Oracle Cloud Infrastructure v2.11.0 published on Thursday, Sep 19, 2024 by Pulumi
oci.Waas.getWaasPolicies
Explore with Pulumi AI
This data source provides the list of Waas Policies in Oracle Cloud Infrastructure Web Application Acceleration and Security service.
Gets a list of WAAS policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testWaasPolicies = oci.Waas.getWaasPolicies({
compartmentId: compartmentId,
displayNames: waasPolicyDisplayNames,
ids: waasPolicyIds,
states: waasPolicyStates,
timeCreatedGreaterThanOrEqualTo: waasPolicyTimeCreatedGreaterThanOrEqualTo,
timeCreatedLessThan: waasPolicyTimeCreatedLessThan,
});
import pulumi
import pulumi_oci as oci
test_waas_policies = oci.Waas.get_waas_policies(compartment_id=compartment_id,
display_names=waas_policy_display_names,
ids=waas_policy_ids,
states=waas_policy_states,
time_created_greater_than_or_equal_to=waas_policy_time_created_greater_than_or_equal_to,
time_created_less_than=waas_policy_time_created_less_than)
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/Waas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := Waas.GetWaasPolicies(ctx, &waas.GetWaasPoliciesArgs{
CompartmentId: compartmentId,
DisplayNames: waasPolicyDisplayNames,
Ids: waasPolicyIds,
States: waasPolicyStates,
TimeCreatedGreaterThanOrEqualTo: pulumi.StringRef(waasPolicyTimeCreatedGreaterThanOrEqualTo),
TimeCreatedLessThan: pulumi.StringRef(waasPolicyTimeCreatedLessThan),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testWaasPolicies = Oci.Waas.GetWaasPolicies.Invoke(new()
{
CompartmentId = compartmentId,
DisplayNames = waasPolicyDisplayNames,
Ids = waasPolicyIds,
States = waasPolicyStates,
TimeCreatedGreaterThanOrEqualTo = waasPolicyTimeCreatedGreaterThanOrEqualTo,
TimeCreatedLessThan = waasPolicyTimeCreatedLessThan,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.WaasFunctions;
import com.pulumi.oci.Waas.inputs.GetWaasPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var testWaasPolicies = WaasFunctions.getWaasPolicies(GetWaasPoliciesArgs.builder()
.compartmentId(compartmentId)
.displayNames(waasPolicyDisplayNames)
.ids(waasPolicyIds)
.states(waasPolicyStates)
.timeCreatedGreaterThanOrEqualTo(waasPolicyTimeCreatedGreaterThanOrEqualTo)
.timeCreatedLessThan(waasPolicyTimeCreatedLessThan)
.build());
}
}
variables:
testWaasPolicies:
fn::invoke:
Function: oci:Waas:getWaasPolicies
Arguments:
compartmentId: ${compartmentId}
displayNames: ${waasPolicyDisplayNames}
ids: ${waasPolicyIds}
states: ${waasPolicyStates}
timeCreatedGreaterThanOrEqualTo: ${waasPolicyTimeCreatedGreaterThanOrEqualTo}
timeCreatedLessThan: ${waasPolicyTimeCreatedLessThan}
Using getWaasPolicies
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getWaasPolicies(args: GetWaasPoliciesArgs, opts?: InvokeOptions): Promise<GetWaasPoliciesResult>
function getWaasPoliciesOutput(args: GetWaasPoliciesOutputArgs, opts?: InvokeOptions): Output<GetWaasPoliciesResult>
def get_waas_policies(compartment_id: Optional[str] = None,
display_names: Optional[Sequence[str]] = None,
filters: Optional[Sequence[_waas.GetWaasPoliciesFilter]] = None,
ids: Optional[Sequence[str]] = None,
states: Optional[Sequence[str]] = None,
time_created_greater_than_or_equal_to: Optional[str] = None,
time_created_less_than: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetWaasPoliciesResult
def get_waas_policies_output(compartment_id: Optional[pulumi.Input[str]] = None,
display_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
filters: Optional[pulumi.Input[Sequence[pulumi.Input[_waas.GetWaasPoliciesFilterArgs]]]] = None,
ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
states: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
time_created_greater_than_or_equal_to: Optional[pulumi.Input[str]] = None,
time_created_less_than: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetWaasPoliciesResult]
func GetWaasPolicies(ctx *Context, args *GetWaasPoliciesArgs, opts ...InvokeOption) (*GetWaasPoliciesResult, error)
func GetWaasPoliciesOutput(ctx *Context, args *GetWaasPoliciesOutputArgs, opts ...InvokeOption) GetWaasPoliciesResultOutput
> Note: This function is named GetWaasPolicies
in the Go SDK.
public static class GetWaasPolicies
{
public static Task<GetWaasPoliciesResult> InvokeAsync(GetWaasPoliciesArgs args, InvokeOptions? opts = null)
public static Output<GetWaasPoliciesResult> Invoke(GetWaasPoliciesInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetWaasPoliciesResult> getWaasPolicies(GetWaasPoliciesArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: oci:Waas/getWaasPolicies:getWaasPolicies
arguments:
# arguments dictionary
The following arguments are supported:
- Compartment
Id string - The OCID of the compartment. This number is generated when the compartment is created.
- Display
Names List<string> - Filter policies using a list of display names.
- Filters
List<Get
Waas Policies Filter> - Ids List<string>
- Filter policies using a list of policy OCIDs.
- States List<string>
- Filter policies using a list of lifecycle states.
- Time
Created stringGreater Than Or Equal To - A filter that matches policies created on or after the specified date and time.
- Time
Created stringLess Than - A filter that matches policies created before the specified date-time.
- Compartment
Id string - The OCID of the compartment. This number is generated when the compartment is created.
- Display
Names []string - Filter policies using a list of display names.
- Filters
[]Get
Waas Policies Filter - Ids []string
- Filter policies using a list of policy OCIDs.
- States []string
- Filter policies using a list of lifecycle states.
- Time
Created stringGreater Than Or Equal To - A filter that matches policies created on or after the specified date and time.
- Time
Created stringLess Than - A filter that matches policies created before the specified date-time.
