1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Waas
  5. getWaasPolicies
Oracle Cloud Infrastructure v2.11.0 published on Thursday, Sep 19, 2024 by Pulumi

oci.Waas.getWaasPolicies

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v2.11.0 published on Thursday, Sep 19, 2024 by Pulumi

    This data source provides the list of Waas Policies in Oracle Cloud Infrastructure Web Application Acceleration and Security service.

    Gets a list of WAAS policies.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as oci from "@pulumi/oci";
    
    const testWaasPolicies = oci.Waas.getWaasPolicies({
        compartmentId: compartmentId,
        displayNames: waasPolicyDisplayNames,
        ids: waasPolicyIds,
        states: waasPolicyStates,
        timeCreatedGreaterThanOrEqualTo: waasPolicyTimeCreatedGreaterThanOrEqualTo,
        timeCreatedLessThan: waasPolicyTimeCreatedLessThan,
    });
    
    import pulumi
    import pulumi_oci as oci
    
    test_waas_policies = oci.Waas.get_waas_policies(compartment_id=compartment_id,
        display_names=waas_policy_display_names,
        ids=waas_policy_ids,
        states=waas_policy_states,
        time_created_greater_than_or_equal_to=waas_policy_time_created_greater_than_or_equal_to,
        time_created_less_than=waas_policy_time_created_less_than)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/Waas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := Waas.GetWaasPolicies(ctx, &waas.GetWaasPoliciesArgs{
    			CompartmentId:                   compartmentId,
    			DisplayNames:                    waasPolicyDisplayNames,
    			Ids:                             waasPolicyIds,
    			States:                          waasPolicyStates,
    			TimeCreatedGreaterThanOrEqualTo: pulumi.StringRef(waasPolicyTimeCreatedGreaterThanOrEqualTo),
    			TimeCreatedLessThan:             pulumi.StringRef(waasPolicyTimeCreatedLessThan),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Oci = Pulumi.Oci;
    
    return await Deployment.RunAsync(() => 
    {
        var testWaasPolicies = Oci.Waas.GetWaasPolicies.Invoke(new()
        {
            CompartmentId = compartmentId,
            DisplayNames = waasPolicyDisplayNames,
            Ids = waasPolicyIds,
            States = waasPolicyStates,
            TimeCreatedGreaterThanOrEqualTo = waasPolicyTimeCreatedGreaterThanOrEqualTo,
            TimeCreatedLessThan = waasPolicyTimeCreatedLessThan,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.Waas.WaasFunctions;
    import com.pulumi.oci.Waas.inputs.GetWaasPoliciesArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var testWaasPolicies = WaasFunctions.getWaasPolicies(GetWaasPoliciesArgs.builder()
                .compartmentId(compartmentId)
                .displayNames(waasPolicyDisplayNames)
                .ids(waasPolicyIds)
                .states(waasPolicyStates)
                .timeCreatedGreaterThanOrEqualTo(waasPolicyTimeCreatedGreaterThanOrEqualTo)
                .timeCreatedLessThan(waasPolicyTimeCreatedLessThan)
                .build());
    
        }
    }
    
    variables:
      testWaasPolicies:
        fn::invoke:
          Function: oci:Waas:getWaasPolicies
          Arguments:
            compartmentId: ${compartmentId}
            displayNames: ${waasPolicyDisplayNames}
            ids: ${waasPolicyIds}
            states: ${waasPolicyStates}
            timeCreatedGreaterThanOrEqualTo: ${waasPolicyTimeCreatedGreaterThanOrEqualTo}
            timeCreatedLessThan: ${waasPolicyTimeCreatedLessThan}
    

    Using getWaasPolicies

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getWaasPolicies(args: GetWaasPoliciesArgs, opts?: InvokeOptions): Promise<GetWaasPoliciesResult>
    function getWaasPoliciesOutput(args: GetWaasPoliciesOutputArgs, opts?: InvokeOptions): Output<GetWaasPoliciesResult>
    def get_waas_policies(compartment_id: Optional[str] = None,
                          display_names: Optional[Sequence[str]] = None,
                          filters: Optional[Sequence[_waas.GetWaasPoliciesFilter]] = None,
                          ids: Optional[Sequence[str]] = None,
                          states: Optional[Sequence[str]] = None,
                          time_created_greater_than_or_equal_to: Optional[str] = None,
                          time_created_less_than: Optional[str] = None,
                          opts: Optional[InvokeOptions] = None) -> GetWaasPoliciesResult
    def get_waas_policies_output(compartment_id: Optional[pulumi.Input[str]] = None,
                          display_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                          filters: Optional[pulumi.Input[Sequence[pulumi.Input[_waas.GetWaasPoliciesFilterArgs]]]] = None,
                          ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                          states: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                          time_created_greater_than_or_equal_to: Optional[pulumi.Input[str]] = None,
                          time_created_less_than: Optional[pulumi.Input[str]] = None,
                          opts: Optional[InvokeOptions] = None) -> Output[GetWaasPoliciesResult]
    func GetWaasPolicies(ctx *Context, args *GetWaasPoliciesArgs, opts ...InvokeOption) (*GetWaasPoliciesResult, error)
    func GetWaasPoliciesOutput(ctx *Context, args *GetWaasPoliciesOutputArgs, opts ...InvokeOption) GetWaasPoliciesResultOutput

    > Note: This function is named GetWaasPolicies in the Go SDK.

    public static class GetWaasPolicies 
    {
        public static Task<GetWaasPoliciesResult> InvokeAsync(GetWaasPoliciesArgs args, InvokeOptions? opts = null)
        public static Output<GetWaasPoliciesResult> Invoke(GetWaasPoliciesInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetWaasPoliciesResult> getWaasPolicies(GetWaasPoliciesArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: oci:Waas/getWaasPolicies:getWaasPolicies
      arguments:
        # arguments dictionary

    The following arguments are supported:

    CompartmentId string
    The OCID of the compartment. This number is generated when the compartment is created.
    DisplayNames List<string>
    Filter policies using a list of display names.
    Filters List<GetWaasPoliciesFilter>
    Ids List<string>
    Filter policies using a list of policy OCIDs.
    States List<string>
    Filter policies using a list of lifecycle states.
    TimeCreatedGreaterThanOrEqualTo string
    A filter that matches policies created on or after the specified date and time.
    TimeCreatedLessThan string
    A filter that matches policies created before the specified date-time.
    CompartmentId string
    The OCID of the compartment. This number is generated when the compartment is created.
    DisplayNames []string
    Filter policies using a list of display names.
    Filters []GetWaasPoliciesFilter
    Ids []string
    Filter policies using a list of policy OCIDs.
    States []string
    Filter policies using a list of lifecycle states.
    TimeCreatedGreaterThanOrEqualTo string
    A filter that matches policies created on or after the specified date and time.
    TimeCreatedLessThan string
    A filter that matches policies created before the specified date-time.
    compartmentId String
    The OCID of the compartment. This number is generated when the compartment is created.
    displayNames List<String>
    Filter policies using a list of display names.
    filters List<GetPoliciesFilter>
    ids List<String>
    Filter policies using a list of policy OCIDs.
    states List<String>
    Filter policies using a list of lifecycle states.
    timeCreatedGreaterThanOrEqualTo String
    A filter that matches policies created on or after the specified date and time.
    timeCreatedLessThan String
    A filter that matches policies created before the specified date-time.
    compartmentId string
    The OCID of the compartment. This number is generated when the compartment is created.
    displayNames string[]
    Filter policies using a list of display names.
    filters GetWaasPoliciesFilter[]
    ids string[]
    Filter policies using a list of policy OCIDs.
    states string[]
    Filter policies using a list of lifecycle states.
    timeCreatedGreaterThanOrEqualTo string
    A filter that matches policies created on or after the specified date and time.
    timeCreatedLessThan string
    A filter that matches policies created before the specified date-time.
    compartment_id str
    The OCID of the compartment. This number is generated when the compartment is created.
    display_names Sequence[str]
    Filter policies using a list of display names.
    filters Sequence[waas.GetWaasPoliciesFilter]
    ids Sequence[str]
    Filter policies using a list of policy OCIDs.
    states Sequence[str]
    Filter policies using a list of lifecycle states.
    time_created_greater_than_or_equal_to str
    A filter that matches policies created on or after the specified date and time.
    time_created_less_than str
    A filter that matches policies created before the specified date-time.
    compartmentId String
    The OCID of the compartment. This number is generated when the compartment is created.
    displayNames List<String>
    Filter policies using a list of display names.
    filters List<Property Map>
    ids List<String>
    Filter policies using a list of policy OCIDs.
    states List<String>
    Filter policies using a list of lifecycle states.
    timeCreatedGreaterThanOrEqualTo String
    A filter that matches policies created on or after the specified date and time.
    timeCreatedLessThan String
    A filter that matches policies created before the specified date-time.

    getWaasPolicies Result

    The following output properties are available:

    CompartmentId string
    The OCID of the WAAS policy's compartment.
    Id string
    The provider-assigned unique ID for this managed resource.
    WaasPolicies List<GetWaasPoliciesWaasPolicy>
    The list of waas_policies.
    DisplayNames List<string>
    Filters List<GetWaasPoliciesFilter>
    Ids List<string>
    States List<string>
    TimeCreatedGreaterThanOrEqualTo string
    TimeCreatedLessThan string
    CompartmentId string
    The OCID of the WAAS policy's compartment.
    Id string
    The provider-assigned unique ID for this managed resource.
    WaasPolicies []GetWaasPoliciesWaasPolicy
    The list of waas_policies.
    DisplayNames []string
    Filters []GetWaasPoliciesFilter
    Ids []string
    States []string
    TimeCreatedGreaterThanOrEqualTo string
    TimeCreatedLessThan string
    compartmentId String
    The OCID of the WAAS policy's compartment.
    id String
    The provider-assigned unique ID for this managed resource.
    waasPolicies List<GetPoliciesPolicy>
    The list of waas_policies.
    displayNames List<String>
    filters List<GetPoliciesFilter>
    ids List<String>
    states List<String>
    timeCreatedGreaterThanOrEqualTo String
    timeCreatedLessThan String
    compartmentId string
    The OCID of the WAAS policy's compartment.
    id string
    The provider-assigned unique ID for this managed resource.
    waasPolicies GetWaasPoliciesWaasPolicy[]
    The list of waas_policies.
    displayNames string[]
    filters GetWaasPoliciesFilter[]
    ids string[]
    states string[]
    timeCreatedGreaterThanOrEqualTo string
    timeCreatedLessThan string
    compartment_id str
    The OCID of the WAAS policy's compartment.
    id str
    The provider-assigned unique ID for this managed resource.
    waas_policies Sequence[waas.GetWaasPoliciesWaasPolicy]
    The list of waas_policies.
    display_names Sequence[str]
    filters Sequence[waas.GetWaasPoliciesFilter]
    ids Sequence[str]
    states Sequence[str]
    time_created_greater_than_or_equal_to str
    time_created_less_than str
    compartmentId String
    The OCID of the WAAS policy's compartment.
    id String
    The provider-assigned unique ID for this managed resource.
    waasPolicies List<Property Map>
    The list of waas_policies.
    displayNames List<String>
    filters List<Property Map>
    ids List<String>
    states List<String>
    timeCreatedGreaterThanOrEqualTo String
    timeCreatedLessThan String

    Supporting Types

    GetWaasPoliciesFilter

    Name string
    The unique name of the whitelist.
    Values List<string>
    Regex bool
    Name string
    The unique name of the whitelist.
    Values []string
    Regex bool
    name String
    The unique name of the whitelist.
    values List<String>
    regex Boolean
    name string
    The unique name of the whitelist.
    values string[]
    regex boolean
    name str
    The unique name of the whitelist.
    values Sequence[str]
    regex bool
    name String
    The unique name of the whitelist.
    values List<String>
    regex Boolean

