumi.Int(0),
MaxNameLengthPerArgument: pulumi.Int(0),
MaxResponseSizeInKiB: pulumi.Int(0),
MaxTotalNameLengthOfArguments: pulumi.Int(0),
MediaTypes: pulumi.StringArray{
pulumi.String("string"),
},
RecommendationsPeriodInDays: pulumi.Int(0),
},
Whitelists: waas.PolicyWafConfigWhitelistArray{
&waas.PolicyWafConfigWhitelistArgs{
Name: pulumi.String("string"),
AddressLists: pulumi.StringArray{
pulumi.String("string"),
},
Addresses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
})
var ociPolicyResource = new Policy("ociPolicyResource", PolicyArgs.builder()
.compartmentId("string")
.domain("string")
.additionalDomains("string")
.definedTags(Map.of("string", "string"))
.displayName("string")
.freeformTags(Map.of("string", "string"))
.originGroups(PolicyOriginGroupArgs.builder()
.label("string")
.originGroups(PolicyOriginGroupOriginGroupArgs.builder()
.origin("string")
.weight(0)
.build())
.build())
.origins(PolicyOriginArgs.builder()
.label("string")
.uri("string")
.customHeaders(PolicyOriginCustomHeaderArgs.builder()
.name("string")
.value("string")
.build())
.httpPort(0)
.httpsPort(0)
.build())
.policyConfig(PolicyPolicyConfigArgs.builder()
.certificateId("string")
.cipherGroup("string")
.clientAddressHeader("string")
.healthChecks(PolicyPolicyConfigHealthChecksArgs.builder()
.expectedResponseCodeGroups("string")
.expectedResponseText("string")
.headers(Map.of("string", "string"))
.healthyThreshold(0)
.intervalInSeconds(0)
.isEnabled(false)
.isResponseTextCheckEnabled(false)
.method("string")
.path("string")
.timeoutInSeconds(0)
.unhealthyThreshold(0)
.build())
.isBehindCdn(false)
.isCacheControlRespected(false)
.isHttpsEnabled(false)
.isHttpsForced(false)
.isOriginCompressionEnabled(false)
.isResponseBufferingEnabled(false)
.isSniEnabled(false)
.loadBalancingMethod(PolicyPolicyConfigLoadBalancingMethodArgs.builder()
.method("string")
.domain("string")
.expirationTimeInSeconds(0)
.name("string")
.build())
.tlsProtocols("string")
.websocketPathPrefixes("string")
.build())
.wafConfig(PolicyWafConfigArgs.builder()
.accessRules(PolicyWafConfigAccessRuleArgs.builder()
.action("string")
.name("string")
.criterias(PolicyWafConfigAccessRuleCriteriaArgs.builder()
.condition("string")
.value("string")
.isCaseSensitive(false)
.build())
.blockErrorPageMessage("string")
.blockErrorPageDescription("string")
.blockResponseCode(0)
.bypassChallenges("string")
.captchaFooter("string")
.captchaHeader("string")
.captchaSubmitLabel("string")
.captchaTitle("string")
.blockErrorPageCode("string")
.blockAction("string")
.redirectResponseCode("string")
.redirectUrl("string")
.responseHeaderManipulations(PolicyWafConfigAccessRuleResponseHeaderManipulationArgs.builder()
.action("string")
.header("string")
.value("string")
.build())
.build())
.addressRateLimiting(PolicyWafConfigAddressRateLimitingArgs.builder()
.isEnabled(false)
.allowedRatePerAddress(0)
.blockResponseCode(0)
.maxDelayedCountPerAddress(0)
.build())
.cachingRules(PolicyWafConfigCachingRuleArgs.builder()
.action("string")
.criterias(PolicyWafConfigCachingRuleCriteriaArgs.builder()
.condition("string")
.value("string")
.build())
.name("string")
.cachingDuration("string")
.clientCachingDuration("string")
.isClientCachingEnabled(false)
.key("string")
.build())
.captchas(PolicyWafConfigCaptchaArgs.builder()
.failureMessage("string")
.sessionExpirationInSeconds(0)
.submitLabel("string")
.title("string")
.url("string")
.footerText("string")
.headerText("string")
.build())
.customProtectionRules(PolicyWafConfigCustomProtectionRuleArgs.builder()
.action("string")
.exclusions(PolicyWafConfigCustomProtectionRuleExclusionArgs.builder()
.exclusions("string")
.target("string")
.build())
.id("string")
.build())
.deviceFingerprintChallenge(PolicyWafConfigDeviceFingerprintChallengeArgs.builder()
.isEnabled(false)
.action("string")
.actionExpirationInSeconds(0)
.challengeSettings(PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs.builder()
.blockAction("string")
.blockErrorPageCode("string")
.blockErrorPageDescription("string")
.blockErrorPageMessage("string")
.blockResponseCode(0)
.captchaFooter("string")
.captchaHeader("string")
.captchaSubmitLabel("string")
.captchaTitle("string")
.build())
.failureThreshold(0)
.failureThresholdExpirationInSeconds(0)
.maxAddressCount(0)
.maxAddressCountExpirationInSeconds(0)
.build())
.humanInteractionChallenge(PolicyWafConfigHumanInteractionChallengeArgs.builder()
.isEnabled(false)
.action("string")
.actionExpirationInSeconds(0)
.challengeSettings(PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs.builder()
.blockAction("string")
.blockErrorPageCode("string")
.blockErrorPageDescription("string")
.blockErrorPageMessage("string")
.blockResponseCode(0)
.captchaFooter("string")
.captchaHeader("string")
.captchaSubmitLabel("string")
.captchaTitle("string")
.build())
.failureThreshold(0)
.failureThresholdExpirationInSeconds(0)
.interactionThreshold(0)
.isNatEnabled(false)
.recordingPeriodInSeconds(0)
.setHttpHeader(PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.jsChallenge(PolicyWafConfigJsChallengeArgs.builder()
.isEnabled(false)
.action("string")
.actionExpirationInSeconds(0)
.areRedirectsChallenged(false)
.challengeSettings(PolicyWafConfigJsChallengeChallengeSettingsArgs.builder()
.blockAction("string")
.blockErrorPageCode("string")
.blockErrorPageDescription("string")
.blockErrorPageMessage("string")
.blockResponseCode(0)
.captchaFooter("string")
.captchaHeader("string")
.captchaSubmitLabel("string")
.captchaTitle("string")
.build())
.criterias(PolicyWafConfigJsChallengeCriteriaArgs.builder()
.condition("string")
.value("string")
.isCaseSensitive(false)
.build())
.failureThreshold(0)
.isNatEnabled(false)
.setHttpHeader(PolicyWafConfigJsChallengeSetHttpHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.origin("string")
.originGroups("string")
.protectionSettings(PolicyWafConfigProtectionSettingsArgs.builder()
.allowedHttpMethods("string")
.blockAction("string")
.blockErrorPageCode("string")
.blockErrorPageDescription("string")
.blockErrorPageMessage("string")
.blockResponseCode(0)
.isResponseInspected(false)
.maxArgumentCount(0)
.maxNameLengthPerArgument(0)
.maxResponseSizeInKiB(0)
.maxTotalNameLengthOfArguments(0)
.mediaTypes("string")
.recommendationsPeriodInDays(0)
.build())
.whitelists(PolicyWafConfigWhitelistArgs.builder()
.name("string")
.addressLists("string")
.addresses("string")
.build())
.build())
.build());
oci_policy_resource = oci.waas.Policy("ociPolicyResource",
compartment_id="string",
domain="string",
additional_domains=["string"],
defined_tags={
"string": "string",
},
display_name="string",
freeform_tags={
"string": "string",
},
origin_groups=[{
"label": "string",
"origin_groups": [{
"origin": "string",
"weight": 0,
}],
}],
origins=[{
"label": "string",
"uri": "string",
"custom_headers": [{
"name": "string",
"value": "string",
}],
"http_port": 0,
"https_port": 0,
}],
policy_config={
"certificate_id": "string",
"cipher_group": "string",
"client_address_header": "string",
"health_checks": {
"expected_response_code_groups": ["string"],
"expected_response_text": "string",
"headers": {
"string": "string",
},
"healthy_threshold": 0,
"interval_in_seconds": 0,
"is_enabled": False,
"is_response_text_check_enabled": False,
"method": "string",
"path": "string",
"timeout_in_seconds": 0,
"unhealthy_threshold": 0,
},
"is_behind_cdn": False,
"is_cache_control_respected": False,
"is_https_enabled": False,
"is_https_forced": False,
"is_origin_compression_enabled": False,
"is_response_buffering_enabled": False,
"is_sni_enabled": False,
"load_balancing_method": {
"method": "string",
"domain": "string",
"expiration_time_in_seconds": 0,
"name": "string",
},
"tls_protocols": ["string"],
"websocket_path_prefixes": ["string"],
},
waf_config={
"access_rules": [{
"action": "string",
"name": "string",
"criterias": [{
"condition": "string",
"value": "string",
"is_case_sensitive": False,
}],
"block_error_page_message": "string",
"block_error_page_description": "string",
"block_response_code": 0,
"bypass_challenges": ["string"],
"captcha_footer": "string",
"captcha_header": "string",
"captcha_submit_label": "string",
"captcha_title": "string",
"block_error_page_code": "string",
"block_action": "string",
"redirect_response_code": "string",
"redirect_url": "string",
"response_header_manipulations": [{
"action": "string",
"header": "string",
"value": "string",
}],
}],
"address_rate_limiting": {
"is_enabled": False,
"allowed_rate_per_address": 0,
"block_response_code": 0,
"max_delayed_count_per_address": 0,
},
"caching_rules": [{
"action": "string",
"criterias": [{
"condition": "string",
"value": "string",
}],
"name": "string",
"caching_duration": "string",
"client_caching_duration": "string",
"is_client_caching_enabled": False,
"key": "string",
}],
"captchas": [{
"failure_message": "string",
"session_expiration_in_seconds": 0,
"submit_label": "string",
"title": "string",
"url": "string",
"footer_text": "string",
"header_text": "string",
}],
"custom_protection_rules": [{
"action": "string",
"exclusions": [{
"exclusions": ["string"],
"target": "string",
}],
"id": "string",
}],
"device_fingerprint_challenge": {
"is_enabled": False,
"action": "string",
"action_expiration_in_seconds": 0,
"challenge_settings": {
"block_action": "string",
"block_error_page_code": "string",
"block_error_page_description": "string",
"block_error_page_message": "string",
"block_response_code": 0,
"captcha_footer": "string",
"captcha_header": "string",
"captcha_submit_label": "string",
"captcha_title": "string",
},
"failure_threshold": 0,
"failure_threshold_expiration_in_seconds": 0,
"max_address_count": 0,
"max_address_count_expiration_in_seconds": 0,
},
"human_interaction_challenge": {
"is_enabled": False,
"action": "string",
"action_expiration_in_seconds": 0,
"challenge_settings": {
"block_action": "string",
"block_error_page_code": "string",
"block_error_page_description": "string",
"block_error_page_message": "string",
"block_response_code": 0,
"captcha_footer": "string",
"captcha_header": "string",
"captcha_submit_label": "string",
"captcha_title": "string",
},
"failure_threshold": 0,