- compartment
Id String - The OCID of the compartment. This number is generated when the compartment is created.
- display
Names List<String> - Filter policies using a list of display names.
- filters
List<Get
Policies Filter> - ids List<String>
- Filter policies using a list of policy OCIDs.
- states List<String>
- Filter policies using a list of lifecycle states.
- time
Created StringGreater Than Or Equal To - A filter that matches policies created on or after the specified date and time.
- time
Created StringLess Than - A filter that matches policies created before the specified date-time.
- compartment
Id string - The OCID of the compartment. This number is generated when the compartment is created.
- display
Names string[] - Filter policies using a list of display names.
- filters
Get
Waas Policies Filter[] - ids string[]
- Filter policies using a list of policy OCIDs.
- states string[]
- Filter policies using a list of lifecycle states.
- time
Created stringGreater Than Or Equal To - A filter that matches policies created on or after the specified date and time.
- time
Created stringLess Than - A filter that matches policies created before the specified date-time.
- compartment_
id str - The OCID of the compartment. This number is generated when the compartment is created.
- display_
names Sequence[str] - Filter policies using a list of display names.
- filters
Sequence[waas.
Get Waas Policies Filter] - ids Sequence[str]
- Filter policies using a list of policy OCIDs.
- states Sequence[str]
- Filter policies using a list of lifecycle states.
- time_
created_ strgreater_ than_ or_ equal_ to - A filter that matches policies created on or after the specified date and time.
- time_
created_ strless_ than - A filter that matches policies created before the specified date-time.
- compartment
Id String - The OCID of the compartment. This number is generated when the compartment is created.
- display
Names List<String> - Filter policies using a list of display names.
- filters List<Property Map>
- ids List<String>
- Filter policies using a list of policy OCIDs.
- states List<String>
- Filter policies using a list of lifecycle states.
- time
Created StringGreater Than Or Equal To - A filter that matches policies created on or after the specified date and time.
- time
Created StringLess Than - A filter that matches policies created before the specified date-time.
getWaasPolicies Result
The following output properties are available:
- Compartment
Id string - The OCID of the WAAS policy's compartment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Waas
Policies List<GetWaas Policies Waas Policy> - The list of waas_policies.
- Display
Names List<string> - Filters
List<Get
Waas Policies Filter> - Ids List<string>
- States List<string>
- Time
Created stringGreater Than Or Equal To - Time
Created stringLess Than
- Compartment
Id string - The OCID of the WAAS policy's compartment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Waas
Policies []GetWaas Policies Waas Policy - The list of waas_policies.
- Display
Names []string - Filters
[]Get
Waas Policies Filter - Ids []string
- States []string
- Time
Created stringGreater Than Or Equal To - Time
Created stringLess Than
- compartment
Id String - The OCID of the WAAS policy's compartment.
- id String
- The provider-assigned unique ID for this managed resource.
- waas
Policies List<GetPolicies Policy> - The list of waas_policies.
- display
Names List<String> - filters
List<Get
Policies Filter> - ids List<String>
- states List<String>
- time
Created StringGreater Than Or Equal To - time
Created StringLess Than
- compartment
Id string - The OCID of the WAAS policy's compartment.
- id string
- The provider-assigned unique ID for this managed resource.
- waas
Policies GetWaas Policies Waas Policy[] - The list of waas_policies.
- display
Names string[] - filters
Get
Waas Policies Filter[] - ids string[]
- states string[]
- time
Created stringGreater Than Or Equal To - time
Created stringLess Than
- compartment_
id str - The OCID of the WAAS policy's compartment.
- id str
- The provider-assigned unique ID for this managed resource.
- waas_
policies Sequence[waas.Get Waas Policies Waas Policy] - The list of waas_policies.
- display_
names Sequence[str] - filters
Sequence[waas.
Get Waas Policies Filter] - ids Sequence[str]
- states Sequence[str]
- time_
created_ strgreater_ than_ or_ equal_ to - time_
created_ strless_ than
- compartment
Id String - The OCID of the WAAS policy's compartment.
- id String
- The provider-assigned unique ID for this managed resource.
- waas
Policies List<Property Map> - The list of waas_policies.
- display
Names List<String> - filters List<Property Map>
- ids List<String>
- states List<String>
- time
Created StringGreater Than Or Equal To - time
Created StringLess Than
Supporting Types
GetWaasPoliciesFilter
GetWaasPoliciesWaasPolicy
- Additional
Domains List<string> - An array of additional domains for this web application.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Compartment
Id string - The OCID of the compartment. This number is generated when the compartment is created.
- Dictionary<string, string>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- Domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Dictionary<string, string>
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Id string
- The OCID of the custom protection rule.
- Origin
Groups List<GetWaas Policies Waas Policy Origin Group> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
List<Get
Waas Policies Waas Policy Origin> - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - Policy
Configs List<GetWaas Policies Waas Policy Policy Config> - The configuration details for the WAAS policy.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Waf
Configs List<GetWaas Policies Waas Policy Waf Config> - The Web Application Firewall configuration for the WAAS policy.
- Additional
Domains []string - An array of additional domains for this web application.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Compartment
Id string - The OCID of the compartment. This number is generated when the compartment is created.
- map[string]string
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- Domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- map[string]string
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Id string
- The OCID of the custom protection rule.
- Origin
Groups []GetWaas Policies Waas Policy Origin Group - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
[]Get
Waas Policies Waas Policy Origin - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - Policy
Configs []GetWaas Policies Waas Policy Policy Config - The configuration details for the WAAS policy.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Waf
Configs []GetWaas Policies Waas Policy Waf Config - The Web Application Firewall configuration for the WAAS policy.
- additional
Domains List<String> - An array of additional domains for this web application.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id String - The OCID of the compartment. This number is generated when the compartment is created.
- Map<String,String>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain String
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Map<String,String>
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id String
- The OCID of the custom protection rule.
- origin
Groups List<GetPolicies Policy Origin Group> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
List<Get
Policies Policy Origin> - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy
Configs List<GetPolicies Policy Policy Config> - The configuration details for the WAAS policy.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf
Configs List<GetPolicies Policy Waf Config> - The Web Application Firewall configuration for the WAAS policy.