    GetWaasPoliciesWaasPolicy

    AdditionalDomains List<string>
    An array of additional domains for this web application.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    CompartmentId string
    The OCID of the compartment. This number is generated when the compartment is created.
    DefinedTags Dictionary<string, string>
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    FreeformTags Dictionary<string, string>
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    Id string
    The OCID of the custom protection rule.
    OriginGroups List<GetWaasPoliciesWaasPolicyOriginGroup>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins List<GetWaasPoliciesWaasPolicyOrigin>
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    PolicyConfigs List<GetWaasPoliciesWaasPolicyPolicyConfig>
    The configuration details for the WAAS policy.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    WafConfigs List<GetWaasPoliciesWaasPolicyWafConfig>
    The Web Application Firewall configuration for the WAAS policy.
    AdditionalDomains []string
    An array of additional domains for this web application.
    Cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    CompartmentId string
    The OCID of the compartment. This number is generated when the compartment is created.
    DefinedTags map[string]string
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DisplayName string
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    FreeformTags map[string]string
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    Id string
    The OCID of the custom protection rule.
    OriginGroups []GetWaasPoliciesWaasPolicyOriginGroup
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    Origins []GetWaasPoliciesWaasPolicyOrigin
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    PolicyConfigs []GetWaasPoliciesWaasPolicyPolicyConfig
    The configuration details for the WAAS policy.
    State string
    The current lifecycle state of the WAAS policy.
    TimeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    WafConfigs []GetWaasPoliciesWaasPolicyWafConfig
    The Web Application Firewall configuration for the WAAS policy.
    additionalDomains List<String>
    An array of additional domains for this web application.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId String
    The OCID of the compartment. This number is generated when the compartment is created.
    definedTags Map<String,String>
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeformTags Map<String,String>
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id String
    The OCID of the custom protection rule.
    originGroups List<GetPoliciesPolicyOriginGroup>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<GetPoliciesPolicyOrigin>
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policyConfigs List<GetPoliciesPolicyPolicyConfig>
    The configuration details for the WAAS policy.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    wafConfigs List<GetPoliciesPolicyWafConfig>
    The Web Application Firewall configuration for the WAAS policy.
    additionalDomains string[]
    An array of additional domains for this web application.
    cname string
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId string
    The OCID of the compartment. This number is generated when the compartment is created.
    definedTags {[key: string]: string}
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName string
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeformTags {[key: string]: string}
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id string
    The OCID of the custom protection rule.
    originGroups GetWaasPoliciesWaasPolicyOriginGroup[]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins GetWaasPoliciesWaasPolicyOrigin[]
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policyConfigs GetWaasPoliciesWaasPolicyPolicyConfig[]
    The configuration details for the WAAS policy.
    state string
    The current lifecycle state of the WAAS policy.
    timeCreated string
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    wafConfigs GetWaasPoliciesWaasPolicyWafConfig[]
    The Web Application Firewall configuration for the WAAS policy.
    additional_domains Sequence[str]
    An array of additional domains for this web application.
    cname str
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartment_id str
    The OCID of the compartment. This number is generated when the compartment is created.
    defined_tags Mapping[str, str]
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    display_name str
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain str
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeform_tags Mapping[str, str]
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id str
    The OCID of the custom protection rule.
    origin_groups Sequence[waas.GetWaasPoliciesWaasPolicyOriginGroup]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins Sequence[waas.GetWaasPoliciesWaasPolicyOrigin]
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policy_configs Sequence[waas.GetWaasPoliciesWaasPolicyPolicyConfig]
    The configuration details for the WAAS policy.
    state str
    The current lifecycle state of the WAAS policy.
    time_created str
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    waf_configs Sequence[waas.GetWaasPoliciesWaasPolicyWafConfig]
    The Web Application Firewall configuration for the WAAS policy.
    additionalDomains List<String>
    An array of additional domains for this web application.
    cname String
    The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
    compartmentId String
    The OCID of the compartment. This number is generated when the compartment is created.
    definedTags Map<String>
    Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    displayName String
    The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    freeformTags Map<String>
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    id String
    The OCID of the custom protection rule.
    originGroups List<Property Map>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    origins List<Property Map>
    A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
    policyConfigs List<Property Map>
    The configuration details for the WAAS policy.
    state String
    The current lifecycle state of the WAAS policy.
    timeCreated String
    The date and time the policy was created, expressed in RFC 3339 timestamp format.
    wafConfigs List<Property Map>
    The Web Application Firewall configuration for the WAAS policy.

    GetWaasPoliciesWaasPolicyOrigin

    CustomHeaders List<GetWaasPoliciesWaasPolicyOriginCustomHeader>
    A list of HTTP headers to forward to your origin.
    HttpPort int
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    HttpsPort int
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    Label string
    Uri string
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    CustomHeaders []GetWaasPoliciesWaasPolicyOriginCustomHeader
    A list of HTTP headers to forward to your origin.
    HttpPort int
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    HttpsPort int
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    Label string
    Uri string
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    customHeaders List<GetPoliciesPolicyOriginCustomHeader>
    A list of HTTP headers to forward to your origin.
    httpPort Integer
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort Integer
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label String
    uri String
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    customHeaders GetWaasPoliciesWaasPolicyOriginCustomHeader[]
    A list of HTTP headers to forward to your origin.
    httpPort number
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort number
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label string
    uri string
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    custom_headers Sequence[waas.GetWaasPoliciesWaasPolicyOriginCustomHeader]
    A list of HTTP headers to forward to your origin.
    http_port int
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    https_port int
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label str
    uri str
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
    customHeaders List<Property Map>
    A list of HTTP headers to forward to your origin.
    httpPort Number
    The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
    httpsPort Number
    The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
    label String
    uri String
    The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.

    GetWaasPoliciesWaasPolicyOriginCustomHeader

    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.
    name string
    The unique name of the whitelist.
    value string
    The value of the header.
    name str
    The unique name of the whitelist.
    value str
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyOriginGroup

    GetWaasPoliciesWaasPolicyOriginGroupOriginGroup

    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    Weight int
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    Weight int
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight Integer
    origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight number
    origin str
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight int
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    weight Number