"failure_threshold_expiration_in_seconds": 0,
"interaction_threshold": 0,
"is_nat_enabled": False,
"recording_period_in_seconds": 0,
"set_http_header": {
"name": "string",
"value": "string",
},
},
"js_challenge": {
"is_enabled": False,
"action": "string",
"action_expiration_in_seconds": 0,
"are_redirects_challenged": False,
"challenge_settings": {
"block_action": "string",
"block_error_page_code": "string",
"block_error_page_description": "string",
"block_error_page_message": "string",
"block_response_code": 0,
"captcha_footer": "string",
"captcha_header": "string",
"captcha_submit_label": "string",
"captcha_title": "string",
},
"criterias": [{
"condition": "string",
"value": "string",
"is_case_sensitive": False,
}],
"failure_threshold": 0,
"is_nat_enabled": False,
"set_http_header": {
"name": "string",
"value": "string",
},
},
"origin": "string",
"origin_groups": ["string"],
"protection_settings": {
"allowed_http_methods": ["string"],
"block_action": "string",
"block_error_page_code": "string",
"block_error_page_description": "string",
"block_error_page_message": "string",
"block_response_code": 0,
"is_response_inspected": False,
"max_argument_count": 0,
"max_name_length_per_argument": 0,
"max_response_size_in_ki_b": 0,
"max_total_name_length_of_arguments": 0,
"media_types": ["string"],
"recommendations_period_in_days": 0,
},
"whitelists": [{
"name": "string",
"address_lists": ["string"],
"addresses": ["string"],
}],
})
const ociPolicyResource = new oci.waas.Policy("ociPolicyResource", {
compartmentId: "string",
domain: "string",
additionalDomains: ["string"],
definedTags: {
string: "string",
},
displayName: "string",
freeformTags: {
string: "string",
},
originGroups: [{
label: "string",
originGroups: [{
origin: "string",
weight: 0,
}],
}],
origins: [{
label: "string",
uri: "string",
customHeaders: [{
name: "string",
value: "string",
}],
httpPort: 0,
httpsPort: 0,
}],
policyConfig: {
certificateId: "string",
cipherGroup: "string",
clientAddressHeader: "string",
healthChecks: {
expectedResponseCodeGroups: ["string"],
expectedResponseText: "string",
headers: {
string: "string",
},
healthyThreshold: 0,
intervalInSeconds: 0,
isEnabled: false,
isResponseTextCheckEnabled: false,
method: "string",
path: "string",
timeoutInSeconds: 0,
unhealthyThreshold: 0,
},
isBehindCdn: false,
isCacheControlRespected: false,
isHttpsEnabled: false,
isHttpsForced: false,
isOriginCompressionEnabled: false,
isResponseBufferingEnabled: false,
isSniEnabled: false,
loadBalancingMethod: {
method: "string",
domain: "string",
expirationTimeInSeconds: 0,
name: "string",
},
tlsProtocols: ["string"],
websocketPathPrefixes: ["string"],
},
wafConfig: {
accessRules: [{
action: "string",
name: "string",
criterias: [{
condition: "string",
value: "string",
isCaseSensitive: false,
}],
blockErrorPageMessage: "string",
blockErrorPageDescription: "string",
blockResponseCode: 0,
bypassChallenges: ["string"],
captchaFooter: "string",
captchaHeader: "string",
captchaSubmitLabel: "string",
captchaTitle: "string",
blockErrorPageCode: "string",
blockAction: "string",
redirectResponseCode: "string",
redirectUrl: "string",
responseHeaderManipulations: [{
action: "string",
header: "string",
value: "string",
}],
}],
addressRateLimiting: {
isEnabled: false,
allowedRatePerAddress: 0,
blockResponseCode: 0,
maxDelayedCountPerAddress: 0,
},
cachingRules: [{
action: "string",
criterias: [{
condition: "string",
value: "string",
}],
name: "string",
cachingDuration: "string",
clientCachingDuration: "string",
isClientCachingEnabled: false,
key: "string",
}],
captchas: [{
failureMessage: "string",
sessionExpirationInSeconds: 0,
submitLabel: "string",
title: "string",
url: "string",
footerText: "string",
headerText: "string",
}],
customProtectionRules: [{
action: "string",
exclusions: [{
exclusions: ["string"],
target: "string",
}],
id: "string",
}],
deviceFingerprintChallenge: {
isEnabled: false,
action: "string",
actionExpirationInSeconds: 0,
challengeSettings: {
blockAction: "string",
blockErrorPageCode: "string",
blockErrorPageDescription: "string",
blockErrorPageMessage: "string",
blockResponseCode: 0,
captchaFooter: "string",
captchaHeader: "string",
captchaSubmitLabel: "string",
captchaTitle: "string",
},
failureThreshold: 0,
failureThresholdExpirationInSeconds: 0,
maxAddressCount: 0,
maxAddressCountExpirationInSeconds: 0,
},
humanInteractionChallenge: {
isEnabled: false,
action: "string",
actionExpirationInSeconds: 0,
challengeSettings: {
blockAction: "string",
blockErrorPageCode: "string",
blockErrorPageDescription: "string",
blockErrorPageMessage: "string",
blockResponseCode: 0,
captchaFooter: "string",
captchaHeader: "string",
captchaSubmitLabel: "string",
captchaTitle: "string",
},
failureThreshold: 0,
failureThresholdExpirationInSeconds: 0,
interactionThreshold: 0,
isNatEnabled: false,
recordingPeriodInSeconds: 0,
setHttpHeader: {
name: "string",
value: "string",
},
},
jsChallenge: {
isEnabled: false,
action: "string",
actionExpirationInSeconds: 0,
areRedirectsChallenged: false,
challengeSettings: {
blockAction: "string",
blockErrorPageCode: "string",
blockErrorPageDescription: "string",
blockErrorPageMessage: "string",
blockResponseCode: 0,
captchaFooter: "string",
captchaHeader: "string",
captchaSubmitLabel: "string",
captchaTitle: "string",
},
criterias: [{
condition: "string",
value: "string",
isCaseSensitive: false,
}],
failureThreshold: 0,
isNatEnabled: false,
setHttpHeader: {
name: "string",
value: "string",
},
},
origin: "string",
originGroups: ["string"],
protectionSettings: {
allowedHttpMethods: ["string"],
blockAction: "string",
blockErrorPageCode: "string",
blockErrorPageDescription: "string",
blockErrorPageMessage: "string",
blockResponseCode: 0,
isResponseInspected: false,
maxArgumentCount: 0,
maxNameLengthPerArgument: 0,
maxResponseSizeInKiB: 0,
maxTotalNameLengthOfArguments: 0,
mediaTypes: ["string"],
recommendationsPeriodInDays: 0,
},
whitelists: [{
name: "string",
addressLists: ["string"],
addresses: ["string"],
}],
},
});
type: oci:Waas:Policy
properties:
additionalDomains:
- string
compartmentId: string
definedTags:
string: string
displayName: string
domain: string
freeformTags:
string: string
originGroups:
- label: string
originGroups:
- origin: string
weight: 0
origins:
- customHeaders:
- name: string
value: string
httpPort: 0
httpsPort: 0
label: string
uri: string
policyConfig:
certificateId: string
cipherGroup: string
clientAddressHeader: string
healthChecks:
expectedResponseCodeGroups:
- string
expectedResponseText: string
headers:
string: string
healthyThreshold: 0
intervalInSeconds: 0
isEnabled: false
isResponseTextCheckEnabled: false
method: string
path: string
timeoutInSeconds: 0
unhealthyThreshold: 0
isBehindCdn: false
isCacheControlRespected: false
isHttpsEnabled: false
isHttpsForced: false
isOriginCompressionEnabled: false
isResponseBufferingEnabled: false
isSniEnabled: false
loadBalancingMethod:
domain: string
expirationTimeInSeconds: 0
method: string
name: string
tlsProtocols:
- string
websocketPathPrefixes:
- string
wafConfig:
accessRules:
- action: string
blockAction: string
blockErrorPageCode: string
blockErrorPageDescription: string
blockErrorPageMessage: string
blockResponseCode: 0
bypassChallenges:
- string
captchaFooter: string
captchaHeader: string
captchaSubmitLabel: string
captchaTitle: string
criterias:
- condition: string
isCaseSensitive: false
value: string
name: string
redirectResponseCode: string
redirectUrl: string
responseHeaderManipulations:
- action: string
header: string
value: string
addressRateLimiting:
allowedRatePerAddress: 0
blockResponseCode: 0
isEnabled: false
maxDelayedCountPerAddress: 0
cachingRules:
- action: string
cachingDuration: string
clientCachingDuration: string
criterias:
- condition: string
value: string
isClientCachingEnabled: false
key: string
name: string
captchas:
- failureMessage: string
footerText: string
headerText: string
sessionExpirationInSeconds: 0
submitLabel: string
title: string
url: string
customProtectionRules:
- action: string
exclusions:
- exclusions:
- string
target: string
id: string
deviceFingerprintChallenge:
action: string
actionExpirationInSeconds: 0
challengeSettings:
blockAction: string
blockErrorPageCode: string
blockErrorPageDescription: string
blockErrorPageMessage: string
blockResponseCode: 0
captchaFooter: string
captchaHeader: string
captchaSubmitLabel: string
captchaTitle: string
failureThreshold: 0
failureThresholdExpirationInSeconds: 0
isEnabled: false
maxAddressCount: 0
maxAddressCountExpirationInSeconds: 0
humanInteractionChallenge:
action: string
actionExpirationInSeconds: 0
challengeSettings:
blockAction: string
blockErrorPageCode: string
blockErrorPageDescription: string
blockErrorPageMessage: string
blockResponseCode: 0
captchaFooter: string
captchaHeader: string
captchaSubmitLabel: string
captchaTitle: string
failureThreshold: 0
failureThresholdExpirationInSeconds: 0
interactionThreshold: 0
isEnabled: false
isNatEnabled: false
recordingPeriodInSeconds: 0
setHttpHeader:
name: string
value: string
jsChallenge:
action: string
actionExpirationInSeconds: 0
areRedirectsChallenged: false
challengeSettings:
blockAction: string
blockErrorPageCode: string
blockErrorPageDescription: string
blockErrorPageMessage: string
blockResponseCode: 0
captchaFooter: string
captchaHeader: string
captchaSubmitLabel: string
captchaTitle: string
criterias:
- condition: string
isCaseSensitive: false
value: string
failureThreshold: 0
isEnabled: false
isNatEnabled: false
setHttpHeader:
name: string
value: string
origin: string
originGroups:
- string
protectionSettings:
allowedHttpMethods:
- string
blockAction: string
blockErrorPageCode: string
blockErrorPageDescription: string
blockErrorPageMessage: string
blockResponseCode: 0
isResponseInspected: false
maxArgumentCount: 0
maxNameLengthPerArgument: 0
maxResponseSizeInKiB: 0
maxTotalNameLengthOfArguments: 0
mediaTypes:
- string
recommendationsPeriodInDays: 0
whitelists:
- addressLists:
- string
addresses:
- string
name: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- Domain string
- The web application domain that the WAAS policy protects.