- additional
Domains string[] - An array of additional domains for this web application.
- cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id string - The OCID of the compartment. This number is generated when the compartment is created.
- {[key: string]: string}
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name string - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- {[key: string]: string}
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id string
- The OCID of the custom protection rule.
- origin
Groups GetWaas Policies Waas Policy Origin Group[] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Get
Waas Policies Waas Policy Origin[] - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy
Configs GetWaas Policies Waas Policy Policy Config[] - The configuration details for the WAAS policy.
- state string
- The current lifecycle state of the WAAS policy.
- time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf
Configs GetWaas Policies Waas Policy Waf Config[] - The Web Application Firewall configuration for the WAAS policy.
- additional_
domains Sequence[str] - An array of additional domains for this web application.
- cname str
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment_
id str - The OCID of the compartment. This number is generated when the compartment is created.
- Mapping[str, str]
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display_
name str - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain str
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Mapping[str, str]
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id str
- The OCID of the custom protection rule.
- origin_
groups Sequence[waas.Get Waas Policies Waas Policy Origin Group] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Sequence[waas.
Get Waas Policies Waas Policy Origin] - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy_
configs Sequence[waas.Get Waas Policies Waas Policy Policy Config] - The configuration details for the WAAS policy.
- state str
- The current lifecycle state of the WAAS policy.
- time_
created str - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf_
configs Sequence[waas.Get Waas Policies Waas Policy Waf Config] - The Web Application Firewall configuration for the WAAS policy.
- additional
Domains List<String> - An array of additional domains for this web application.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id String - The OCID of the compartment. This number is generated when the compartment is created.
- Map<String>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain String
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Map<String>
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id String
- The OCID of the custom protection rule.
- origin
Groups List<Property Map> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins List<Property Map>
- A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy
Configs List<Property Map> - The configuration details for the WAAS policy.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waf
Configs List<Property Map> - The Web Application Firewall configuration for the WAAS policy.
GetWaasPoliciesWaasPolicyOrigin
- Custom
Headers List<GetWaas Policies Waas Policy Origin Custom Header> - A list of HTTP headers to forward to your origin.
- Http
Port int - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - Https
Port int - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic. - Label string
- Uri string
- The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields.
- Custom
Headers []GetWaas Policies Waas Policy Origin Custom Header - A list of HTTP headers to forward to your origin.
- Http
Port int - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - Https
Port int - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic. - Label string
- Uri string
- The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields.
- custom
Headers List<GetPolicies Policy Origin Custom Header> - A list of HTTP headers to forward to your origin.
- http
Port Integer - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port Integer - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic. - label String
- uri String
- The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields.
- custom
Headers GetWaas Policies Waas Policy Origin Custom Header[] - A list of HTTP headers to forward to your origin.
- http
Port number - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port number - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic. - label string
- uri string
- The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields.
- custom_
headers Sequence[waas.Get Waas Policies Waas Policy Origin Custom Header] - A list of HTTP headers to forward to your origin.
- http_
port int - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https_
port int - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic. - label str
- uri str
- The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields.
- custom
Headers List<Property Map> - A list of HTTP headers to forward to your origin.
- http
Port Number - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port Number - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic. - label String
- uri String
- The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields.
GetWaasPoliciesWaasPolicyOriginCustomHeader
GetWaasPoliciesWaasPolicyOriginGroup
GetWaasPoliciesWaasPolicyOriginGroupOriginGroup
GetWaasPoliciesWaasPolicyPolicyConfig
- Certificate
Id string - The OCID of the SSL certificate to use if HTTPS is supported.
- Cipher
Group string - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- Client
Address stringHeader - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - Health
Checks List<GetWaas Policies Waas Policy Policy Config Health Check> - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- Is
Behind boolCdn - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - Is
Cache boolControl Respected - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - Is
Https boolEnabled - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - Is
Https boolForced - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - Is
Origin boolCompression Enabled - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - Is
Response boolBuffering Enabled - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- Is
Sni boolEnabled - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- Load
Balancing List<GetMethods Waas Policies Waas Policy Policy Config Load Balancing Method> - An object that represents a load balancing method and its properties.
- Tls
Protocols List<string> - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- Websocket
Path List<string>Prefixes - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- Certificate
Id string - The OCID of the SSL certificate to use if HTTPS is supported.
- Cipher
Group string - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- Client
Address stringHeader - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - Health
Checks []GetWaas Policies Waas Policy Policy Config Health Check - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- Is
Behind boolCdn - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - Is
Cache boolControl Respected - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - Is
Https boolEnabled - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - Is
Https boolForced - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - Is
Origin boolCompression Enabled - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - Is
Response boolBuffering Enabled - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- Is
Sni boolEnabled - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- Load
Balancing []GetMethods Waas Policies Waas Policy Policy Config Load Balancing Method - An object that represents a load balancing method and its properties.
- Tls
Protocols []string - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- Websocket
Path []stringPrefixes - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id String - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group String - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address StringHeader - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health
Checks List<GetPolicies Policy Policy Config Health Check> - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind BooleanCdn - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache BooleanControl Respected - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https BooleanEnabled - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https BooleanForced - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin BooleanCompression Enabled - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response BooleanBuffering Enabled - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni BooleanEnabled - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing List<GetMethods Policies Policy Policy Config Load Balancing Method> - An object that represents a load balancing method and its properties.
- tls
Protocols List<String> - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket
Path List<String>Prefixes - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id string - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group string - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address stringHeader - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health
Checks GetWaas Policies Waas Policy Policy Config Health Check[] - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind booleanCdn - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache booleanControl Respected - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https booleanEnabled - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https booleanForced - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin booleanCompression Enabled - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response booleanBuffering Enabled - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni booleanEnabled - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing GetMethods Waas Policies Waas Policy Policy Config Load Balancing Method[] - An object that represents a load balancing method and its properties.