    GetWaasPoliciesWaasPolicyPolicyConfig

    CertificateId string
    The OCID of the SSL certificate to use if HTTPS is supported.
    CipherGroup string
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ClientAddressHeader string
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    HealthChecks List<GetWaasPoliciesWaasPolicyPolicyConfigHealthCheck>
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    IsBehindCdn bool
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    IsCacheControlRespected bool
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    IsHttpsEnabled bool
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    IsHttpsForced bool
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    IsOriginCompressionEnabled bool
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    IsResponseBufferingEnabled bool
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    IsSniEnabled bool
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    LoadBalancingMethods List<GetWaasPoliciesWaasPolicyPolicyConfigLoadBalancingMethod>
    An object that represents a load balancing method and its properties.
    TlsProtocols List<string>
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    WebsocketPathPrefixes List<string>
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    CertificateId string
    The OCID of the SSL certificate to use if HTTPS is supported.
    CipherGroup string
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ClientAddressHeader string
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    HealthChecks []GetWaasPoliciesWaasPolicyPolicyConfigHealthCheck
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    IsBehindCdn bool
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    IsCacheControlRespected bool
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    IsHttpsEnabled bool
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    IsHttpsForced bool
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    IsOriginCompressionEnabled bool
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    IsResponseBufferingEnabled bool
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    IsSniEnabled bool
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    LoadBalancingMethods []GetWaasPoliciesWaasPolicyPolicyConfigLoadBalancingMethod
    An object that represents a load balancing method and its properties.
    TlsProtocols []string
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    WebsocketPathPrefixes []string
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId String
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup String
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader String
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    healthChecks List<GetPoliciesPolicyPolicyConfigHealthCheck>
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn Boolean
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected Boolean
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled Boolean
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced Boolean
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled Boolean
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled Boolean
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled Boolean
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethods List<GetPoliciesPolicyPolicyConfigLoadBalancingMethod>
    An object that represents a load balancing method and its properties.
    tlsProtocols List<String>
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocketPathPrefixes List<String>
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId string
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup string
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader string
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    healthChecks GetWaasPoliciesWaasPolicyPolicyConfigHealthCheck[]
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn boolean
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected boolean
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled boolean
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced boolean
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled boolean
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled boolean
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled boolean
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethods GetWaasPoliciesWaasPolicyPolicyConfigLoadBalancingMethod[]
    An object that represents a load balancing method and its properties.
    tlsProtocols string[]
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocketPathPrefixes string[]
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificate_id str
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipher_group str
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    client_address_header str
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    health_checks Sequence[waas.GetWaasPoliciesWaasPolicyPolicyConfigHealthCheck]
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    is_behind_cdn bool
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    is_cache_control_respected bool
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    is_https_enabled bool
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    is_https_forced bool
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    is_origin_compression_enabled bool
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    is_response_buffering_enabled bool
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    is_sni_enabled bool
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    load_balancing_methods Sequence[waas.GetWaasPoliciesWaasPolicyPolicyConfigLoadBalancingMethod]
    An object that represents a load balancing method and its properties.
    tls_protocols Sequence[str]
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocket_path_prefixes Sequence[str]
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
    certificateId String
    The OCID of the SSL certificate to use if HTTPS is supported.
    cipherGroup String
    The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

    • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    clientAddressHeader String
    Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
    healthChecks List<Property Map>
    Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
    isBehindCdn Boolean
    Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
    isCacheControlRespected Boolean
    Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
    isHttpsEnabled Boolean
    Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
    isHttpsForced Boolean
    Force HTTP to HTTPS redirection. If unspecified, defaults to false.
    isOriginCompressionEnabled Boolean
    Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
    isResponseBufferingEnabled Boolean
    Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
    isSniEnabled Boolean
    SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
    loadBalancingMethods List<Property Map>
    An object that represents a load balancing method and its properties.
    tlsProtocols List<String>
    A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

    • TLS_V1: corresponds to TLS 1.0 specification.
    • TLS_V1_1: corresponds to TLS 1.1 specification.
    • TLS_V1_2: corresponds to TLS 1.2 specification.
    • TLS_V1_3: corresponds to TLS 1.3 specification.
    websocketPathPrefixes List<String>
    ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.

    GetWaasPoliciesWaasPolicyPolicyConfigHealthCheck

    ExpectedResponseCodeGroups List<string>
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    ExpectedResponseText string
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    Headers Dictionary<string, string>
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    HealthyThreshold int
    Number of successful health checks after which the server is marked up.
    IntervalInSeconds int
    Time between health checks of an individual origin server, in seconds.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsResponseTextCheckEnabled bool
    Enables or disables additional check for predefined text in addition to response code.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Path string
    Path to visit on your origins when performing the health check.
    TimeoutInSeconds int
    Response timeout represents wait time until request is considered failed, in seconds.
    UnhealthyThreshold int
    Number of failed health checks after which the server is marked down.
    ExpectedResponseCodeGroups []string
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    ExpectedResponseText string
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    Headers map[string]string
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    HealthyThreshold int
    Number of successful health checks after which the server is marked up.
    IntervalInSeconds int
    Time between health checks of an individual origin server, in seconds.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsResponseTextCheckEnabled bool
    Enables or disables additional check for predefined text in addition to response code.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Path string
    Path to visit on your origins when performing the health check.
    TimeoutInSeconds int
    Response timeout represents wait time until request is considered failed, in seconds.
    UnhealthyThreshold int
    Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups List<String>
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText String
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Map<String,String>
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthyThreshold Integer
    Number of successful health checks after which the server is marked up.
    intervalInSeconds Integer
    Time between health checks of an individual origin server, in seconds.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isResponseTextCheckEnabled Boolean
    Enables or disables additional check for predefined text in addition to response code.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path String
    Path to visit on your origins when performing the health check.
    timeoutInSeconds Integer
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold Integer
    Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups string[]
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText string
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers {[key: string]: string}
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthyThreshold number
    Number of successful health checks after which the server is marked up.
    intervalInSeconds number
    Time between health checks of an individual origin server, in seconds.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isResponseTextCheckEnabled boolean
    Enables or disables additional check for predefined text in addition to response code.
    method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path string
    Path to visit on your origins when performing the health check.
    timeoutInSeconds number
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold number
    Number of failed health checks after which the server is marked down.
    expected_response_code_groups Sequence[str]
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expected_response_text str
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Mapping[str, str]
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthy_threshold int
    Number of successful health checks after which the server is marked up.
    interval_in_seconds int
    Time between health checks of an individual origin server, in seconds.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    is_response_text_check_enabled bool
    Enables or disables additional check for predefined text in addition to response code.
    method str
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path str
    Path to visit on your origins when performing the health check.
    timeout_in_seconds int
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthy_threshold int
    Number of failed health checks after which the server is marked down.
    expectedResponseCodeGroups List<String>
    The HTTP response codes that signify a healthy state.

