oci.Waas.ProtectionRule
Explore with Pulumi AI
This resource provides the Protection Rule resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.
Updates the action for each specified protection rule. Requests can either be allowed, blocked, or trigger an alert if they meet the parameters of an applied rule. For more information on protection rules, see WAF Protection Rules. This operation can update or disable protection rules depending on the structure of the request body. Protection rules can be updated by changing the properties of the protection rule object with the rule’s key specified in the key field.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.ProtectionRule;
import com.pulumi.oci.Waas.ProtectionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testProtectionRule = new ProtectionRule("testProtectionRule", ProtectionRuleArgs.builder()
.waasPolicyId(testWaasPolicy.id())
.key(key)
.action("DETECT")
.exclusions(ProtectionRuleExclusionArgs.builder()
.exclusions("example.com")
.target("REQUEST_COOKIES")
.build())
.build());
}
}
resources:
testProtectionRule:
type: oci:Waas:ProtectionRule
name: test_protection_rule
properties:
waasPolicyId: ${testWaasPolicy.id}
key: ${key}
action: DETECT
exclusions:
exclusions:
- example.com
target: REQUEST_COOKIES
Create ProtectionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ProtectionRule(name: string, args: ProtectionRuleArgs, opts?: CustomResourceOptions);
@overload
def ProtectionRule(resource_name: str,
args: ProtectionRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ProtectionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
key: Optional[str] = None,
waas_policy_id: Optional[str] = None,
action: Optional[str] = None,
exclusions: Optional[Sequence[_waas.ProtectionRuleExclusionArgs]] = None)
func NewProtectionRule(ctx *Context, name string, args ProtectionRuleArgs, opts ...ResourceOption) (*ProtectionRule, error)
public ProtectionRule(string name, ProtectionRuleArgs args, CustomResourceOptions? opts = null)
public ProtectionRule(String name, ProtectionRuleArgs args)
public ProtectionRule(String name, ProtectionRuleArgs args, CustomResourceOptions options)
type: oci:Waas:ProtectionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProtectionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProtectionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProtectionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProtectionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProtectionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var protectionRuleResource = new Oci.Waas.ProtectionRule("protectionRuleResource", new()
{
Key = "string",
WaasPolicyId = "string",
Action = "string",
Exclusions = new[]
{
new Oci.Waas.Inputs.ProtectionRuleExclusionArgs
{
Exclusions = new[]
{
"string",
},
Target = "string",
},
},
});
example, err := Waas.NewProtectionRule(ctx, "protectionRuleResource", &Waas.ProtectionRuleArgs{
Key: pulumi.String("string"),
WaasPolicyId: pulumi.String("string"),
Action: pulumi.String("string"),
Exclusions: waas.ProtectionRuleExclusionArray{
&waas.ProtectionRuleExclusionArgs{
Exclusions: pulumi.StringArray{
pulumi.String("string"),
},
Target: pulumi.String("string"),
},
},
})
var protectionRuleResource = new ProtectionRule("protectionRuleResource", ProtectionRuleArgs.builder()
.key("string")
.waasPolicyId("string")
.action("string")
.exclusions(ProtectionRuleExclusionArgs.builder()
.exclusions("string")
.target("string")
.build())
.build());
protection_rule_resource = oci.waas.ProtectionRule("protectionRuleResource",
key="string",
waas_policy_id="string",
action="string",
exclusions=[{
"exclusions": ["string"],
"target": "string",
}])
const protectionRuleResource = new oci.waas.ProtectionRule("protectionRuleResource", {
key: "string",
waasPolicyId: "string",
action: "string",
exclusions: [{
exclusions: ["string"],
target: "string",
}],
});
type: oci:Waas:ProtectionRule
properties:
action: string
exclusions:
- exclusions:
- string
target: string
key: string
waasPolicyId: string
ProtectionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ProtectionRule resource accepts the following input properties:
- Key string
- (Updatable) The unique key of the protection rule.
- Waas
Policy stringId - The OCID of the WAAS policy.
- Action string
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - Exclusions
List<Protection
Rule Exclusion> - (Updatable)
- Key string
- (Updatable) The unique key of the protection rule.
- Waas
Policy stringId - The OCID of the WAAS policy.
- Action string
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - Exclusions
[]Protection
Rule Exclusion Args - (Updatable)
- key String
- (Updatable) The unique key of the protection rule.
- waas
Policy StringId - The OCID of the WAAS policy.
- action String
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - exclusions
List<Protection
Rule Exclusion> - (Updatable)
- key string
- (Updatable) The unique key of the protection rule.
- waas
Policy stringId - The OCID of the WAAS policy.
- action string
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - exclusions
Protection
Rule Exclusion[] - (Updatable)
- key str
- (Updatable) The unique key of the protection rule.
- waas_
policy_ strid - The OCID of the WAAS policy.
- action str
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - exclusions
Sequence[waas.
Protection Rule Exclusion Args] - (Updatable)
- key String
- (Updatable) The unique key of the protection rule.
- waas
Policy StringId - The OCID of the WAAS policy.
- action String
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - exclusions List<Property Map>
- (Updatable)
Outputs
All input properties are implicitly available as output properties. Additionally, the ProtectionRule resource produces the following output properties:
- Description string
- The description of the protection rule.