- Additional
Domains List<string> - (Updatable) An array of additional domains for the specified web application.
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Origin
Groups List<PolicyOrigin Group> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
List<Policy
Origin> - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- Policy
Config PolicyPolicy Config - (Updatable) The configuration details for the WAAS policy.
- Waf
Config PolicyWaf Config - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- Domain string
- The web application domain that the WAAS policy protects.
- Additional
Domains []string - (Updatable) An array of additional domains for the specified web application.
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Origin
Groups []PolicyOrigin Group Args - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
[]Policy
Origin Args - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- Policy
Config PolicyPolicy Config Args - (Updatable) The configuration details for the WAAS policy.
- Waf
Config PolicyWaf Config Args - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- domain String
- The web application domain that the WAAS policy protects.
- additional
Domains List<String> - (Updatable) An array of additional domains for the specified web application.
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin
Groups List<PolicyOrigin Group> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
List<Policy
Origin> - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy
Config PolicyPolicy Config - (Updatable) The configuration details for the WAAS policy.
- waf
Config PolicyWaf Config - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- compartment
Id string - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- domain string
- The web application domain that the WAAS policy protects.
- additional
Domains string[] - (Updatable) An array of additional domains for the specified web application.
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name string - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin
Groups PolicyOrigin Group[] - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Policy
Origin[] - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy
Config PolicyPolicy Config - (Updatable) The configuration details for the WAAS policy.
- waf
Config PolicyWaf Config - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- compartment_
id str - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- domain str
- The web application domain that the WAAS policy protects.
- additional_
domains Sequence[str] - (Updatable) An array of additional domains for the specified web application.
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display_
name str - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin_
groups Sequence[waas.Policy Origin Group Args] - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Sequence[waas.
Policy Origin Args] - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy_
config waas.Policy Policy Config Args - (Updatable) The configuration details for the WAAS policy.
- waf_
config waas.Policy Waf Config Args - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- domain String
- The web application domain that the WAAS policy protects.
- additional
Domains List<String> - (Updatable) An array of additional domains for the specified web application.
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin
Groups List<Property Map> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins List<Property Map>
- (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy
Config Property Map - (Updatable) The configuration details for the WAAS policy.
- waf
Config Property Map - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Id string
- The provider-assigned unique ID for this managed resource.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Id string
- The provider-assigned unique ID for this managed resource.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- id String
- The provider-assigned unique ID for this managed resource.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- id string
- The provider-assigned unique ID for this managed resource.
- state string
- The current lifecycle state of the WAAS policy.
- time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- cname str
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- id str
- The provider-assigned unique ID for this managed resource.
- state str
- The current lifecycle state of the WAAS policy.
- time_
created str - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- id String
- The provider-assigned unique ID for this managed resource.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
additional_domains: Optional[Sequence[str]] = None,
cname: Optional[str] = None,
compartment_id: Optional[str] = None,
defined_tags: Optional[Mapping[str, str]] = None,
display_name: Optional[str] = None,
domain: Optional[str] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
origin_groups: Optional[Sequence[_waas.PolicyOriginGroupArgs]] = None,
origins: Optional[Sequence[_waas.PolicyOriginArgs]] = None,
policy_config: Optional[_waas.PolicyPolicyConfigArgs] = None,
state: Optional[str] = None,
time_created: Optional[str] = None,
waf_config: Optional[_waas.PolicyWafConfigArgs] = None) -> Policy
func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Additional
Domains List<string> - (Updatable) An array of additional domains for the specified web application.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- Domain string
- The web application domain that the WAAS policy protects.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Origin
Groups List<PolicyOrigin Group> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
List<Policy
Origin> - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- Policy
Config PolicyPolicy Config - (Updatable) The configuration details for the WAAS policy.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Waf
Config PolicyWaf Config - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- Additional
Domains []string - (Updatable) An array of additional domains for the specified web application.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Compartment
Id string - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- Domain string
- The web application domain that the WAAS policy protects.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Origin
Groups []PolicyOrigin Group Args - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
[]Policy
Origin Args - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- Policy
Config PolicyPolicy Config Args - (Updatable) The configuration details for the WAAS policy.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Waf
Config PolicyWaf Config Args - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- additional
Domains List<String> - (Updatable) An array of additional domains for the specified web application.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- domain String
- The web application domain that the WAAS policy protects.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin
Groups List<PolicyOrigin Group> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
List<Policy
Origin> - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy
Config PolicyPolicy Config - (Updatable) The configuration details for the WAAS policy.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf
Config PolicyWaf Config - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- additional
Domains string[] - (Updatable) An array of additional domains for the specified web application.
- cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id string - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name string - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- domain string
- The web application domain that the WAAS policy protects.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin
Groups PolicyOrigin Group[] - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Policy
Origin[] - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy
Config PolicyPolicy Config - (Updatable) The configuration details for the WAAS policy.
- state string
- The current lifecycle state of the WAAS policy.
- time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf
Config PolicyWaf Config - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- additional_
domains Sequence[str] - (Updatable) An array of additional domains for the specified web application.
- cname str
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment_
id str - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display_
name str - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- domain str
- The web application domain that the WAAS policy protects.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin_
groups Sequence[waas.Policy Origin Group Args] - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Sequence[waas.
Policy Origin Args] - (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy_
config waas.Policy Policy Config Args - (Updatable) The configuration details for the WAAS policy.
- state str
- The current lifecycle state of the WAAS policy.
- time_
created str - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf_
config waas.Policy Waf Config Args - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
- additional
Domains List<String> - (Updatable) An array of additional domains for the specified web application.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id String - (Updatable) The OCID of the compartment in which to create the WAAS policy.
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - (Updatable) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.
- domain String
- The web application domain that the WAAS policy protects.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- origin
Groups List<Property Map> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins List<Property Map>
- (Updatable) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.
- policy
Config Property Map - (Updatable) The configuration details for the WAAS policy.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf
Config Property Map - (Updatable) The Web Application Firewall configuration for the WAAS policy creation.
Supporting Types
PolicyOrigin, PolicyOriginArgs
- Label string
- Uri string
- (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - Custom
Headers List<PolicyOrigin Custom Header> - (Updatable) A list of HTTP headers to forward to your origin.
- Http
Port int - (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - Https
Port int - (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- Label string
- Uri string
- (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - Custom
Headers []PolicyOrigin Custom Header - (Updatable) A list of HTTP headers to forward to your origin.
- Http
Port int - (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - Https
Port int - (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- label String
- uri String
- (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - custom
Headers List<PolicyOrigin Custom Header> - (Updatable) A list of HTTP headers to forward to your origin.
- http
Port Integer - (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port Integer - (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- label string
- uri string
- (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - custom
Headers PolicyOrigin Custom Header[] - (Updatable) A list of HTTP headers to forward to your origin.
- http
Port number - (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port number - (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- label str
- uri str
- (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - custom_
headers Sequence[waas.Policy Origin Custom Header] - (Updatable) A list of HTTP headers to forward to your origin.
- http_
port int - (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https_
port int - (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- label String
- uri String
- (Updatable) The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - custom
Headers List<Property Map> - (Updatable) A list of HTTP headers to forward to your origin.
- http
Port Number - (Updatable) The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port Number - (Updatable) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
PolicyOriginCustomHeader, PolicyOriginCustomHeaderArgs
PolicyOriginGroup, PolicyOriginGroupArgs
PolicyOriginGroupOriginGroup, PolicyOriginGroupOriginGroupArgs
PolicyPolicyConfig, PolicyPolicyConfigArgs
- Certificate
Id string - (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
- Cipher
Group string - (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- Client
Address stringHeader (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled.The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.
Example:
X-Client-Ip: 11.1.1.1, 13.3.3.3
In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.
- X_FORWARDED_FOR: Corresponds to
X-Forwarded-For
header name. - X_CLIENT_IP: Corresponds to
X-Client-Ip
header name. - X_REAL_IP: Corresponds to
X-Real-Ip
header name. - CLIENT_IP: Corresponds to
Client-Ip
header name. - TRUE_CLIENT_IP: Corresponds to
True-Client-Ip
header name.
- X_FORWARDED_FOR: Corresponds to
- Health
Checks PolicyPolicy Config Health Checks - (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- Is
Behind boolCdn - (Updatable) Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - Is
Cache boolControl Respected - (Updatable) Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - Is
Https boolEnabled - (Updatable) Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - Is
Https boolForced - (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - Is
Origin boolCompression Enabled - (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - Is
Response boolBuffering Enabled - (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- Is
Sni boolEnabled - (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- Load
Balancing PolicyMethod Policy Config Load Balancing Method - (Updatable) An object that represents a load balancing method and its properties.
- Tls
Protocols List<string> (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
Enabled TLS protocols must go in a row. For example if
TLS_v1_1
andTLS_V1_3
are enabled,TLS_V1_2
must be enabled too.- Websocket
Path List<string>Prefixes - (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- Certificate
Id string - (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
- Cipher
Group string - (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- Client
Address stringHeader (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled.The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.
Example:
X-Client-Ip: 11.1.1.1, 13.3.3.3
In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.
- X_FORWARDED_FOR: Corresponds to
X-Forwarded-For
header name. - X_CLIENT_IP: Corresponds to
X-Client-Ip
header name. - X_REAL_IP: Corresponds to
X-Real-Ip
header name. - CLIENT_IP: Corresponds to
Client-Ip
header name. - TRUE_CLIENT_IP: Corresponds to
True-Client-Ip
header name.
- X_FORWARDED_FOR: Corresponds to
- Health
Checks PolicyPolicy Config Health Checks - (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- Is
Behind boolCdn - (Updatable) Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - Is
Cache boolControl Respected - (Updatable) Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - Is
Https boolEnabled - (Updatable) Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - Is
Https boolForced - (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - Is
Origin boolCompression Enabled - (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - Is
Response boolBuffering Enabled - (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- Is
Sni boolEnabled - (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- Load
Balancing PolicyMethod Policy Config Load Balancing Method - (Updatable) An object that represents a load balancing method and its properties.