    • 2XX: Success response code group.
    • 3XX: Redirection response code group.
    • 4XX: Client errors response code group.
    • 5XX: Server errors response code group.
    expectedResponseText String
    Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
    headers Map<String>
    HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
    healthyThreshold Number
    Number of successful health checks after which the server is marked up.
    intervalInSeconds Number
    Time between health checks of an individual origin server, in seconds.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isResponseTextCheckEnabled Boolean
    Enables or disables additional check for predefined text in addition to response code.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    path String
    Path to visit on your origins when performing the health check.
    timeoutInSeconds Number
    Response timeout represents wait time until request is considered failed, in seconds.
    unhealthyThreshold Number
    Number of failed health checks after which the server is marked down.

    GetWaasPoliciesWaasPolicyPolicyConfigLoadBalancingMethod

    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    ExpirationTimeInSeconds int
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Name string
    The unique name of the whitelist.
    Domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    ExpirationTimeInSeconds int
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    Method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    Name string
    The unique name of the whitelist.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds Integer
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name String
    The unique name of the whitelist.
    domain string
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds number
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method string
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name string
    The unique name of the whitelist.
    domain str
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expiration_time_in_seconds int
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method str
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name str
    The unique name of the whitelist.
    domain String
    The domain for which the cookie is set, defaults to WAAS policy domain.
    expirationTimeInSeconds Number
    The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
    method String
    Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

    • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
    • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
    • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
    name String
    The unique name of the whitelist.

    GetWaasPoliciesWaasPolicyWafConfig

    AccessRules List<GetWaasPoliciesWaasPolicyWafConfigAccessRule>
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    AddressRateLimitings List<GetWaasPoliciesWaasPolicyWafConfigAddressRateLimiting>
    The IP address rate limiting settings used to limit the number of requests from an address.
    CachingRules List<GetWaasPoliciesWaasPolicyWafConfigCachingRule>
    A list of caching rules applied to the web application.
    Captchas List<GetWaasPoliciesWaasPolicyWafConfigCaptcha>
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    CustomProtectionRules List<GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRule>
    A list of the custom protection rule OCIDs and their actions.
    DeviceFingerprintChallenges List<GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallenge>
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    HumanInteractionChallenges List<GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallenge>
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    JsChallenges List<GetWaasPoliciesWaasPolicyWafConfigJsChallenge>
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    OriginGroups List<string>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    ProtectionSettings List<GetWaasPoliciesWaasPolicyWafConfigProtectionSetting>
    The settings to apply to protection rules.
    Whitelists List<GetWaasPoliciesWaasPolicyWafConfigWhitelist>
    A list of IP addresses that bypass the Web Application Firewall.
    AccessRules []GetWaasPoliciesWaasPolicyWafConfigAccessRule
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    AddressRateLimitings []GetWaasPoliciesWaasPolicyWafConfigAddressRateLimiting
    The IP address rate limiting settings used to limit the number of requests from an address.
    CachingRules []GetWaasPoliciesWaasPolicyWafConfigCachingRule
    A list of caching rules applied to the web application.
    Captchas []GetWaasPoliciesWaasPolicyWafConfigCaptcha
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    CustomProtectionRules []GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRule
    A list of the custom protection rule OCIDs and their actions.
    DeviceFingerprintChallenges []GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallenge
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    HumanInteractionChallenges []GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallenge
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    JsChallenges []GetWaasPoliciesWaasPolicyWafConfigJsChallenge
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    Origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    OriginGroups []string
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    ProtectionSettings []GetWaasPoliciesWaasPolicyWafConfigProtectionSetting
    The settings to apply to protection rules.
    Whitelists []GetWaasPoliciesWaasPolicyWafConfigWhitelist
    A list of IP addresses that bypass the Web Application Firewall.
    accessRules List<GetPoliciesPolicyWafConfigAccessRule>
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    addressRateLimitings List<GetPoliciesPolicyWafConfigAddressRateLimiting>
    The IP address rate limiting settings used to limit the number of requests from an address.
    cachingRules List<GetPoliciesPolicyWafConfigCachingRule>
    A list of caching rules applied to the web application.
    captchas List<GetPoliciesPolicyWafConfigCaptcha>
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    customProtectionRules List<GetPoliciesPolicyWafConfigCustomProtectionRule>
    A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenges List<GetPoliciesPolicyWafConfigDeviceFingerprintChallenge>
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    humanInteractionChallenges List<GetPoliciesPolicyWafConfigHumanInteractionChallenge>
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenges List<GetPoliciesPolicyWafConfigJsChallenge>
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    originGroups List<String>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings List<GetPoliciesPolicyWafConfigProtectionSetting>
    The settings to apply to protection rules.
    whitelists List<GetPoliciesPolicyWafConfigWhitelist>
    A list of IP addresses that bypass the Web Application Firewall.
    accessRules GetWaasPoliciesWaasPolicyWafConfigAccessRule[]
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    addressRateLimitings GetWaasPoliciesWaasPolicyWafConfigAddressRateLimiting[]
    The IP address rate limiting settings used to limit the number of requests from an address.
    cachingRules GetWaasPoliciesWaasPolicyWafConfigCachingRule[]
    A list of caching rules applied to the web application.
    captchas GetWaasPoliciesWaasPolicyWafConfigCaptcha[]
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    customProtectionRules GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRule[]
    A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenges GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallenge[]
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    humanInteractionChallenges GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallenge[]
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenges GetWaasPoliciesWaasPolicyWafConfigJsChallenge[]
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin string
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    originGroups string[]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings GetWaasPoliciesWaasPolicyWafConfigProtectionSetting[]
    The settings to apply to protection rules.
    whitelists GetWaasPoliciesWaasPolicyWafConfigWhitelist[]
    A list of IP addresses that bypass the Web Application Firewall.
    access_rules Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigAccessRule]
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    address_rate_limitings Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigAddressRateLimiting]
    The IP address rate limiting settings used to limit the number of requests from an address.
    caching_rules Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigCachingRule]
    A list of caching rules applied to the web application.
    captchas Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigCaptcha]
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    custom_protection_rules Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRule]
    A list of the custom protection rule OCIDs and their actions.
    device_fingerprint_challenges Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallenge]
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    human_interaction_challenges Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallenge]
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    js_challenges Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigJsChallenge]
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin str
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    origin_groups Sequence[str]
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protection_settings Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigProtectionSetting]
    The settings to apply to protection rules.
    whitelists Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigWhitelist]
    A list of IP addresses that bypass the Web Application Firewall.
    accessRules List<Property Map>
    The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
    addressRateLimitings List<Property Map>
    The IP address rate limiting settings used to limit the number of requests from an address.
    cachingRules List<Property Map>
    A list of caching rules applied to the web application.
    captchas List<Property Map>
    A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
    customProtectionRules List<Property Map>
    A list of the custom protection rule OCIDs and their actions.
    deviceFingerprintChallenges List<Property Map>
    The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
    humanInteractionChallenges List<Property Map>
    The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
    jsChallenges List<Property Map>
    The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
    origin String
    The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
    originGroups List<String>
    The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
    protectionSettings List<Property Map>
    The settings to apply to protection rules.
    whitelists List<Property Map>
    A list of IP addresses that bypass the Web Application Firewall.