- tls
Protocols string[] - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket
Path string[]Prefixes - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate_
id str - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher_
group str - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client_
address_ strheader - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health_
checks Sequence[waas.Get Waas Policies Waas Policy Policy Config Health Check] - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is_
behind_ boolcdn - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is_
cache_ boolcontrol_ respected - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is_
https_ boolenabled - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is_
https_ boolforced - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is_
origin_ boolcompression_ enabled - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is_
response_ boolbuffering_ enabled - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is_
sni_ boolenabled - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load_
balancing_ Sequence[waas.methods Get Waas Policies Waas Policy Policy Config Load Balancing Method] - An object that represents a load balancing method and its properties.
- tls_
protocols Sequence[str] - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket_
path_ Sequence[str]prefixes - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id String - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group String - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address StringHeader - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health
Checks List<Property Map> - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind BooleanCdn - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache BooleanControl Respected - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https BooleanEnabled - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https BooleanForced - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin BooleanCompression Enabled - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response BooleanBuffering Enabled - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni BooleanEnabled - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing List<Property Map>Methods - An object that represents a load balancing method and its properties.
- tls
Protocols List<String> - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket
Path List<String>Prefixes - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
GetWaasPoliciesWaasPolicyPolicyConfigHealthCheck
- Expected
Response List<string>Code Groups - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- Expected
Response stringText - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- Headers Dictionary<string, string>
- HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - Healthy
Threshold int - Number of successful health checks after which the server is marked up.
- Interval
In intSeconds - Time between health checks of an individual origin server, in seconds.
- Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Response boolText Check Enabled - Enables or disables additional check for predefined text in addition to response code.
- Method string
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Path string
- Path to visit on your origins when performing the health check.
- Timeout
In intSeconds - Response timeout represents wait time until request is considered failed, in seconds.
- Unhealthy
Threshold int - Number of failed health checks after which the server is marked down.
- Expected
Response []stringCode Groups - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- Expected
Response stringText - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- Headers map[string]string
- HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - Healthy
Threshold int - Number of successful health checks after which the server is marked up.
- Interval
In intSeconds - Time between health checks of an individual origin server, in seconds.
- Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Response boolText Check Enabled - Enables or disables additional check for predefined text in addition to response code.
- Method string
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Path string
- Path to visit on your origins when performing the health check.
- Timeout
In intSeconds - Response timeout represents wait time until request is considered failed, in seconds.
- Unhealthy
Threshold int - Number of failed health checks after which the server is marked down.
- expected
Response List<String>Code Groups - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response StringText - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers Map<String,String>
- HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy
Threshold Integer - Number of successful health checks after which the server is marked up.
- interval
In IntegerSeconds - Time between health checks of an individual origin server, in seconds.
- is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Response BooleanText Check Enabled - Enables or disables additional check for predefined text in addition to response code.
- method String
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path String
- Path to visit on your origins when performing the health check.
- timeout
In IntegerSeconds - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold Integer - Number of failed health checks after which the server is marked down.
- expected
Response string[]Code Groups - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response stringText - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers {[key: string]: string}
- HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy
Threshold number - Number of successful health checks after which the server is marked up.
- interval
In numberSeconds - Time between health checks of an individual origin server, in seconds.
- is
Enabled boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Response booleanText Check Enabled - Enables or disables additional check for predefined text in addition to response code.
- method string
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path string
- Path to visit on your origins when performing the health check.
- timeout
In numberSeconds - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold number - Number of failed health checks after which the server is marked down.
- expected_
response_ Sequence[str]code_ groups - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected_
response_ strtext - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers Mapping[str, str]
- HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy_
threshold int - Number of successful health checks after which the server is marked up.
- interval_
in_ intseconds - Time between health checks of an individual origin server, in seconds.
- is_
enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is_
response_ booltext_ check_ enabled - Enables or disables additional check for predefined text in addition to response code.
- method str
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path str
- Path to visit on your origins when performing the health check.
- timeout_
in_ intseconds - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy_
threshold int - Number of failed health checks after which the server is marked down.
- expected
Response List<String>Code Groups - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response StringText - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers Map<String>
- HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy
Threshold Number - Number of successful health checks after which the server is marked up.
- interval
In NumberSeconds - Time between health checks of an individual origin server, in seconds.
- is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Response BooleanText Check Enabled - Enables or disables additional check for predefined text in addition to response code.
- method String
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path String
- Path to visit on your origins when performing the health check.
- timeout
In NumberSeconds - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold Number - Number of failed health checks after which the server is marked down.
GetWaasPoliciesWaasPolicyPolicyConfigLoadBalancingMethod
- Domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Expiration
Time intIn Seconds - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- Method string
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Name string
- The unique name of the whitelist.
- Domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Expiration
Time intIn Seconds - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- Method string
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Name string
- The unique name of the whitelist.
- domain String
- The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time IntegerIn Seconds - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method String
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name String
- The unique name of the whitelist.
- domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time numberIn Seconds - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method string
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name string
- The unique name of the whitelist.
- domain str
- The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration_
time_ intin_ seconds - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method str
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name str
- The unique name of the whitelist.
- domain String
- The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time NumberIn Seconds - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method String
- Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name String
- The unique name of the whitelist.
GetWaasPoliciesWaasPolicyWafConfig
- Access
Rules List<GetWaas Policies Waas Policy Waf Config Access Rule> - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - Address
Rate List<GetLimitings Waas Policies Waas Policy Waf Config Address Rate Limiting> - The IP address rate limiting settings used to limit the number of requests from an address.
- Caching
Rules List<GetWaas Policies Waas Policy Waf Config Caching Rule> - A list of caching rules applied to the web application.
- Captchas
List<Get
Waas Policies Waas Policy Waf Config Captcha> - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- Custom
Protection List<GetRules Waas Policies Waas Policy Waf Config Custom Protection Rule> - A list of the custom protection rule OCIDs and their actions.
- Device
Fingerprint List<GetChallenges Waas Policies Waas Policy Waf Config Device Fingerprint Challenge> - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- Human
Interaction List<GetChallenges Waas Policies Waas Policy Waf Config Human Interaction Challenge> - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- Js
Challenges List<GetWaas Policies Waas Policy Waf Config Js Challenge> - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- Origin string
- The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - Origin
Groups List<string> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Protection
Settings List<GetWaas Policies Waas Policy Waf Config Protection Setting> - The settings to apply to protection rules.