- Tls
Protocols []string (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
Enabled TLS protocols must go in a row. For example if
TLS_v1_1
andTLS_V1_3
are enabled,TLS_V1_2
must be enabled too.- Websocket
Path []stringPrefixes - (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id String - (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group String - (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address StringHeader (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled.The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.
Example:
X-Client-Ip: 11.1.1.1, 13.3.3.3
In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.
- X_FORWARDED_FOR: Corresponds to
X-Forwarded-For
header name. - X_CLIENT_IP: Corresponds to
X-Client-Ip
header name. - X_REAL_IP: Corresponds to
X-Real-Ip
header name. - CLIENT_IP: Corresponds to
Client-Ip
header name. - TRUE_CLIENT_IP: Corresponds to
True-Client-Ip
header name.
- X_FORWARDED_FOR: Corresponds to
- health
Checks PolicyPolicy Config Health Checks - (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind BooleanCdn - (Updatable) Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache BooleanControl Respected - (Updatable) Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https BooleanEnabled - (Updatable) Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https BooleanForced - (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin BooleanCompression Enabled - (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response BooleanBuffering Enabled - (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni BooleanEnabled - (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing PolicyMethod Policy Config Load Balancing Method - (Updatable) An object that represents a load balancing method and its properties.
- tls
Protocols List<String> (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
Enabled TLS protocols must go in a row. For example if
TLS_v1_1
andTLS_V1_3
are enabled,TLS_V1_2
must be enabled too.- websocket
Path List<String>Prefixes - (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id string - (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group string - (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address stringHeader (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled.The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.
Example:
X-Client-Ip: 11.1.1.1, 13.3.3.3
In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.
- X_FORWARDED_FOR: Corresponds to
X-Forwarded-For
header name. - X_CLIENT_IP: Corresponds to
X-Client-Ip
header name. - X_REAL_IP: Corresponds to
X-Real-Ip
header name. - CLIENT_IP: Corresponds to
Client-Ip
header name. - TRUE_CLIENT_IP: Corresponds to
True-Client-Ip
header name.
- X_FORWARDED_FOR: Corresponds to
- health
Checks PolicyPolicy Config Health Checks - (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind booleanCdn - (Updatable) Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache booleanControl Respected - (Updatable) Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https booleanEnabled - (Updatable) Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https booleanForced - (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin booleanCompression Enabled - (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response booleanBuffering Enabled - (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni booleanEnabled - (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing PolicyMethod Policy Config Load Balancing Method - (Updatable) An object that represents a load balancing method and its properties.
- tls
Protocols string[] (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
Enabled TLS protocols must go in a row. For example if
TLS_v1_1
andTLS_V1_3
are enabled,TLS_V1_2
must be enabled too.- websocket
Path string[]Prefixes - (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate_
id str - (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
- cipher_
group str - (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client_
address_ strheader (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled.The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.
Example:
X-Client-Ip: 11.1.1.1, 13.3.3.3
In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.
- X_FORWARDED_FOR: Corresponds to
X-Forwarded-For
header name. - X_CLIENT_IP: Corresponds to
X-Client-Ip
header name. - X_REAL_IP: Corresponds to
X-Real-Ip
header name. - CLIENT_IP: Corresponds to
Client-Ip
header name. - TRUE_CLIENT_IP: Corresponds to
True-Client-Ip
header name.
- X_FORWARDED_FOR: Corresponds to
- health_
checks waas.Policy Policy Config Health Checks - (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is_
behind_ boolcdn - (Updatable) Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is_
cache_ boolcontrol_ respected - (Updatable) Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is_
https_ boolenabled - (Updatable) Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is_
https_ boolforced - (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is_
origin_ boolcompression_ enabled - (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is_
response_ boolbuffering_ enabled - (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is_
sni_ boolenabled - (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load_
balancing_ waas.method Policy Policy Config Load Balancing Method - (Updatable) An object that represents a load balancing method and its properties.
- tls_
protocols Sequence[str] (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
Enabled TLS protocols must go in a row. For example if
TLS_v1_1
andTLS_V1_3
are enabled,TLS_V1_2
must be enabled too.- websocket_
path_ Sequence[str]prefixes - (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id String - (Updatable) The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group String - (Updatable) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address StringHeader (Updatable) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled.The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.
Example:
X-Client-Ip: 11.1.1.1, 13.3.3.3
In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.
- X_FORWARDED_FOR: Corresponds to
X-Forwarded-For
header name. - X_CLIENT_IP: Corresponds to
X-Client-Ip
header name. - X_REAL_IP: Corresponds to
X-Real-Ip
header name. - CLIENT_IP: Corresponds to
Client-Ip
header name. - TRUE_CLIENT_IP: Corresponds to
True-Client-Ip
header name.
- X_FORWARDED_FOR: Corresponds to
- health
Checks Property Map - (Updatable) Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind BooleanCdn - (Updatable) Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache BooleanControl Respected - (Updatable) Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https BooleanEnabled - (Updatable) Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https BooleanForced - (Updatable) Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin BooleanCompression Enabled - (Updatable) Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response BooleanBuffering Enabled - (Updatable) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni BooleanEnabled - (Updatable) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing Property MapMethod - (Updatable) An object that represents a load balancing method and its properties.
- tls
Protocols List<String> (Updatable) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
Enabled TLS protocols must go in a row. For example if
TLS_v1_1
andTLS_V1_3
are enabled,TLS_V1_2
must be enabled too.- websocket
Path List<String>Prefixes - (Updatable) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
PolicyPolicyConfigHealthChecks, PolicyPolicyConfigHealthChecksArgs
- Expected
Response List<string>Code Groups - (Updatable) The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- Expected
Response stringText - (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- Headers Dictionary<string, string>
(Updatable) HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".Note: The only currently-supported header fields are Host and User-Agent.
- Healthy
Threshold int - (Updatable) Number of successful health checks after which the server is marked up.
- Interval
In intSeconds - (Updatable) Time between health checks of an individual origin server, in seconds.
- Is
Enabled bool - (Updatable) Enables or disables the health checks.
- Is
Response boolText Check Enabled - (Updatable) Enables or disables additional check for predefined text in addition to response code.
- Method string
- (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
- Path string
- (Updatable) Path to visit on your origins when performing the health check.
- Timeout
In intSeconds - (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
- Unhealthy
Threshold int - (Updatable) Number of failed health checks after which the server is marked down.
- Expected
Response []stringCode Groups - (Updatable) The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- Expected
Response stringText - (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- Headers map[string]string
(Updatable) HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".Note: The only currently-supported header fields are Host and User-Agent.
- Healthy
Threshold int - (Updatable) Number of successful health checks after which the server is marked up.
- Interval
In intSeconds - (Updatable) Time between health checks of an individual origin server, in seconds.
- Is
Enabled bool - (Updatable) Enables or disables the health checks.
- Is
Response boolText Check Enabled - (Updatable) Enables or disables additional check for predefined text in addition to response code.
- Method string
- (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
- Path string
- (Updatable) Path to visit on your origins when performing the health check.
- Timeout
In intSeconds - (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
- Unhealthy
Threshold int - (Updatable) Number of failed health checks after which the server is marked down.
- expected
Response List<String>Code Groups - (Updatable) The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response StringText - (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers Map<String,String>
(Updatable) HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".Note: The only currently-supported header fields are Host and User-Agent.
- healthy
Threshold Integer - (Updatable) Number of successful health checks after which the server is marked up.
- interval
In IntegerSeconds - (Updatable) Time between health checks of an individual origin server, in seconds.
- is
Enabled Boolean - (Updatable) Enables or disables the health checks.
- is
Response BooleanText Check Enabled - (Updatable) Enables or disables additional check for predefined text in addition to response code.
- method String
- (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
- path String
- (Updatable) Path to visit on your origins when performing the health check.
- timeout
In IntegerSeconds - (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold Integer - (Updatable) Number of failed health checks after which the server is marked down.
- expected
Response string[]Code Groups - (Updatable) The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response stringText - (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers {[key: string]: string}
(Updatable) HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".Note: The only currently-supported header fields are Host and User-Agent.
- healthy
Threshold number - (Updatable) Number of successful health checks after which the server is marked up.
- interval
In numberSeconds - (Updatable) Time between health checks of an individual origin server, in seconds.
- is
Enabled boolean - (Updatable) Enables or disables the health checks.
- is
Response booleanText Check Enabled - (Updatable) Enables or disables additional check for predefined text in addition to response code.
- method string
- (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
- path string
- (Updatable) Path to visit on your origins when performing the health check.
- timeout
In numberSeconds - (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold number - (Updatable) Number of failed health checks after which the server is marked down.
- expected_
response_ Sequence[str]code_ groups - (Updatable) The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected_
response_ strtext - (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers Mapping[str, str]
(Updatable) HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".Note: The only currently-supported header fields are Host and User-Agent.
- healthy_
threshold int - (Updatable) Number of successful health checks after which the server is marked up.
- interval_
in_ intseconds - (Updatable) Time between health checks of an individual origin server, in seconds.
- is_
enabled bool - (Updatable) Enables or disables the health checks.
- is_
response_ booltext_ check_ enabled - (Updatable) Enables or disables additional check for predefined text in addition to response code.
- method str
- (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
- path str
- (Updatable) Path to visit on your origins when performing the health check.
- timeout_
in_ intseconds - (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy_
threshold int - (Updatable) Number of failed health checks after which the server is marked down.
- expected
Response List<String>Code Groups - (Updatable) The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response StringText - (Updatable) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers Map<String>
(Updatable) HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".Note: The only currently-supported header fields are Host and User-Agent.
- healthy
Threshold Number - (Updatable) Number of successful health checks after which the server is marked up.
- interval
In NumberSeconds - (Updatable) Time between health checks of an individual origin server, in seconds.
- is
Enabled Boolean - (Updatable) Enables or disables the health checks.
- is
Response BooleanText Check Enabled - (Updatable) Enables or disables additional check for predefined text in addition to response code.
- method String
- (Updatable) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.
- path String
- (Updatable) Path to visit on your origins when performing the health check.
- timeout
In NumberSeconds - (Updatable) Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold Number - (Updatable) Number of failed health checks after which the server is marked down.
PolicyPolicyConfigLoadBalancingMethod, PolicyPolicyConfigLoadBalancingMethodArgs
- Method string
- (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Domain string
- (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
- Expiration
Time intIn Seconds - (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- Name string
- (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
- Method string
- (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Domain string
- (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
- Expiration
Time intIn Seconds - (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- Name string
- (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
- method String
- (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- domain String
- (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time IntegerIn Seconds - (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- name String
- (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
- method string
- (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- domain string
- (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time numberIn Seconds - (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- name string
- (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
- method str
- (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- domain str
- (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration_
time_ intin_ seconds - (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- name str
- (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
- method String
- (Updatable) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- domain String
- (Updatable) The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time NumberIn Seconds - (Updatable) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- name String
- (Updatable) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.