- Id string
- The provider-assigned unique ID for this managed resource.
- Labels List<string>
- The list of labels for the protection rule.
- Mod
Security List<string>Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- Name string
- The name of the protection rule.
- Description string
- The description of the protection rule.
- Id string
- The provider-assigned unique ID for this managed resource.
- Labels []string
- The list of labels for the protection rule.
- Mod
Security []stringRule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- Name string
- The name of the protection rule.
- description String
- The description of the protection rule.
- id String
- The provider-assigned unique ID for this managed resource.
- labels List<String>
- The list of labels for the protection rule.
- mod
Security List<String>Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name String
- The name of the protection rule.
- description string
- The description of the protection rule.
- id string
- The provider-assigned unique ID for this managed resource.
- labels string[]
- The list of labels for the protection rule.
- mod
Security string[]Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name string
- The name of the protection rule.
- description str
- The description of the protection rule.
- id str
- The provider-assigned unique ID for this managed resource.
- labels Sequence[str]
- The list of labels for the protection rule.
- mod_
security_ Sequence[str]rule_ ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name str
- The name of the protection rule.
- description String
- The description of the protection rule.
- id String
- The provider-assigned unique ID for this managed resource.
- labels List<String>
- The list of labels for the protection rule.
- mod
Security List<String>Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name String
- The name of the protection rule.
Look up Existing ProtectionRule Resource
Get an existing ProtectionRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProtectionRuleState, opts?: CustomResourceOptions): ProtectionRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
description: Optional[str] = None,
exclusions: Optional[Sequence[_waas.ProtectionRuleExclusionArgs]] = None,
key: Optional[str] = None,
labels: Optional[Sequence[str]] = None,
mod_security_rule_ids: Optional[Sequence[str]] = None,
name: Optional[str] = None,
waas_policy_id: Optional[str] = None) -> ProtectionRule
func GetProtectionRule(ctx *Context, name string, id IDInput, state *ProtectionRuleState, opts ...ResourceOption) (*ProtectionRule, error)
public static ProtectionRule Get(string name, Input<string> id, ProtectionRuleState? state, CustomResourceOptions? opts = null)
public static ProtectionRule get(String name, Output<String> id, ProtectionRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - Description string
- The description of the protection rule.
- Exclusions
List<Protection
Rule Exclusion> - (Updatable)
- Key string
- (Updatable) The unique key of the protection rule.
- Labels List<string>
- The list of labels for the protection rule.
- Mod
Security List<string>Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- Name string
- The name of the protection rule.
- Waas
Policy stringId - The OCID of the WAAS policy.
- Action string
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - Description string
- The description of the protection rule.
- Exclusions
[]Protection
Rule Exclusion Args - (Updatable)
- Key string
- (Updatable) The unique key of the protection rule.
- Labels []string
- The list of labels for the protection rule.
- Mod
Security []stringRule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- Name string
- The name of the protection rule.
- Waas
Policy stringId - The OCID of the WAAS policy.
- action String
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - description String
- The description of the protection rule.
- exclusions
List<Protection
Rule Exclusion> - (Updatable)
- key String
- (Updatable) The unique key of the protection rule.
- labels List<String>
- The list of labels for the protection rule.
- mod
Security List<String>Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name String
- The name of the protection rule.
- waas
Policy StringId - The OCID of the WAAS policy.
- action string
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - description string
- The description of the protection rule.
- exclusions
Protection
Rule Exclusion[] - (Updatable)
- key string
- (Updatable) The unique key of the protection rule.
- labels string[]
- The list of labels for the protection rule.
- mod
Security string[]Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name string
- The name of the protection rule.
- waas
Policy stringId - The OCID of the WAAS policy.
- action str
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - description str
- The description of the protection rule.
- exclusions
Sequence[waas.
Protection Rule Exclusion Args] - (Updatable)
- key str
- (Updatable) The unique key of the protection rule.
- labels Sequence[str]
- The list of labels for the protection rule.
- mod_
security_ Sequence[str]rule_ ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name str
- The name of the protection rule.
- waas_
policy_ strid - The OCID of the WAAS policy.
- action String
- (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to
OFF
. - description String
- The description of the protection rule.
- exclusions List<Property Map>
- (Updatable)
- key String
- (Updatable) The unique key of the protection rule.
- labels List<String>
- The list of labels for the protection rule.
- mod
Security List<String>Rule Ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
- name String
- The name of the protection rule.
- waas
Policy StringId - The OCID of the WAAS policy.
Supporting Types
ProtectionRuleExclusion, ProtectionRuleExclusionArgs
- Exclusions List<string>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target string
The target of the exclusion.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Exclusions []string
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target string
The target of the exclusion.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- exclusions List<String>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target String
The target of the exclusion.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- exclusions string[]
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target string
The target of the exclusion.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- exclusions Sequence[str]
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target str
The target of the exclusion.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- exclusions List<String>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target String
The target of the exclusion.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Import
ProtectionRules can be imported using the id
, e.g.
$ pulumi import oci:Waas/protectionRule:ProtectionRule test_protection_rule "waasPolicyId/{waasPolicyId}/key/{key}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.