- Whitelists
List<Get
Waas Policies Waas Policy Waf Config Whitelist> - A list of IP addresses that bypass the Web Application Firewall.
- Access
Rules []GetWaas Policies Waas Policy Waf Config Access Rule - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - Address
Rate []GetLimitings Waas Policies Waas Policy Waf Config Address Rate Limiting - The IP address rate limiting settings used to limit the number of requests from an address.
- Caching
Rules []GetWaas Policies Waas Policy Waf Config Caching Rule - A list of caching rules applied to the web application.
- Captchas
[]Get
Waas Policies Waas Policy Waf Config Captcha - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- Custom
Protection []GetRules Waas Policies Waas Policy Waf Config Custom Protection Rule - A list of the custom protection rule OCIDs and their actions.
- Device
Fingerprint []GetChallenges Waas Policies Waas Policy Waf Config Device Fingerprint Challenge - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- Human
Interaction []GetChallenges Waas Policies Waas Policy Waf Config Human Interaction Challenge - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- Js
Challenges []GetWaas Policies Waas Policy Waf Config Js Challenge - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- Origin string
- The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - Origin
Groups []string - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Protection
Settings []GetWaas Policies Waas Policy Waf Config Protection Setting - The settings to apply to protection rules.
- Whitelists
[]Get
Waas Policies Waas Policy Waf Config Whitelist - A list of IP addresses that bypass the Web Application Firewall.
- access
Rules List<GetPolicies Policy Waf Config Access Rule> - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address
Rate List<GetLimitings Policies Policy Waf Config Address Rate Limiting> - The IP address rate limiting settings used to limit the number of requests from an address.
- caching
Rules List<GetPolicies Policy Waf Config Caching Rule> - A list of caching rules applied to the web application.
- captchas
List<Get
Policies Policy Waf Config Captcha> - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom
Protection List<GetRules Policies Policy Waf Config Custom Protection Rule> - A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint List<GetChallenges Policies Policy Waf Config Device Fingerprint Challenge> - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human
Interaction List<GetChallenges Policies Policy Waf Config Human Interaction Challenge> - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenges List<GetPolicies Policy Waf Config Js Challenge> - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin String
- The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin
Groups List<String> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings List<GetPolicies Policy Waf Config Protection Setting> - The settings to apply to protection rules.
- whitelists
List<Get
Policies Policy Waf Config Whitelist> - A list of IP addresses that bypass the Web Application Firewall.
- access
Rules GetWaas Policies Waas Policy Waf Config Access Rule[] - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address
Rate GetLimitings Waas Policies Waas Policy Waf Config Address Rate Limiting[] - The IP address rate limiting settings used to limit the number of requests from an address.
- caching
Rules GetWaas Policies Waas Policy Waf Config Caching Rule[] - A list of caching rules applied to the web application.
- captchas
Get
Waas Policies Waas Policy Waf Config Captcha[] - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom
Protection GetRules Waas Policies Waas Policy Waf Config Custom Protection Rule[] - A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint GetChallenges Waas Policies Waas Policy Waf Config Device Fingerprint Challenge[] - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human
Interaction GetChallenges Waas Policies Waas Policy Waf Config Human Interaction Challenge[] - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenges GetWaas Policies Waas Policy Waf Config Js Challenge[] - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin string
- The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin
Groups string[] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings GetWaas Policies Waas Policy Waf Config Protection Setting[] - The settings to apply to protection rules.
- whitelists
Get
Waas Policies Waas Policy Waf Config Whitelist[] - A list of IP addresses that bypass the Web Application Firewall.
- access_
rules Sequence[waas.Get Waas Policies Waas Policy Waf Config Access Rule] - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address_
rate_ Sequence[waas.limitings Get Waas Policies Waas Policy Waf Config Address Rate Limiting] - The IP address rate limiting settings used to limit the number of requests from an address.
- caching_
rules Sequence[waas.Get Waas Policies Waas Policy Waf Config Caching Rule] - A list of caching rules applied to the web application.
- captchas
Sequence[waas.
Get Waas Policies Waas Policy Waf Config Captcha] - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom_
protection_ Sequence[waas.rules Get Waas Policies Waas Policy Waf Config Custom Protection Rule] - A list of the custom protection rule OCIDs and their actions.
- device_
fingerprint_ Sequence[waas.challenges Get Waas Policies Waas Policy Waf Config Device Fingerprint Challenge] - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human_
interaction_ Sequence[waas.challenges Get Waas Policies Waas Policy Waf Config Human Interaction Challenge] - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js_
challenges Sequence[waas.Get Waas Policies Waas Policy Waf Config Js Challenge] - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin str
- The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin_
groups Sequence[str] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection_
settings Sequence[waas.Get Waas Policies Waas Policy Waf Config Protection Setting] - The settings to apply to protection rules.
- whitelists
Sequence[waas.
Get Waas Policies Waas Policy Waf Config Whitelist] - A list of IP addresses that bypass the Web Application Firewall.
- access
Rules List<Property Map> - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address
Rate List<Property Map>Limitings - The IP address rate limiting settings used to limit the number of requests from an address.
- caching
Rules List<Property Map> - A list of caching rules applied to the web application.
- captchas List<Property Map>
- A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom
Protection List<Property Map>Rules - A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint List<Property Map>Challenges - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human
Interaction List<Property Map>Challenges - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenges List<Property Map> - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin String
- The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin
Groups List<String> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings List<Property Map> - The settings to apply to protection rules.
- whitelists List<Property Map>
- A list of IP addresses that bypass the Web Application Firewall.
GetWaasPoliciesWaasPolicyWafConfigAccessRule
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Bypass
Challenges List<string> - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Criterias
List<Get
Waas Policies Waas Policy Waf Config Access Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Name string
- The unique name of the whitelist.
- Redirect
Response stringCode - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- Redirect
Url string - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - Response
Header List<GetManipulations Waas Policies Waas Policy Waf Config Access Rule Response Header Manipulation> - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Bypass
Challenges []string - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Criterias
[]Get
Waas Policies Waas Policy Waf Config Access Rule Criteria - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Name string
- The unique name of the whitelist.