PolicyWafConfig, PolicyWafConfigArgs
- Access
Rules List<PolicyWaf Config Access Rule> - (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and
ALLOW
,DETECT
, orBLOCK
actions to be taken on a request when specified criteria are met. - Address
Rate PolicyLimiting Waf Config Address Rate Limiting - (Updatable) The settings used to limit the number of requests from an IP address.
- Caching
Rules List<PolicyWaf Config Caching Rule> - (Updatable) A list of caching rules applied to the web application.
- Captchas
List<Policy
Waf Config Captcha> - (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
- Custom
Protection List<PolicyRules Waf Config Custom Protection Rule> - (Updatable) A list of the custom protection rule OCIDs and their actions.
- Device
Fingerprint PolicyChallenge Waf Config Device Fingerprint Challenge - (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
- Human
Interaction PolicyChallenge Waf Config Human Interaction Challenge - (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- Js
Challenge PolicyWaf Config Js Challenge - (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
- Origin string
- (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but is not required upon updating the configuration. - Origin
Groups List<string> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Protection
Settings PolicyWaf Config Protection Settings - (Updatable) The settings applied to protection rules.
- Whitelists
List<Policy
Waf Config Whitelist> - (Updatable) A list of IP addresses that bypass the Web Application Firewall.
- Access
Rules []PolicyWaf Config Access Rule - (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and
ALLOW
,DETECT
, orBLOCK
actions to be taken on a request when specified criteria are met. - Address
Rate PolicyLimiting Waf Config Address Rate Limiting - (Updatable) The settings used to limit the number of requests from an IP address.
- Caching
Rules []PolicyWaf Config Caching Rule - (Updatable) A list of caching rules applied to the web application.
- Captchas
[]Policy
Waf Config Captcha - (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
- Custom
Protection []PolicyRules Waf Config Custom Protection Rule - (Updatable) A list of the custom protection rule OCIDs and their actions.
- Device
Fingerprint PolicyChallenge Waf Config Device Fingerprint Challenge - (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
- Human
Interaction PolicyChallenge Waf Config Human Interaction Challenge - (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- Js
Challenge PolicyWaf Config Js Challenge - (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
- Origin string
- (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but is not required upon updating the configuration. - Origin
Groups []string - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Protection
Settings PolicyWaf Config Protection Settings - (Updatable) The settings applied to protection rules.
- Whitelists
[]Policy
Waf Config Whitelist - (Updatable) A list of IP addresses that bypass the Web Application Firewall.
- access
Rules List<PolicyWaf Config Access Rule> - (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and
ALLOW
,DETECT
, orBLOCK
actions to be taken on a request when specified criteria are met. - address
Rate PolicyLimiting Waf Config Address Rate Limiting - (Updatable) The settings used to limit the number of requests from an IP address.
- caching
Rules List<PolicyWaf Config Caching Rule> - (Updatable) A list of caching rules applied to the web application.
- captchas
List<Policy
Waf Config Captcha> - (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
- custom
Protection List<PolicyRules Waf Config Custom Protection Rule> - (Updatable) A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint PolicyChallenge Waf Config Device Fingerprint Challenge - (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
- human
Interaction PolicyChallenge Waf Config Human Interaction Challenge - (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenge PolicyWaf Config Js Challenge - (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
- origin String
- (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but is not required upon updating the configuration. - origin
Groups List<String> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings PolicyWaf Config Protection Settings - (Updatable) The settings applied to protection rules.
- whitelists
List<Policy
Waf Config Whitelist> - (Updatable) A list of IP addresses that bypass the Web Application Firewall.
- access
Rules PolicyWaf Config Access Rule[] - (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and
ALLOW
,DETECT
, orBLOCK
actions to be taken on a request when specified criteria are met. - address
Rate PolicyLimiting Waf Config Address Rate Limiting - (Updatable) The settings used to limit the number of requests from an IP address.
- caching
Rules PolicyWaf Config Caching Rule[] - (Updatable) A list of caching rules applied to the web application.
- captchas
Policy
Waf Config Captcha[] - (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
- custom
Protection PolicyRules Waf Config Custom Protection Rule[] - (Updatable) A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint PolicyChallenge Waf Config Device Fingerprint Challenge - (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
- human
Interaction PolicyChallenge Waf Config Human Interaction Challenge - (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenge PolicyWaf Config Js Challenge - (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
- origin string
- (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but is not required upon updating the configuration. - origin
Groups string[] - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings PolicyWaf Config Protection Settings - (Updatable) The settings applied to protection rules.
- whitelists
Policy
Waf Config Whitelist[] - (Updatable) A list of IP addresses that bypass the Web Application Firewall.
- access_
rules Sequence[waas.Policy Waf Config Access Rule] - (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and
ALLOW
,DETECT
, orBLOCK
actions to be taken on a request when specified criteria are met. - address_
rate_ waas.limiting Policy Waf Config Address Rate Limiting - (Updatable) The settings used to limit the number of requests from an IP address.
- caching_
rules Sequence[waas.Policy Waf Config Caching Rule] - (Updatable) A list of caching rules applied to the web application.
- captchas
Sequence[waas.
Policy Waf Config Captcha] - (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
- custom_
protection_ Sequence[waas.rules Policy Waf Config Custom Protection Rule] - (Updatable) A list of the custom protection rule OCIDs and their actions.
- device_
fingerprint_ waas.challenge Policy Waf Config Device Fingerprint Challenge - (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
- human_
interaction_ waas.challenge Policy Waf Config Human Interaction Challenge - (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js_
challenge waas.Policy Waf Config Js Challenge - (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
- origin str
- (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but is not required upon updating the configuration. - origin_
groups Sequence[str] - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection_
settings waas.Policy Waf Config Protection Settings - (Updatable) The settings applied to protection rules.
- whitelists
Sequence[waas.
Policy Waf Config Whitelist] - (Updatable) A list of IP addresses that bypass the Web Application Firewall.
- access
Rules List<Property Map> - (Updatable) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and
ALLOW
,DETECT
, orBLOCK
actions to be taken on a request when specified criteria are met. - address
Rate Property MapLimiting - (Updatable) The settings used to limit the number of requests from an IP address.
- caching
Rules List<Property Map> - (Updatable) A list of caching rules applied to the web application.
- captchas List<Property Map>
- (Updatable) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.
- custom
Protection List<Property Map>Rules - (Updatable) A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint Property MapChallenge - (Updatable) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.
- human
Interaction Property MapChallenge - (Updatable) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenge Property Map - (Updatable) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.
- origin String
- (Updatable) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but is not required upon updating the configuration. - origin
Groups List<String> - (Updatable) The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings Property Map - (Updatable) The settings applied to protection rules.
- whitelists List<Property Map>
- (Updatable) A list of IP addresses that bypass the Web Application Firewall.
PolicyWafConfigAccessRule, PolicyWafConfigAccessRuleArgs
- Action string
(Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to
ALLOW
.- ALLOW: Takes no action, just logs the request.
- DETECT: Takes no action, but creates an alert for the request.
- BLOCK: Blocks the request by returning specified response code or showing error page.
- BYPASS: Bypasses some or all challenges.
- REDIRECT: Redirects the request to the specified URL. These fields are required when
REDIRECT
is selected:redirectUrl
,redirectResponseCode
. - SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
- Criterias
List<Policy
Waf Config Access Rule Criteria> - (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
- Name string
- (Updatable) The unique name of the access rule.
- Block
Action string - (Updatable) The method used to block requests if
action
is set toBLOCK
and the access criteria are met. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access rules'. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.' - Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the access criteria are met. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - Bypass
Challenges List<string> - (Updatable) The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Redirect
Response stringCode - (Updatable) The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- Redirect
Url string - (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - Response
Header List<PolicyManipulations Waf Config Access Rule Response Header Manipulation> - (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- Action string
(Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to
ALLOW
.- ALLOW: Takes no action, just logs the request.
- DETECT: Takes no action, but creates an alert for the request.
- BLOCK: Blocks the request by returning specified response code or showing error page.
- BYPASS: Bypasses some or all challenges.
- REDIRECT: Redirects the request to the specified URL. These fields are required when
REDIRECT
is selected:redirectUrl
,redirectResponseCode
. - SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
- Criterias
[]Policy
Waf Config Access Rule Criteria - (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
- Name string
- (Updatable) The unique name of the access rule.
- Block
Action string - (Updatable) The method used to block requests if
action
is set toBLOCK
and the access criteria are met. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access rules'. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.' - Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the access criteria are met. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - Bypass
Challenges []string - (Updatable) The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - Redirect
Response stringCode - (Updatable) The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- Redirect
Url string - (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - Response
Header []PolicyManipulations Waf Config Access Rule Response Header Manipulation - (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action String
(Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to
ALLOW
.- ALLOW: Takes no action, just logs the request.
- DETECT: Takes no action, but creates an alert for the request.
- BLOCK: Blocks the request by returning specified response code or showing error page.
- BYPASS: Bypasses some or all challenges.
- REDIRECT: Redirects the request to the specified URL. These fields are required when
REDIRECT
is selected:redirectUrl
,redirectResponseCode
. - SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
- criterias
List<Policy
Waf Config Access Rule Criteria> - (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
- name String
- (Updatable) The unique name of the access rule.
- block
Action String - (Updatable) The method used to block requests if
action
is set toBLOCK
and the access criteria are met. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access rules'. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.' - block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the access criteria are met. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - bypass
Challenges List<String> - (Updatable) The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - redirect
Response StringCode - (Updatable) The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url String - (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header List<PolicyManipulations Waf Config Access Rule Response Header Manipulation> - (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action string
(Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to
ALLOW
.- ALLOW: Takes no action, just logs the request.
- DETECT: Takes no action, but creates an alert for the request.
- BLOCK: Blocks the request by returning specified response code or showing error page.
- BYPASS: Bypasses some or all challenges.
- REDIRECT: Redirects the request to the specified URL. These fields are required when
REDIRECT
is selected:redirectUrl
,redirectResponseCode
. - SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
- criterias
Policy
Waf Config Access Rule Criteria[] - (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
- name string
- (Updatable) The unique name of the access rule.
- block
Action string - (Updatable) The method used to block requests if
action
is set toBLOCK
and the access criteria are met. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access rules'. - block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.' - block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the access criteria are met. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - bypass
Challenges string[] - (Updatable) The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - redirect
Response stringCode - (Updatable) The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url string - (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header PolicyManipulations Waf Config Access Rule Response Header Manipulation[] - (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action str
(Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to
ALLOW
.- ALLOW: Takes no action, just logs the request.