    GetWaasPoliciesWaasPolicyWafConfigAccessRule

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    BypassChallenges List<string>
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    Criterias List<GetWaasPoliciesWaasPolicyWafConfigAccessRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    Name string
    The unique name of the whitelist.
    RedirectResponseCode string
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    RedirectUrl string
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    ResponseHeaderManipulations List<GetWaasPoliciesWaasPolicyWafConfigAccessRuleResponseHeaderManipulation>
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    BypassChallenges []string
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    Criterias []GetWaasPoliciesWaasPolicyWafConfigAccessRuleCriteria
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    Name string
    The unique name of the whitelist.
    RedirectResponseCode string
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    RedirectUrl string
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    ResponseHeaderManipulations []GetWaasPoliciesWaasPolicyWafConfigAccessRuleResponseHeaderManipulation
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypassChallenges List<String>
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias List<GetPoliciesPolicyWafConfigAccessRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name String
    The unique name of the whitelist.
    redirectResponseCode String
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl String
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations List<GetPoliciesPolicyWafConfigAccessRuleResponseHeaderManipulation>
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypassChallenges string[]
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias GetWaasPoliciesWaasPolicyWafConfigAccessRuleCriteria[]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name string
    The unique name of the whitelist.
    redirectResponseCode string
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl string
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations GetWaasPoliciesWaasPolicyWafConfigAccessRuleResponseHeaderManipulation[]
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypass_challenges Sequence[str]
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigAccessRuleCriteria]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name str
    The unique name of the whitelist.
    redirect_response_code str
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirect_url str
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    response_header_manipulations Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigAccessRuleResponseHeaderManipulation]
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    bypassChallenges List<String>
    The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

    • JS_CHALLENGE: Bypasses JavaScript Challenge.
    • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
    • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
    • CAPTCHA: Bypasses CAPTCHA Challenge.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    criterias List<Property Map>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    name String
    The unique name of the whitelist.
    redirectResponseCode String
    The response status code to return when action is set to REDIRECT.

    • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
    • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
    redirectUrl String
    The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
    responseHeaderManipulations List<Property Map>
    An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

    GetWaasPoliciesWaasPolicyWafConfigAccessRuleCriteria

    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.
    condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value string
    The value of the header.
    condition str
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    is_case_sensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    value str
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyWafConfigAccessRuleResponseHeaderManipulation

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Header string
    A header field name that conforms to RFC 7230. Example: example_header_name
    Value string
    The value of the header.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Header string
    A header field name that conforms to RFC 7230. Example: example_header_name
    Value string
    The value of the header.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header String
    A header field name that conforms to RFC 7230. Example: example_header_name
    value String
    The value of the header.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header string
    A header field name that conforms to RFC 7230. Example: example_header_name
    value string
    The value of the header.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header str
    A header field name that conforms to RFC 7230. Example: example_header_name
    value str
    The value of the header.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    header String
    A header field name that conforms to RFC 7230. Example: example_header_name
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyWafConfigAddressRateLimiting

    AllowedRatePerAddress int
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxDelayedCountPerAddress int
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    AllowedRatePerAddress int
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxDelayedCountPerAddress int
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowedRatePerAddress Integer
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxDelayedCountPerAddress Integer
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowedRatePerAddress number
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxDelayedCountPerAddress number
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowed_rate_per_address int
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    max_delayed_count_per_address int
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
    allowedRatePerAddress Number
    The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxDelayedCountPerAddress Number
    The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

    GetWaasPoliciesWaasPolicyWafConfigCachingRule

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    CachingDuration string
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    ClientCachingDuration string
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    Criterias List<GetWaasPoliciesWaasPolicyWafConfigCachingRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    IsClientCachingEnabled bool
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    Key string
    The unique key for the caching rule.
    Name string
    The unique name of the whitelist.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    CachingDuration string
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    ClientCachingDuration string
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    Criterias []GetWaasPoliciesWaasPolicyWafConfigCachingRuleCriteria
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    IsClientCachingEnabled bool
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    Key string
    The unique key for the caching rule.
    Name string
    The unique name of the whitelist.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    cachingDuration String
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration String
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias List<GetPoliciesPolicyWafConfigCachingRuleCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    isClientCachingEnabled Boolean
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key String
    The unique key for the caching rule.
    name String
    The unique name of the whitelist.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    cachingDuration string
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration string
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias GetWaasPoliciesWaasPolicyWafConfigCachingRuleCriteria[]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    isClientCachingEnabled boolean
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key string
    The unique key for the caching rule.
    name string
    The unique name of the whitelist.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    caching_duration str
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    client_caching_duration str
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigCachingRuleCriteria]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    is_client_caching_enabled bool
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key str
    The unique key for the caching rule.
    name str
    The unique name of the whitelist.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    cachingDuration String
    The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    clientCachingDuration String
    The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
    criterias List<Property Map>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    isClientCachingEnabled Boolean
    Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
    key String
    The unique key for the caching rule.
    name String
    The unique name of the whitelist.