- Redirect
Response stringCode - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- Redirect
Url string - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - Response
Header []GetManipulations Waas Policies Waas Policy Waf Config Access Rule Response Header Manipulation - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass
Challenges List<String> - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
List<Get
Policies Policy Waf Config Access Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name String
- The unique name of the whitelist.
- redirect
Response StringCode - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url String - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header List<GetManipulations Policies Policy Waf Config Access Rule Response Header Manipulation> - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass
Challenges string[] - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
Get
Waas Policies Waas Policy Waf Config Access Rule Criteria[] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name string
- The unique name of the whitelist.
- redirect
Response stringCode - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url string - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header GetManipulations Waas Policies Waas Policy Waf Config Access Rule Response Header Manipulation[] - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action str
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block_
action str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ strpage_ description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass_
challenges Sequence[str] - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- str
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
Sequence[waas.
Get Waas Policies Waas Policy Waf Config Access Rule Criteria] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name str
- The unique name of the whitelist.
- redirect_
response_ strcode - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect_
url str - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response_
header_ Sequence[waas.manipulations Get Waas Policies Waas Policy Waf Config Access Rule Response Header Manipulation] - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass
Challenges List<String> - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
- String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias List<Property Map>
- When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name String
- The unique name of the whitelist.
- redirect
Response StringCode - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url String - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header List<Property Map>Manipulations - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
GetWaasPoliciesWaasPolicyWafConfigAccessRuleCriteria
- Condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case boolSensitive - When enabled, the condition will be matched with case-sensitive rules.
- Value string
- The value of the header.
- Condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case boolSensitive - When enabled, the condition will be matched with case-sensitive rules.
- Value string
- The value of the header.
- condition String
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case BooleanSensitive - When enabled, the condition will be matched with case-sensitive rules.
- value String
- The value of the header.
- condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case booleanSensitive - When enabled, the condition will be matched with case-sensitive rules.
- value string
- The value of the header.
- condition str
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is_
case_ boolsensitive - When enabled, the condition will be matched with case-sensitive rules.
- value str
- The value of the header.
- condition String
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case BooleanSensitive - When enabled, the condition will be matched with case-sensitive rules.
- value String
- The value of the header.
GetWaasPoliciesWaasPolicyWafConfigAccessRuleResponseHeaderManipulation
GetWaasPoliciesWaasPolicyWafConfigAddressRateLimiting
- Allowed
Rate intPer Address - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Delayed intCount Per Address - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- Allowed
Rate intPer Address - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Delayed intCount Per Address - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed
Rate IntegerPer Address - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response IntegerCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Delayed IntegerCount Per Address - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed
Rate numberPer Address - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response numberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Enabled boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Delayed numberCount Per Address - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed_
rate_ intper_ address - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block_
response_ intcode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is_
enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max_
delayed_ intcount_ per_ address - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed
Rate NumberPer Address - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response NumberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Delayed NumberCount Per Address - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
GetWaasPoliciesWaasPolicyWafConfigCachingRule
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Caching
Duration string - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Client
Caching stringDuration - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Criterias
List<Get
Waas Policies Waas Policy Waf Config Caching Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Is
Client boolCaching Enabled - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - Key string
- The unique key for the caching rule.
- Name string
- The unique name of the whitelist.
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Caching
Duration string - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Client
Caching stringDuration - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Criterias
[]Get
Waas Policies Waas Policy Waf Config Caching Rule Criteria - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Is
Client boolCaching Enabled - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - Key string
- The unique key for the caching rule.
- Name string
- The unique name of the whitelist.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching
Duration String - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching StringDuration - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
List<Get
Policies Policy Waf Config Caching Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is
Client BooleanCaching Enabled - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key String
- The unique key for the caching rule.
- name String
- The unique name of the whitelist.
- action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching
Duration string - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching stringDuration - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
Get
Waas Policies Waas Policy Waf Config Caching Rule Criteria[] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is
Client booleanCaching Enabled - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key string
- The unique key for the caching rule.
- name string
- The unique name of the whitelist.
- action str
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching_
duration str - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client_
caching_ strduration - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
Sequence[waas.
Get Waas Policies Waas Policy Waf Config Caching Rule Criteria] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is_
client_ boolcaching_ enabled - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key str
- The unique key for the caching rule.
- name str
- The unique name of the whitelist.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching
Duration String - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching StringDuration - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias List<Property Map>
- When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is
Client BooleanCaching Enabled - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key String
- The unique key for the caching rule.
- name String
- The unique name of the whitelist.
GetWaasPoliciesWaasPolicyWafConfigCachingRuleCriteria
- Condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- The value of the header.
- Condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value string
- The value of the header.
- condition String
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- The value of the header.
- condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value string
- The value of the header.
- condition str
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value str
- The value of the header.
- condition String
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value String
- The value of the header.
GetWaasPoliciesWaasPolicyWafConfigCaptcha
- Failure
Message string - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- string
- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- Header
Text string - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- Session
Expiration intIn Seconds - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - Submit
Label string - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - Title string
- The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- Url string
- The unique URL path at which to show the CAPTCHA challenge.
- Failure
Message string - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- string
- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- Header
Text string - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- Session
Expiration intIn Seconds - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - Submit
Label string - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - Title string
- The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- Url string
- The unique URL path at which to show the CAPTCHA challenge.
- failure
Message String - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- String
- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text String - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session
Expiration IntegerIn Seconds - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label String - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title String
- The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url String
- The unique URL path at which to show the CAPTCHA challenge.
- failure
Message string - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- string
- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text string - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session
Expiration numberIn Seconds - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label string - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title string
- The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url string
- The unique URL path at which to show the CAPTCHA challenge.
- failure_
message str - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- str
- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header_
text str - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session_
expiration_ intin_ seconds - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit_
label str - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title str
- The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url str
- The unique URL path at which to show the CAPTCHA challenge.