- DETECT: Takes no action, but creates an alert for the request.
- BLOCK: Blocks the request by returning specified response code or showing error page.
- BYPASS: Bypasses some or all challenges.
- REDIRECT: Redirects the request to the specified URL. These fields are required when
REDIRECT
is selected:redirectUrl
,redirectResponseCode
. - SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
- criterias
Sequence[waas.
Policy Waf Config Access Rule Criteria] - (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
- name str
- (Updatable) The unique name of the access rule.
- block_
action str - (Updatable) The method used to block requests if
action
is set toBLOCK
and the access criteria are met. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access rules'. - block_
error_ strpage_ description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.' - block_
error_ strpage_ message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the access criteria are met. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - bypass_
challenges Sequence[str] - (Updatable) The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- str
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha_
header str - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha_
submit_ strlabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha_
title str - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - redirect_
response_ strcode - (Updatable) The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect_
url str - (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response_
header_ Sequence[waas.manipulations Policy Waf Config Access Rule Response Header Manipulation] - (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action String
(Updatable) The action to take when the access criteria are met for a rule. If unspecified, defaults to
ALLOW
.- ALLOW: Takes no action, just logs the request.
- DETECT: Takes no action, but creates an alert for the request.
- BLOCK: Blocks the request by returning specified response code or showing error page.
- BYPASS: Bypasses some or all challenges.
- REDIRECT: Redirects the request to the specified URL. These fields are required when
REDIRECT
is selected:redirectUrl
,redirectResponseCode
. - SHOW_CAPTCHA: Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
- criterias List<Property Map>
- (Updatable) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
- name String
- (Updatable) The unique name of the access rule.
- block
Action String - (Updatable) The method used to block requests if
action
is set toBLOCK
and the access criteria are met. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access rules'. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.' - block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the access criteria are met. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - bypass
Challenges List<String> - (Updatable) The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toSHOW_CAPTCHA
and the request is challenged. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toSHOW_CAPTCHA
and the request is challenged. - redirect
Response StringCode - (Updatable) The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url String - (Updatable) The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header List<Property Map>Manipulations - (Updatable) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
PolicyWafConfigAccessRuleCriteria, PolicyWafConfigAccessRuleCriteriaArgs
- Condition string
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- (Updatable) The criteria value.
- Is
Case boolSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- Condition string
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- (Updatable) The criteria value.
- Is
Case boolSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition String
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- (Updatable) The criteria value.
- is
Case BooleanSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition string
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value string
- (Updatable) The criteria value.
- is
Case booleanSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition str
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value str
- (Updatable) The criteria value.
- is_
case_ boolsensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition String
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- (Updatable) The criteria value.
- is
Case BooleanSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
PolicyWafConfigAccessRuleResponseHeaderManipulation, PolicyWafConfigAccessRuleResponseHeaderManipulationArgs
- Action string
- (Updatable) The action can be one of these values:
ADD_HTTP_RESPONSE_HEADER
,EXTEND_HTTP_RESPONSE_HEADER
,REMOVE_HTTP_RESPONSE_HEADER
- Header string
- (Updatable) A header field name that conforms to RFC 7230. Example:
example_header_name
- Value string
- (Updatable) A header field value that conforms to RFC 7230. Example:
example_value
- Action string
- (Updatable) The action can be one of these values:
ADD_HTTP_RESPONSE_HEADER
,EXTEND_HTTP_RESPONSE_HEADER
,REMOVE_HTTP_RESPONSE_HEADER
- Header string
- (Updatable) A header field name that conforms to RFC 7230. Example:
example_header_name
- Value string
- (Updatable) A header field value that conforms to RFC 7230. Example:
example_value
- action String
- (Updatable) The action can be one of these values:
ADD_HTTP_RESPONSE_HEADER
,EXTEND_HTTP_RESPONSE_HEADER
,REMOVE_HTTP_RESPONSE_HEADER
- header String
- (Updatable) A header field name that conforms to RFC 7230. Example:
example_header_name
- value String
- (Updatable) A header field value that conforms to RFC 7230. Example:
example_value
- action string
- (Updatable) The action can be one of these values:
ADD_HTTP_RESPONSE_HEADER
,EXTEND_HTTP_RESPONSE_HEADER
,REMOVE_HTTP_RESPONSE_HEADER
- header string
- (Updatable) A header field name that conforms to RFC 7230. Example:
example_header_name
- value string
- (Updatable) A header field value that conforms to RFC 7230. Example:
example_value
- action str
- (Updatable) The action can be one of these values:
ADD_HTTP_RESPONSE_HEADER
,EXTEND_HTTP_RESPONSE_HEADER
,REMOVE_HTTP_RESPONSE_HEADER
- header str
- (Updatable) A header field name that conforms to RFC 7230. Example:
example_header_name
- value str
- (Updatable) A header field value that conforms to RFC 7230. Example:
example_value
- action String
- (Updatable) The action can be one of these values:
ADD_HTTP_RESPONSE_HEADER
,EXTEND_HTTP_RESPONSE_HEADER
,REMOVE_HTTP_RESPONSE_HEADER
- header String
- (Updatable) A header field name that conforms to RFC 7230. Example:
example_header_name
- value String
- (Updatable) A header field value that conforms to RFC 7230. Example:
example_value
PolicyWafConfigAddressRateLimiting, PolicyWafConfigAddressRateLimitingArgs
- Is
Enabled bool - (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
- Allowed
Rate intPer Address - (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - Block
Response intCode - (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to
503
. The list of available response codes:400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - Max
Delayed intCount Per Address - (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- Is
Enabled bool - (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
- Allowed
Rate intPer Address - (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - Block
Response intCode - (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to
503
. The list of available response codes:400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - Max
Delayed intCount Per Address - (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- is
Enabled Boolean - (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
- allowed
Rate IntegerPer Address - (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response IntegerCode - (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to
503
. The list of available response codes:400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - max
Delayed IntegerCount Per Address - (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- is
Enabled boolean - (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
- allowed
Rate numberPer Address - (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response numberCode - (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to
503
. The list of available response codes:400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - max
Delayed numberCount Per Address - (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- is_
enabled bool - (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
- allowed_
rate_ intper_ address - (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block_
response_ intcode - (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to
503
. The list of available response codes:400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - max_
delayed_ intcount_ per_ address - (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- is
Enabled Boolean - (Updatable) Enables or disables the address rate limiting Web Application Firewall feature.
- allowed
Rate NumberPer Address - (Updatable) The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response NumberCode - (Updatable) The response status code returned when a request is blocked. If unspecified, defaults to
503
. The list of available response codes:400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - max
Delayed NumberCount Per Address - (Updatable) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
PolicyWafConfigCachingRule, PolicyWafConfigCachingRuleArgs
- Action string
- (Updatable) The action to take when the criteria of a caching rule are met.
- CACHE: Caches requested content when the criteria of the rule are met.
- BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
- Criterias
List<Policy
Waf Config Caching Rule Criteria> - (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
- Name string
- (Updatable) The name of the caching rule.
- Caching
Duration string - (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Client
Caching stringDuration - (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Is
Client boolCaching Enabled - (Updatable) Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - Key string
- (Updatable) The unique key for the caching rule.
- Action string
- (Updatable) The action to take when the criteria of a caching rule are met.
- CACHE: Caches requested content when the criteria of the rule are met.
- BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
- Criterias
[]Policy
Waf Config Caching Rule Criteria - (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
- Name string
- (Updatable) The name of the caching rule.
- Caching
Duration string - (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Client
Caching stringDuration - (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Is
Client boolCaching Enabled - (Updatable) Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - Key string
- (Updatable) The unique key for the caching rule.
- action String
- (Updatable) The action to take when the criteria of a caching rule are met.
- CACHE: Caches requested content when the criteria of the rule are met.
- BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
- criterias
List<Policy
Waf Config Caching Rule Criteria> - (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
- name String
- (Updatable) The name of the caching rule.
- caching
Duration String - (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching StringDuration - (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- is
Client BooleanCaching Enabled - (Updatable) Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key String
- (Updatable) The unique key for the caching rule.
- action string
- (Updatable) The action to take when the criteria of a caching rule are met.
- CACHE: Caches requested content when the criteria of the rule are met.
- BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
- criterias
Policy
Waf Config Caching Rule Criteria[] - (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
- name string
- (Updatable) The name of the caching rule.
- caching
Duration string - (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching stringDuration - (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- is
Client booleanCaching Enabled - (Updatable) Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key string
- (Updatable) The unique key for the caching rule.
- action str
- (Updatable) The action to take when the criteria of a caching rule are met.
- CACHE: Caches requested content when the criteria of the rule are met.
- BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
- criterias
Sequence[waas.
Policy Waf Config Caching Rule Criteria] - (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
- name str
- (Updatable) The name of the caching rule.
- caching_
duration str - (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client_
caching_ strduration - (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- is_
client_ boolcaching_ enabled - (Updatable) Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key str
- (Updatable) The unique key for the caching rule.
- action String
- (Updatable) The action to take when the criteria of a caching rule are met.
- CACHE: Caches requested content when the criteria of the rule are met.
- BYPASS_CACHE: Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.
- criterias List<Property Map>
- (Updatable) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.
- name String
- (Updatable) The name of the caching rule.
- caching
Duration String - (Updatable) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching StringDuration - (Updatable) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- is
Client BooleanCaching Enabled - (Updatable) Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key String
- (Updatable) The unique key for the caching rule.
PolicyWafConfigCachingRuleCriteria, PolicyWafConfigCachingRuleCriteriaArgs
- Condition string
(Updatable) The condition of the caching rule criteria.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field.
URLs must start with a
/
. URLs can't contain restricted double slashes//
. URLs can't contain the restricted'
&
?
symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- (Updatable) The value of the caching rule criteria.
- Condition string
(Updatable) The condition of the caching rule criteria.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field.
URLs must start with a
/
. URLs can't contain restricted double slashes//
. URLs can't contain the restricted'
&
?
symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- (Updatable) The value of the caching rule criteria.
- condition String
(Updatable) The condition of the caching rule criteria.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field.
URLs must start with a
/
. URLs can't contain restricted double slashes//
. URLs can't contain the restricted'
&
?
symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- (Updatable) The value of the caching rule criteria.
- condition string
(Updatable) The condition of the caching rule criteria.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field.
URLs must start with a
/
. URLs can't contain restricted double slashes//
. URLs can't contain the restricted'
&
?
symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value string
- (Updatable) The value of the caching rule criteria.
- condition str
(Updatable) The condition of the caching rule criteria.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field.
URLs must start with a
/
. URLs can't contain restricted double slashes//
. URLs can't contain the restricted'
&
?
symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value str
- (Updatable) The value of the caching rule criteria.