    GetWaasPoliciesWaasPolicyWafConfigCachingRuleCriteria

    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    Value string
    The value of the header.
    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    Value string
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value String
    The value of the header.
    condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value string
    The value of the header.
    condition str
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value str
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyWafConfigCaptcha

    FailureMessage string
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    FooterText string
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    HeaderText string
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    SessionExpirationInSeconds int
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    SubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    Title string
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    Url string
    The unique URL path at which to show the CAPTCHA challenge.
    FailureMessage string
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    FooterText string
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    HeaderText string
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    SessionExpirationInSeconds int
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    SubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    Title string
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    Url string
    The unique URL path at which to show the CAPTCHA challenge.
    failureMessage String
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footerText String
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText String
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    sessionExpirationInSeconds Integer
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel String
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title String
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url String
    The unique URL path at which to show the CAPTCHA challenge.
    failureMessage string
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footerText string
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText string
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    sessionExpirationInSeconds number
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel string
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title string
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url string
    The unique URL path at which to show the CAPTCHA challenge.
    failure_message str
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footer_text str
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    header_text str
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    session_expiration_in_seconds int
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submit_label str
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title str
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url str
    The unique URL path at which to show the CAPTCHA challenge.
    failureMessage String
    The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
    footerText String
    The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
    headerText String
    The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
    sessionExpirationInSeconds Number
    The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
    submitLabel String
    The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
    title String
    The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
    url String
    The unique URL path at which to show the CAPTCHA challenge.

    GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRule

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Exclusions List<GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRuleExclusion>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Id string
    The OCID of the custom protection rule.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    Exclusions []GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRuleExclusion
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Id string
    The OCID of the custom protection rule.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions List<GetPoliciesPolicyWafConfigCustomProtectionRuleExclusion>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id String
    The OCID of the custom protection rule.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRuleExclusion[]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id string
    The OCID of the custom protection rule.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRuleExclusion]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id str
    The OCID of the custom protection rule.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    exclusions List<Property Map>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    id String
    The OCID of the custom protection rule.

    GetWaasPoliciesWaasPolicyWafConfigCustomProtectionRuleExclusion

    Exclusions List<string>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Target string
    The target of the exclusion.
    Exclusions []string
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    Target string
    The target of the exclusion.
    exclusions List<String>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target String
    The target of the exclusion.
    exclusions string[]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target string
    The target of the exclusion.
    exclusions Sequence[str]
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target str
    The target of the exclusion.
    exclusions List<String>
    An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
    target String
    The target of the exclusion.

    GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallenge

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings List<GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSetting>
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxAddressCount int
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    MaxAddressCountExpirationInSeconds int
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings []GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSetting
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    MaxAddressCount int
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    MaxAddressCountExpirationInSeconds int
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings List<GetPoliciesPolicyWafConfigDeviceFingerprintChallengeChallengeSetting>
    The challenge settings if action is set to BLOCK.
    failureThreshold Integer
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Integer
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxAddressCount Integer
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds Integer
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSetting[]
    The challenge settings if action is set to BLOCK.
    failureThreshold number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxAddressCount number
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds number
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challenge_settings Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSetting]
    The challenge settings if action is set to BLOCK.
    failure_threshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failure_threshold_expiration_in_seconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    max_address_count int
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    max_address_count_expiration_in_seconds int
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings List<Property Map>
    The challenge settings if action is set to BLOCK.
    failureThreshold Number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    maxAddressCount Number
    The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
    maxAddressCountExpirationInSeconds Number
    The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

    GetWaasPoliciesWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSetting

    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallenge

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings List<GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeChallengeSetting>
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    InteractionThreshold int
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    RecordingPeriodInSeconds int
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    SetHttpHeaders List<GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader>
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    ChallengeSettings []GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeChallengeSetting
    The challenge settings if action is set to BLOCK.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    FailureThresholdExpirationInSeconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    InteractionThreshold int
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    RecordingPeriodInSeconds int
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    SetHttpHeaders []GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings List<GetPoliciesPolicyWafConfigHumanInteractionChallengeChallengeSetting>
    The challenge settings if action is set to BLOCK.
    failureThreshold Integer
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Integer
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold Integer
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds Integer
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeaders List<GetPoliciesPolicyWafConfigHumanInteractionChallengeSetHttpHeader>
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeChallengeSetting[]
    The challenge settings if action is set to BLOCK.
    failureThreshold number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold number
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds number
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeaders GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader[]
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challenge_settings Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeChallengeSetting]
    The challenge settings if action is set to BLOCK.
    failure_threshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failure_threshold_expiration_in_seconds int
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interaction_threshold int
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    is_nat_enabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recording_period_in_seconds int
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    set_http_headers Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader]
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    challengeSettings List<Property Map>
    The challenge settings if action is set to BLOCK.
    failureThreshold Number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    failureThresholdExpirationInSeconds Number
    The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
    interactionThreshold Number
    The number of interactions required to pass the challenge. If unspecified, defaults to 3.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    recordingPeriodInSeconds Number
    The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
    setHttpHeaders List<Property Map>
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

    GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeChallengeSetting

    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    GetWaasPoliciesWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader

    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.
    name string
    The unique name of the whitelist.
    value string
    The value of the header.
    name str
    The unique name of the whitelist.
    value str
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyWafConfigJsChallenge

    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    AreRedirectsChallenged bool
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    ChallengeSettings List<GetWaasPoliciesWaasPolicyWafConfigJsChallengeChallengeSetting>
    The challenge settings if action is set to BLOCK.
    Criterias List<GetWaasPoliciesWaasPolicyWafConfigJsChallengeCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    SetHttpHeaders List<GetWaasPoliciesWaasPolicyWafConfigJsChallengeSetHttpHeader>
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    Action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    ActionExpirationInSeconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    AreRedirectsChallenged bool
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    ChallengeSettings []GetWaasPoliciesWaasPolicyWafConfigJsChallengeChallengeSetting
    The challenge settings if action is set to BLOCK.
    Criterias []GetWaasPoliciesWaasPolicyWafConfigJsChallengeCriteria
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    FailureThreshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    IsEnabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    IsNatEnabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    SetHttpHeaders []GetWaasPoliciesWaasPolicyWafConfigJsChallengeSetHttpHeader
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Integer
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged Boolean
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings List<GetPoliciesPolicyWafConfigJsChallengeChallengeSetting>
    The challenge settings if action is set to BLOCK.
    criterias List<GetPoliciesPolicyWafConfigJsChallengeCriteria>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold Integer
    The number of failed requests before taking action. If unspecified, defaults to 10.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeaders List<GetPoliciesPolicyWafConfigJsChallengeSetHttpHeader>
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action string
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged boolean
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings GetWaasPoliciesWaasPolicyWafConfigJsChallengeChallengeSetting[]
    The challenge settings if action is set to BLOCK.
    criterias GetWaasPoliciesWaasPolicyWafConfigJsChallengeCriteria[]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    isEnabled boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeaders GetWaasPoliciesWaasPolicyWafConfigJsChallengeSetHttpHeader[]
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action str
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    action_expiration_in_seconds int
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    are_redirects_challenged bool
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challenge_settings Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigJsChallengeChallengeSetting]
    The challenge settings if action is set to BLOCK.
    criterias Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigJsChallengeCriteria]
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failure_threshold int
    The number of failed requests before taking action. If unspecified, defaults to 10.
    is_enabled bool
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    is_nat_enabled bool
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    set_http_headers Sequence[waas.GetWaasPoliciesWaasPolicyWafConfigJsChallengeSetHttpHeader]
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
    action String
    The action to take against requests from detected bots. If unspecified, defaults to DETECT.
    actionExpirationInSeconds Number
    The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
    areRedirectsChallenged Boolean
    When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
    challengeSettings List<Property Map>
    The challenge settings if action is set to BLOCK.
    criterias List<Property Map>
    When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
    failureThreshold Number
    The number of failed requests before taking action. If unspecified, defaults to 10.
    isEnabled Boolean
    Enables or disables the JavaScript challenge Web Application Firewall feature.
    isNatEnabled Boolean
    When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
    setHttpHeaders List<Property Map>
    Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