- failure
Message String - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
- String
- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text String - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session
Expiration NumberIn Seconds - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label String - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title String
- The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url String
- The unique URL path at which to show the CAPTCHA challenge.
GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRule
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Exclusions
List<Get
Waas Policies Waas Policy Waf Config Custom Protection Rule Exclusion> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Id string
- The OCID of the custom protection rule.
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Exclusions
[]Get
Waas Policies Waas Policy Waf Config Custom Protection Rule Exclusion - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Id string
- The OCID of the custom protection rule.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
List<Get
Policies Policy Waf Config Custom Protection Rule Exclusion> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id String
- The OCID of the custom protection rule.
- action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
Get
Waas Policies Waas Policy Waf Config Custom Protection Rule Exclusion[] - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id string
- The OCID of the custom protection rule.
- action str
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
Sequence[waas.
Get Waas Policies Waas Policy Waf Config Custom Protection Rule Exclusion] - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id str
- The OCID of the custom protection rule.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions List<Property Map>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id String
- The OCID of the custom protection rule.
GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRuleExclusion
- Exclusions List<string>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target string
- The target of the exclusion.
- Exclusions []string
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target string
- The target of the exclusion.
- exclusions List<String>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target String
- The target of the exclusion.
- exclusions string[]
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target string
- The target of the exclusion.
- exclusions Sequence[str]
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target str
- The target of the exclusion.
- exclusions List<String>
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target String
- The target of the exclusion.
GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallenge
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings List<GetWaas Policies Waas Policy Waf Config Device Fingerprint Challenge Challenge Setting> - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Address intCount - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - Max
Address intCount Expiration In Seconds - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings []GetWaas Policies Waas Policy Waf Config Device Fingerprint Challenge Challenge Setting - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Address intCount - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - Max
Address intCount Expiration In Seconds - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration IntegerIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings List<GetPolicies Policy Waf Config Device Fingerprint Challenge Challenge Setting> - The challenge settings if
action
is set toBLOCK
. - failure
Threshold Integer - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold IntegerExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Address IntegerCount - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address IntegerCount Expiration In Seconds - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration numberIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings GetWaas Policies Waas Policy Waf Config Device Fingerprint Challenge Challenge Setting[] - The challenge settings if
action
is set toBLOCK
. - failure
Threshold number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold numberExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is
Enabled boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Address numberCount - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address numberCount Expiration In Seconds - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action str
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ intin_ seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge_
settings Sequence[waas.Get Waas Policies Waas Policy Waf Config Device Fingerprint Challenge Challenge Setting] - The challenge settings if
action
is set toBLOCK
. - failure_
threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure_
threshold_ intexpiration_ in_ seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is_
enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max_
address_ intcount - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max_
address_ intcount_ expiration_ in_ seconds - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration NumberIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings List<Property Map> - The challenge settings if
action
is set toBLOCK
. - failure
Threshold Number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold NumberExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Address NumberCount - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address NumberCount Expiration In Seconds - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSetting
- Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ strpage_ description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - str
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallenge
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings List<GetWaas Policies Waas Policy Waf Config Human Interaction Challenge Challenge Setting> - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Interaction
Threshold int - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat boolEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Recording
Period intIn Seconds - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - Set
Http List<GetHeaders Waas Policies Waas Policy Waf Config Human Interaction Challenge Set Http Header> - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings []GetWaas Policies Waas Policy Waf Config Human Interaction Challenge Challenge Setting - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold intExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Interaction
Threshold int - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat boolEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Recording
Period intIn Seconds - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - Set
Http []GetHeaders Waas Policies Waas Policy Waf Config Human Interaction Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration IntegerIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings List<GetPolicies Policy Waf Config Human Interaction Challenge Challenge Setting> - The challenge settings if
action
is set toBLOCK
. - failure
Threshold Integer - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold IntegerExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold Integer - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat BooleanEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period IntegerIn Seconds - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http List<GetHeaders Policies Policy Waf Config Human Interaction Challenge Set Http Header> - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration numberIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings GetWaas Policies Waas Policy Waf Config Human Interaction Challenge Challenge Setting[] - The challenge settings if
action
is set toBLOCK
. - failure
Threshold number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold numberExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold number - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Enabled boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat booleanEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period numberIn Seconds - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http GetHeaders Waas Policies Waas Policy Waf Config Human Interaction Challenge Set Http Header[] - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action str
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ intin_ seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge_
settings Sequence[waas.Get Waas Policies Waas Policy Waf Config Human Interaction Challenge Challenge Setting] - The challenge settings if
action
is set toBLOCK
. - failure_
threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure_
threshold_ intexpiration_ in_ seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction_
threshold int - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is_
enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is_
nat_ boolenabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording_
period_ intin_ seconds - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set_
http_ Sequence[waas.headers Get Waas Policies Waas Policy Waf Config Human Interaction Challenge Set Http Header] - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration NumberIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings List<Property Map> - The challenge settings if
action
is set toBLOCK
. - failure
Threshold Number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold NumberExpiration In Seconds - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold Number - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat BooleanEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period NumberIn Seconds - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http List<Property Map>Headers - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeChallengeSetting
- Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ strpage_ description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - str
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
GetWaasPoliciesWaasPolicyWafConfigJsChallenge
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Are
Redirects boolChallenged - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- Challenge
Settings List<GetWaas Policies Waas Policy Waf Config Js Challenge Challenge Setting> - The challenge settings if
action
is set toBLOCK
. - Criterias
List<Get
Waas Policies Waas Policy Waf Config Js Challenge Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Failure
Threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat boolEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Set
Http List<GetHeaders Waas Policies Waas Policy Waf Config Js Challenge Set Http Header> - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- Action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration intIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Are
Redirects boolChallenged - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- Challenge
Settings []GetWaas Policies Waas Policy Waf Config Js Challenge Challenge Setting - The challenge settings if
action
is set toBLOCK
. - Criterias
[]Get
Waas Policies Waas Policy Waf Config Js Challenge Criteria - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Failure
Threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Is
Enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat boolEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Set
Http []GetHeaders Waas Policies Waas Policy Waf Config Js Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration IntegerIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects BooleanChallenged - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings List<GetPolicies Policy Waf Config Js Challenge Challenge Setting> - The challenge settings if
action
is set toBLOCK
. - criterias
List<Get
Policies Policy Waf Config Js Challenge Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold Integer - The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat BooleanEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http List<GetHeaders Policies Policy Waf Config Js Challenge Set Http Header> - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action string
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration numberIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects booleanChallenged - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings GetWaas Policies Waas Policy Waf Config Js Challenge Challenge Setting[] - The challenge settings if
action
is set toBLOCK
. - criterias
Get
Waas Policies Waas Policy Waf Config Js Challenge Criteria[] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold number - The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Enabled boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat booleanEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http GetHeaders Waas Policies Waas Policy Waf Config Js Challenge Set Http Header[] - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action str
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ intin_ seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are_
redirects_ boolchallenged - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge_
settings Sequence[waas.Get Waas Policies Waas Policy Waf Config Js Challenge Challenge Setting] - The challenge settings if
action
is set toBLOCK
. - criterias
Sequence[waas.