- condition String
(Updatable) The condition of the caching rule criteria.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field.
URLs must start with a
/
. URLs can't contain restricted double slashes//
. URLs can't contain the restricted'
&
?
symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- (Updatable) The value of the caching rule criteria.
PolicyWafConfigCaptcha, PolicyWafConfigCaptchaArgs
- Failure
Message string - (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- Session
Expiration intIn Seconds - (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - Submit
Label string - (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - Title string
- (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- Url string
- (Updatable) The unique URL path at which to show the CAPTCHA challenge.
- string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- Header
Text string - (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- Failure
Message string - (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- Session
Expiration intIn Seconds - (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - Submit
Label string - (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - Title string
- (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- Url string
- (Updatable) The unique URL path at which to show the CAPTCHA challenge.
- string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- Header
Text string - (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- failure
Message String - (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- session
Expiration IntegerIn Seconds - (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label String - (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title String
- (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url String
- (Updatable) The unique URL path at which to show the CAPTCHA challenge.
- String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text String - (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- failure
Message string - (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- session
Expiration numberIn Seconds - (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label string - (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title string
- (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url string
- (Updatable) The unique URL path at which to show the CAPTCHA challenge.
- string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text string - (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- failure_
message str - (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- session_
expiration_ intin_ seconds - (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit_
label str - (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title str
- (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url str
- (Updatable) The unique URL path at which to show the CAPTCHA challenge.
- str
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header_
text str - (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- failure
Message String - (Updatable) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- session
Expiration NumberIn Seconds - (Updatable) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label String - (Updatable) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title String
- (Updatable) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url String
- (Updatable) The unique URL path at which to show the CAPTCHA challenge.
- String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text String - (Updatable) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
PolicyWafConfigCustomProtectionRule, PolicyWafConfigCustomProtectionRuleArgs
- Action string
- (Updatable) The action to take when the custom protection rule is triggered.
DETECT
- Logs the request when the criteria of the custom protection rule are met.BLOCK
- Blocks the request when the criteria of the custom protection rule are met. - Exclusions
List<Policy
Waf Config Custom Protection Rule Exclusion> - (Updatable)
- Id string
- (Updatable) The OCID of the custom protection rule.
- Action string
- (Updatable) The action to take when the custom protection rule is triggered.
DETECT
- Logs the request when the criteria of the custom protection rule are met.BLOCK
- Blocks the request when the criteria of the custom protection rule are met. - Exclusions
[]Policy
Waf Config Custom Protection Rule Exclusion - (Updatable)
- Id string
- (Updatable) The OCID of the custom protection rule.
- action String
- (Updatable) The action to take when the custom protection rule is triggered.
DETECT
- Logs the request when the criteria of the custom protection rule are met.BLOCK
- Blocks the request when the criteria of the custom protection rule are met. - exclusions
List<Policy
Waf Config Custom Protection Rule Exclusion> - (Updatable)
- id String
- (Updatable) The OCID of the custom protection rule.
- action string
- (Updatable) The action to take when the custom protection rule is triggered.
DETECT
- Logs the request when the criteria of the custom protection rule are met.BLOCK
- Blocks the request when the criteria of the custom protection rule are met. - exclusions
Policy
Waf Config Custom Protection Rule Exclusion[] - (Updatable)
- id string
- (Updatable) The OCID of the custom protection rule.
- action str
- (Updatable) The action to take when the custom protection rule is triggered.
DETECT
- Logs the request when the criteria of the custom protection rule are met.BLOCK
- Blocks the request when the criteria of the custom protection rule are met. - exclusions
Sequence[waas.
Policy Waf Config Custom Protection Rule Exclusion] - (Updatable)
- id str
- (Updatable) The OCID of the custom protection rule.
- action String
- (Updatable) The action to take when the custom protection rule is triggered.
DETECT
- Logs the request when the criteria of the custom protection rule are met.BLOCK
- Blocks the request when the criteria of the custom protection rule are met. - exclusions List<Property Map>
- (Updatable)
- id String
- (Updatable) The OCID of the custom protection rule.
PolicyWafConfigCustomProtectionRuleExclusion, PolicyWafConfigCustomProtectionRuleExclusionArgs
- Exclusions List<string>
- (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target string
- (Updatable) The target of the exclusion.
- Exclusions []string
- (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target string
- (Updatable) The target of the exclusion.
- exclusions List<String>
- (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target String
- (Updatable) The target of the exclusion.
- exclusions string[]
- (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target string
- (Updatable) The target of the exclusion.
- exclusions Sequence[str]
- (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target str
- (Updatable) The target of the exclusion.
- exclusions List<String>
- (Updatable) An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target String
- (Updatable) The target of the exclusion.
PolicyWafConfigDeviceFingerprintChallenge, PolicyWafConfigDeviceFingerprintChallengeArgs
- Is
Enabled bool - (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
- Action string
- (Updatable) The action to take on requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - Challenge
Settings PolicyWaf Config Device Fingerprint Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Max
Address intCount - (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - Max
Address intCount Expiration In Seconds - (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- Is
Enabled bool - (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
- Action string
- (Updatable) The action to take on requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - Challenge
Settings PolicyWaf Config Device Fingerprint Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Max
Address intCount - (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - Max
Address intCount Expiration In Seconds - (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- is
Enabled Boolean - (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
- action String
- (Updatable) The action to take on requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration IntegerIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge
Settings PolicyWaf Config Device Fingerprint Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure
Threshold Integer - (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to
10
. - failure
Threshold IntegerExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - max
Address IntegerCount - (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address IntegerCount Expiration In Seconds - (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- is
Enabled boolean - (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
- action string
- (Updatable) The action to take on requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration numberIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge
Settings PolicyWaf Config Device Fingerprint Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure
Threshold number - (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to
10
. - failure
Threshold numberExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - max
Address numberCount - (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address numberCount Expiration In Seconds - (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- is_
enabled bool - (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
- action str
- (Updatable) The action to take on requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ intin_ seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge_
settings waas.Policy Waf Config Device Fingerprint Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure_
threshold int - (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to
10
. - failure_
threshold_ intexpiration_ in_ seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - max_
address_ intcount - (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max_
address_ intcount_ expiration_ in_ seconds - (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- is
Enabled Boolean - (Updatable) Enables or disables the device fingerprint challenge Web Application Firewall feature.
- action String
- (Updatable) The action to take on requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration NumberIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge
Settings Property Map - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure
Threshold Number - (Updatable) The number of failed requests allowed before taking action. If unspecified, defaults to
10
. - failure
Threshold NumberExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - max
Address NumberCount - (Updatable) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address NumberCount Expiration In Seconds - (Updatable) The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
PolicyWafConfigDeviceFingerprintChallengeChallengeSettings, PolicyWafConfigDeviceFingerprintChallengeChallengeSettingsArgs
- Block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response IntegerCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response numberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action str - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block_
error_ strpage_ code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block_
error_ strpage_ description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block_
response_ intcode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - str
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response NumberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
PolicyWafConfigHumanInteractionChallenge, PolicyWafConfigHumanInteractionChallengeArgs
- Is
Enabled bool - (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
- Action string
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - Challenge
Settings PolicyWaf Config Human Interaction Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Interaction
Threshold int - (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - Is
Nat boolEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Recording
Period intIn Seconds - (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - Set
Http PolicyHeader Waf Config Human Interaction Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- Is
Enabled bool - (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
- Action string
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - Challenge
Settings PolicyWaf Config Human Interaction Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Interaction
Threshold int - (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - Is
Nat boolEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Recording
Period intIn Seconds - (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - Set
Http PolicyHeader Waf Config Human Interaction Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is
Enabled Boolean - (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
- action String
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration IntegerIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge
Settings PolicyWaf Config Human Interaction Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure
Threshold Integer - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold IntegerExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold Integer - (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Nat BooleanEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period IntegerIn Seconds - (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http PolicyHeader Waf Config Human Interaction Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is
Enabled boolean - (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
- action string
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration numberIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge
Settings PolicyWaf Config Human Interaction Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure
Threshold number - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold numberExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold number - (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Nat booleanEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period numberIn Seconds - (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http PolicyHeader Waf Config Human Interaction Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is_
enabled bool - (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
- action str
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ intin_ seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge_
settings waas.Policy Waf Config Human Interaction Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure_
threshold int - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - failure_
threshold_ intexpiration_ in_ seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction_
threshold int - (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is_
nat_ boolenabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording_
period_ intin_ seconds - (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set_
http_ waas.header Policy Waf Config Human Interaction Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is
Enabled Boolean - (Updatable) Enables or disables the human interaction challenge Web Application Firewall feature.
- action String
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration NumberIn Seconds - (Updatable) The number of seconds between challenges for the same IP address. If unspecified, defaults to
60
. - challenge
Settings Property Map - (Updatable) The challenge settings if
action
is set toBLOCK
. - failure
Threshold Number - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold NumberExpiration In Seconds - (Updatable) The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold Number - (Updatable) The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Nat BooleanEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period NumberIn Seconds - (Updatable) The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http Property MapHeader - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
PolicyWafConfigHumanInteractionChallengeChallengeSettings, PolicyWafConfigHumanInteractionChallengeChallengeSettingsArgs
- Block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response IntegerCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response numberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action str - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block_
error_ strpage_ code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block_
error_ strpage_ description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block_
response_ intcode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - str
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response NumberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
PolicyWafConfigHumanInteractionChallengeSetHttpHeader, PolicyWafConfigHumanInteractionChallengeSetHttpHeaderArgs
PolicyWafConfigJsChallenge, PolicyWafConfigJsChallengeArgs
- Is
Enabled bool - (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
- Action string
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Are
Redirects boolChallenged - (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- Challenge
Settings PolicyWaf Config Js Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - Criterias
List<Policy
Waf Config Js Challenge Criteria> - (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Failure
Threshold int - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - Is
Nat boolEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Set
Http PolicyHeader Waf Config Js Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- Is
Enabled bool - (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
- Action string
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Are
Redirects boolChallenged - (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- Challenge
Settings PolicyWaf Config Js Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - Criterias
[]Policy
Waf Config Js Challenge Criteria - (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Failure
Threshold int - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - Is
Nat boolEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Set
Http PolicyHeader Waf Config Js Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is
Enabled Boolean - (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
- action String
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration IntegerIn Seconds - (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects BooleanChallenged - (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings PolicyWaf Config Js Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - criterias
List<Policy
Waf Config Js Challenge Criteria> - (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold Integer - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Nat BooleanEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http PolicyHeader Waf Config Js Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is
Enabled boolean - (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
- action string
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration numberIn Seconds - (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects booleanChallenged - (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings PolicyWaf Config Js Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - criterias
Policy
Waf Config Js Challenge Criteria[] - (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold number - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Nat booleanEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http PolicyHeader Waf Config Js Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is_
enabled bool - (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
- action str
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ intin_ seconds - (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are_
redirects_ boolchallenged - (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge_
settings waas.Policy Waf Config Js Challenge Challenge Settings - (Updatable) The challenge settings if
action
is set toBLOCK
. - criterias
Sequence[waas.