    GetWaasPoliciesWaasPolicyWafConfigJsChallengeChallengeSetting

    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    CaptchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    CaptchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    CaptchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    CaptchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter string
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader string
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel string
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle string
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captcha_footer str
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captcha_header str
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captcha_submit_label str
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captcha_title str
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    captchaFooter String
    The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
    captchaHeader String
    The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
    captchaSubmitLabel String
    The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
    captchaTitle String
    The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

    GetWaasPoliciesWaasPolicyWafConfigJsChallengeCriteria

    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    Condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    IsCaseSensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    Value string
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.
    condition string
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value string
    The value of the header.
    condition str
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    is_case_sensitive bool
    When enabled, the condition will be matched with case-sensitive rules.
    value str
    The value of the header.
    condition String
    The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

    • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
    • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
    • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
    • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
    • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
    • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
    • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
    • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
    • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
    • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
    • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
    • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
    • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
    • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
    isCaseSensitive Boolean
    When enabled, the condition will be matched with case-sensitive rules.
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyWafConfigJsChallengeSetHttpHeader

    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    Name string
    The unique name of the whitelist.
    Value string
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.
    name string
    The unique name of the whitelist.
    value string
    The value of the header.
    name str
    The unique name of the whitelist.
    value str
    The value of the header.
    name String
    The unique name of the whitelist.
    value String
    The value of the header.

    GetWaasPoliciesWaasPolicyWafConfigProtectionSetting

    AllowedHttpMethods List<string>
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsResponseInspected bool
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    MaxArgumentCount int
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    MaxNameLengthPerArgument int
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    MaxResponseSizeInKiB int
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    MaxTotalNameLengthOfArguments int
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    MediaTypes List<string>
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    RecommendationsPeriodInDays int
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    AllowedHttpMethods []string
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    BlockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    BlockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    BlockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    BlockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    BlockResponseCode int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    IsResponseInspected bool
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    MaxArgumentCount int
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    MaxNameLengthPerArgument int
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    MaxResponseSizeInKiB int
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    MaxTotalNameLengthOfArguments int
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    MediaTypes []string
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    RecommendationsPeriodInDays int
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowedHttpMethods List<String>
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Integer
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected Boolean
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    maxArgumentCount Integer
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument Integer
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB Integer
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments Integer
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes List<String>
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendationsPeriodInDays Integer
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowedHttpMethods string[]
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction string
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode string
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription string
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage string
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected boolean
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    maxArgumentCount number
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument number
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB number
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments number
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes string[]
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendationsPeriodInDays number
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowed_http_methods Sequence[str]
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    block_action str
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    block_error_page_code str
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    block_error_page_description str
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    block_error_page_message str
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    block_response_code int
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    is_response_inspected bool
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    max_argument_count int
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    max_name_length_per_argument int
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    max_response_size_in_ki_b int
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    max_total_name_length_of_arguments int
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    media_types Sequence[str]
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendations_period_in_days int
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
    allowedHttpMethods List<String>
    The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
    blockAction String
    If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
    blockErrorPageCode String
    The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
    blockErrorPageDescription String
    The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
    blockErrorPageMessage String
    The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
    blockResponseCode Number
    The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
    isResponseInspected Boolean
    Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
    maxArgumentCount Number
    The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
    maxNameLengthPerArgument Number
    The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
    maxResponseSizeInKiB Number
    The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
    maxTotalNameLengthOfArguments Number
    The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
    mediaTypes List<String>
    The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
    recommendationsPeriodInDays Number
    The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

    GetWaasPoliciesWaasPolicyWafConfigWhitelist

    AddressLists List<string>
    A list of OCID of IP address lists to include in the whitelist.
    Addresses List<string>
    A set of IP addresses or CIDR notations to include in the whitelist.
    Name string
    The unique name of the whitelist.
    AddressLists []string
    A list of OCID of IP address lists to include in the whitelist.
    Addresses []string
    A set of IP addresses or CIDR notations to include in the whitelist.
    Name string
    The unique name of the whitelist.
    addressLists List<String>
    A list of OCID of IP address lists to include in the whitelist.
    addresses List<String>
    A set of IP addresses or CIDR notations to include in the whitelist.
    name String
    The unique name of the whitelist.
    addressLists string[]
    A list of OCID of IP address lists to include in the whitelist.
    addresses string[]
    A set of IP addresses or CIDR notations to include in the whitelist.
    name string
    The unique name of the whitelist.
    address_lists Sequence[str]
    A list of OCID of IP address lists to include in the whitelist.
    addresses Sequence[str]
    A set of IP addresses or CIDR notations to include in the whitelist.
    name str
    The unique name of the whitelist.
    addressLists List<String>
    A list of OCID of IP address lists to include in the whitelist.
    addresses List<String>
    A set of IP addresses or CIDR notations to include in the whitelist.
    name String
    The unique name of the whitelist.

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v2.11.0 published on Thursday, Sep 19, 2024 by Pulumi