Get Waas Policies Waas Policy Waf Config Js Challenge Criteria] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure_
threshold int - The number of failed requests before taking action. If unspecified, defaults to
10
. - is_
enabled bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is_
nat_ boolenabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set_
http_ Sequence[waas.headers Get Waas Policies Waas Policy Waf Config Js Challenge Set Http Header] - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action String
- The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration NumberIn Seconds - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects BooleanChallenged - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings List<Property Map> - The challenge settings if
action
is set toBLOCK
. - criterias List<Property Map>
- When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold Number - The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Enabled Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat BooleanEnabled - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http List<Property Map>Headers - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
GetWaasPoliciesWaasPolicyWafConfigJsChallengeChallengeSetting
- Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - string
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit stringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ strpage_ description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - str
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ strlabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - String
- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit StringLabel - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
GetWaasPoliciesWaasPolicyWafConfigJsChallengeCriteria
- Condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case boolSensitive - When enabled, the condition will be matched with case-sensitive rules.
- Value string
- The value of the header.
- Condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case boolSensitive - When enabled, the condition will be matched with case-sensitive rules.
- Value string
- The value of the header.
- condition String
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case BooleanSensitive - When enabled, the condition will be matched with case-sensitive rules.
- value String
- The value of the header.
- condition string
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case booleanSensitive - When enabled, the condition will be matched with case-sensitive rules.
- value string
- The value of the header.
- condition str
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is_
case_ boolsensitive - When enabled, the condition will be matched with case-sensitive rules.
- value str
- The value of the header.
- condition String
- The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case BooleanSensitive - When enabled, the condition will be matched with case-sensitive rules.
- value String
- The value of the header.
GetWaasPoliciesWaasPolicyWafConfigJsChallengeSetHttpHeader
GetWaasPoliciesWaasPolicyWafConfigProtectionSetting
- Allowed
Http List<string>Methods - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Response boolInspected - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - Max
Argument intCount - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- Max
Name intLength Per Argument - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - Max
Response intSize In Ki B - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - Max
Total intName Length Of Arguments - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - Media
Types List<string> - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - Recommendations
Period intIn Days - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- Allowed
Http []stringMethods - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - Block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response intCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Response boolInspected - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - Max
Argument intCount - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- Max
Name intLength Per Argument - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - Max
Response intSize In Ki B - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - Max
Total intName Length Of Arguments - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - Media
Types []string - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - Recommendations
Period intIn Days - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed
Http List<String>Methods - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response IntegerCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response BooleanInspected - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max
Argument IntegerCount - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name IntegerLength Per Argument - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response IntegerSize In Ki B - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total IntegerName Length Of Arguments - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types List<String> - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations
Period IntegerIn Days - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed
Http string[]Methods - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error stringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error stringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error stringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response numberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response booleanInspected - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max
Argument numberCount - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name numberLength Per Argument - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response numberSize In Ki B - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total numberName Length Of Arguments - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types string[] - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations
Period numberIn Days - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed_
http_ Sequence[str]methods - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block_
action str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ strpage_ code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ strpage_ description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ strpage_ message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ intcode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is_
response_ boolinspected - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max_
argument_ intcount - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max_
name_ intlength_ per_ argument - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max_
response_ intsize_ in_ ki_ b - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max_
total_ intname_ length_ of_ arguments - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media_
types Sequence[str] - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations_
period_ intin_ days - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed
Http List<String>Methods - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error StringPage Code - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error StringPage Description - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error StringPage Message - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response NumberCode - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response BooleanInspected - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max
Argument NumberCount - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name NumberLength Per Argument - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response NumberSize In Ki B - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total NumberName Length Of Arguments - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types List<String> - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations
Period NumberIn Days - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
GetWaasPoliciesWaasPolicyWafConfigWhitelist
- Address
Lists List<string> - A list of OCID of IP address lists to include in the whitelist.
- Addresses List<string>
- A set of IP addresses or CIDR notations to include in the whitelist.
- Name string
- The unique name of the whitelist.
- Address
Lists []string - A list of OCID of IP address lists to include in the whitelist.
- Addresses []string
- A set of IP addresses or CIDR notations to include in the whitelist.
- Name string
- The unique name of the whitelist.
- address
Lists List<String> - A list of OCID of IP address lists to include in the whitelist.
- addresses List<String>
- A set of IP addresses or CIDR notations to include in the whitelist.
- name String
- The unique name of the whitelist.
- address
Lists string[] - A list of OCID of IP address lists to include in the whitelist.
- addresses string[]
- A set of IP addresses or CIDR notations to include in the whitelist.
- name string
- The unique name of the whitelist.
- address_
lists Sequence[str] - A list of OCID of IP address lists to include in the whitelist.
- addresses Sequence[str]
- A set of IP addresses or CIDR notations to include in the whitelist.
- name str
- The unique name of the whitelist.
- address
Lists List<String> - A list of OCID of IP address lists to include in the whitelist.
- addresses List<String>
- A set of IP addresses or CIDR notations to include in the whitelist.
- name String
- The unique name of the whitelist.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.