Policy Waf Config Js Challenge Criteria] - (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure_
threshold int - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - is_
nat_ boolenabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set_
http_ waas.header Policy Waf Config Js Challenge Set Http Header - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- is
Enabled Boolean - (Updatable) Enables or disables the JavaScript challenge Web Application Firewall feature.
- action String
- (Updatable) The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration NumberIn Seconds - (Updatable) The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects BooleanChallenged - (Updatable) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings Property Map - (Updatable) The challenge settings if
action
is set toBLOCK
. - criterias List<Property Map>
- (Updatable) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold Number - (Updatable) The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Nat BooleanEnabled - (Updatable) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http Property MapHeader - (Updatable) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
PolicyWafConfigJsChallengeChallengeSettings, PolicyWafConfigJsChallengeChallengeSettingsArgs
- Block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - Block
Response intCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response IntegerCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action string - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response numberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - string
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action str - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block_
error_ strpage_ code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block_
error_ strpage_ description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block_
response_ intcode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - str
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - (Updatable) The method used to block requests that fail the challenge, if
action
is set toBLOCK
. If unspecified, defaults toSHOW_ERROR_PAGE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
and the request is blocked. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults toAccess to the website is blocked
. - block
Response NumberCode - (Updatable) The response status code to return when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
orSHOW_ERROR_PAGE
, and the request is blocked. If unspecified, defaults to403
. The list of available response codes:200
,201
,202
,204
,206
,300
,301
,302
,303
,304
,307
,400
,401
,403
,404
,405
,408
,409
,411
,412
,413
,414
,415
,416
,422
,444
,494
,495
,496
,497
,499
,500
,501
,502
,503
,504
,507
. - String
- (Updatable) The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - (Updatable) The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - (Updatable) The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - (Updatable) The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
PolicyWafConfigJsChallengeCriteria, PolicyWafConfigJsChallengeCriteriaArgs
- Condition string
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- (Updatable) The criteria value.
- Is
Case boolSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- Condition string
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- (Updatable) The criteria value.
- Is
Case boolSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition String
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- (Updatable) The criteria value.
- is
Case BooleanSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition string
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value string
- (Updatable) The criteria value.
- is
Case booleanSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition str
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value str
- (Updatable) The criteria value.
- is_
case_ boolsensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
- condition String
(Updatable) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- HTTP_METHOD_IS_NOT: Matches if the request is not identical to any of the contents of the
value
field. Thevalue
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
Example: "GET\nPOST"
- COUNTRY_IS: Matches if the request originates from one of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - COUNTRY_IS_NOT: Matches if the request does not originate from any of countries in the
value
field. Thevalue
in this case is string with one or multiple countries separated by new line symbol \n Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. Example: "AL\nDZ\nAM" - USER_AGENT_IS: Matches if the requesting user agent is identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- USER_AGENT_IS_NOT: Matches if the requesting user agent is not identical to the contents of the
value
field. Example:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- (Updatable) The criteria value.
- is
Case BooleanSensitive - (Updatable) When enabled, the condition will be matched with case-sensitive rules.
PolicyWafConfigJsChallengeSetHttpHeader, PolicyWafConfigJsChallengeSetHttpHeaderArgs
PolicyWafConfigProtectionSettings, PolicyWafConfigProtectionSettingsArgs
- Allowed
Http List<string>Methods - (Updatable) The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - Block
Action string - (Updatable) If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - (Updatable) The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Response boolInspected (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
.Note: Only origin responses with a Content-Type matching a value in
mediaTypes
will be inspected.- Max
Argument intCount - (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- Max
Name intLength Per Argument - (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - Max
Response intSize In Ki B - (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - Max
Total intName Length Of Arguments - (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - Media
Types List<string> (Updatable) The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
.Supported MIME types include:
- text/html
- text/plain
- text/asp
- text/css
- text/x-script
- application/json
- text/webviewhtml
- text/x-java-source
- application/x-javascript
- application/javascript
- application/ecmascript
- text/javascript
- text/ecmascript
- text/x-script.perl
- text/x-script.phyton
- application/plain
- application/xml
- text/xml
- Recommendations
Period intIn Days (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.Use
GET /waasPolicies/{waasPolicyId}/wafRecommendations
to view WAF recommendations.
- Allowed
Http []stringMethods - (Updatable) The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - Block
Action string - (Updatable) If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - (Updatable) The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Response boolInspected (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
.Note: Only origin responses with a Content-Type matching a value in
mediaTypes
will be inspected.- Max
Argument intCount - (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- Max
Name intLength Per Argument - (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - Max
Response intSize In Ki B - (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - Max
Total intName Length Of Arguments - (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - Media
Types []string (Updatable) The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
.Supported MIME types include:
- text/html
- text/plain
- text/asp
- text/css
- text/x-script
- application/json
- text/webviewhtml
- text/x-java-source
- application/x-javascript
- application/javascript
- application/ecmascript
- text/javascript
- text/ecmascript
- text/x-script.perl
- text/x-script.phyton
- application/plain
- application/xml
- text/xml
- Recommendations
Period intIn Days (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.Use
GET /waasPolicies/{waasPolicyId}/wafRecommendations
to view WAF recommendations.
- allowed
Http List<String>Methods - (Updatable) The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action String - (Updatable) If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - (Updatable) The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response BooleanInspected (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
.Note: Only origin responses with a Content-Type matching a value in
mediaTypes
will be inspected.- max
Argument IntegerCount - (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name IntegerLength Per Argument - (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response IntegerSize In Ki B - (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total IntegerName Length Of Arguments - (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types List<String> (Updatable) The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
.Supported MIME types include:
- text/html
- text/plain
- text/asp
- text/css
- text/x-script
- application/json
- text/webviewhtml
- text/x-java-source
- application/x-javascript
- application/javascript
- application/ecmascript
- text/javascript
- text/ecmascript
- text/x-script.perl
- text/x-script.phyton
- application/plain
- application/xml
- text/xml
- recommendations
Period IntegerIn Days (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.Use
GET /waasPolicies/{waasPolicyId}/wafRecommendations
to view WAF recommendations.
- allowed
Http string[]Methods - (Updatable) The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action string - (Updatable) If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error stringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - (Updatable) The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response booleanInspected (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
.Note: Only origin responses with a Content-Type matching a value in
mediaTypes
will be inspected.- max
Argument numberCount - (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name numberLength Per Argument - (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response numberSize In Ki B - (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total numberName Length Of Arguments - (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types string[] (Updatable) The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
.Supported MIME types include:
- text/html
- text/plain
- text/asp
- text/css
- text/x-script
- application/json
- text/webviewhtml
- text/x-java-source
- application/x-javascript
- application/javascript
- application/ecmascript
- text/javascript
- text/ecmascript
- text/x-script.perl
- text/x-script.phyton
- application/plain
- application/xml
- text/xml
- recommendations
Period numberIn Days (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.Use
GET /waasPolicies/{waasPolicyId}/wafRecommendations
to view WAF recommendations.
- allowed_
http_ Sequence[str]methods - (Updatable) The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block_
action str - (Updatable) If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ strpage_ description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - (Updatable) The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is_
response_ boolinspected (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
.Note: Only origin responses with a Content-Type matching a value in
mediaTypes
will be inspected.- max_
argument_ intcount - (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max_
name_ intlength_ per_ argument - (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max_
response_ intsize_ in_ ki_ b - (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max_
total_ intname_ length_ of_ arguments - (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media_
types Sequence[str] (Updatable) The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
.Supported MIME types include:
- text/html
- text/plain
- text/asp
- text/css
- text/x-script
- application/json
- text/webviewhtml
- text/x-java-source
- application/x-javascript
- application/javascript
- application/ecmascript
- text/javascript
- text/ecmascript
- text/x-script.perl
- text/x-script.phyton
- application/plain
- application/xml
- text/xml
- recommendations_
period_ intin_ days (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.Use
GET /waasPolicies/{waasPolicyId}/wafRecommendations
to view WAF recommendations.
- allowed
Http List<String>Methods - (Updatable) The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action String - (Updatable) If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - (Updatable) The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - (Updatable) The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - (Updatable) The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - (Updatable) The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response BooleanInspected (Updatable) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
.Note: Only origin responses with a Content-Type matching a value in
mediaTypes
will be inspected.- max
Argument NumberCount - (Updatable) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name NumberLength Per Argument - (Updatable) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response NumberSize In Ki B - (Updatable) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total NumberName Length Of Arguments - (Updatable) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types List<String> (Updatable) The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
.Supported MIME types include:
- text/html
- text/plain
- text/asp
- text/css
- text/x-script
- application/json
- text/webviewhtml
- text/x-java-source
- application/x-javascript
- application/javascript
- application/ecmascript
- text/javascript
- text/ecmascript
- text/x-script.perl
- text/x-script.phyton
- application/plain
- application/xml
- text/xml
- recommendations
Period NumberIn Days (Updatable) The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.Use
GET /waasPolicies/{waasPolicyId}/wafRecommendations
to view WAF recommendations.
PolicyWafConfigWhitelist, PolicyWafConfigWhitelistArgs
- Name string
(Updatable) The unique name of the whitelist.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Address
Lists List<string> - (Updatable) A list of OCID of IP address lists to include in the whitelist.
- Addresses List<string>
- (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
- Name string
(Updatable) The unique name of the whitelist.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Address
Lists []string - (Updatable) A list of OCID of IP address lists to include in the whitelist.
- Addresses []string
- (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
- name String
(Updatable) The unique name of the whitelist.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- address
Lists List<String> - (Updatable) A list of OCID of IP address lists to include in the whitelist.
- addresses List<String>
- (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
- name string
(Updatable) The unique name of the whitelist.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- address
Lists string[] - (Updatable) A list of OCID of IP address lists to include in the whitelist.
- addresses string[]
- (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
- name str
(Updatable) The unique name of the whitelist.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- address_
lists Sequence[str] - (Updatable) A list of OCID of IP address lists to include in the whitelist.
- addresses Sequence[str]
- (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
- name String
(Updatable) The unique name of the whitelist.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- address
Lists List<String> - (Updatable) A list of OCID of IP address lists to include in the whitelist.
- addresses List<String>
- (Updatable) A set of IP addresses or CIDR notations to include in the whitelist.
Import
WaasPolicies can be imported using the id
, e.g.
$ pulumi import oci:Waas/policy:Policy test_waas_policy "id"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.