Oracle Cloud Infrastructure v2.29.0, Apr 9 25

Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi

oci.Waas.getWaasPolicy

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testWaasPolicy = oci.Waas.getWaasPolicy({
    waasPolicyId: testWaasPolicyOciWaasWaasPolicy.id,
});

import pulumi
import pulumi_oci as oci

test_waas_policy = oci.Waas.get_waas_policy(waas_policy_id=test_waas_policy_oci_waas_waas_policy["id"])

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/waas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := waas.GetWaasPolicy(ctx, &waas.GetWaasPolicyArgs{
			WaasPolicyId: testWaasPolicyOciWaasWaasPolicy.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testWaasPolicy = Oci.Waas.GetWaasPolicy.Invoke(new()
    {
        WaasPolicyId = testWaasPolicyOciWaasWaasPolicy.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.WaasFunctions;
import com.pulumi.oci.Waas.inputs.GetWaasPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testWaasPolicy = WaasFunctions.getWaasPolicy(GetWaasPolicyArgs.builder()
            .waasPolicyId(testWaasPolicyOciWaasWaasPolicy.id())
            .build());

    }
}

variables:
  testWaasPolicy:
    fn::invoke:
      function: oci:Waas:getWaasPolicy
      arguments:
        waasPolicyId: ${testWaasPolicyOciWaasWaasPolicy.id}

Using getWaasPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getWaasPolicy(args: GetWaasPolicyArgs, opts?: InvokeOptions): Promise<GetWaasPolicyResult>
function getWaasPolicyOutput(args: GetWaasPolicyOutputArgs, opts?: InvokeOptions): Output<GetWaasPolicyResult>

def get_waas_policy(waas_policy_id: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetWaasPolicyResult
def get_waas_policy_output(waas_policy_id: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetWaasPolicyResult]

func GetWaasPolicy(ctx *Context, args *GetWaasPolicyArgs, opts ...InvokeOption) (*GetWaasPolicyResult, error)
func GetWaasPolicyOutput(ctx *Context, args *GetWaasPolicyOutputArgs, opts ...InvokeOption) GetWaasPolicyResultOutput

> Note: This function is named GetWaasPolicy in the Go SDK.

public static class GetWaasPolicy 
{
    public static Task<GetWaasPolicyResult> InvokeAsync(GetWaasPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetWaasPolicyResult> Invoke(GetWaasPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)
public static Output<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)

fn::invoke:
  function: oci:Waas/getWaasPolicy:getWaasPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

WaasPolicyId string: The OCID of the WAAS policy.

WaasPolicyId string: The OCID of the WAAS policy.

waasPolicyId String: The OCID of the WAAS policy.

waasPolicyId string: The OCID of the WAAS policy.

waas_policy_id str: The OCID of the WAAS policy.

waasPolicyId String: The OCID of the WAAS policy.

getWaasPolicy Result

The following output properties are available:

AdditionalDomains List<string>: An array of additional domains for this web application.
Cname string: The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
CompartmentId string: The OCID of the WAAS policy's compartment.
DefinedTags Dictionary<string, string>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
DisplayName string: The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
Domain string: The domain for which the cookie is set, defaults to WAAS policy domain.
FreeformTags Dictionary<string, string>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string: The provider-assigned unique ID for this managed resource.
OriginGroups List<GetWaasPolicyOriginGroup>: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
Origins List<GetWaasPolicyOrigin>: A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
PolicyConfigs List<GetWaasPolicyPolicyConfig>: The configuration details for the WAAS policy.
State string: The current lifecycle state of the WAAS policy.
TimeCreated string: The date and time the policy was created, expressed in RFC 3339 timestamp format.
WaasPolicyId string
WafConfigs List<GetWaasPolicyWafConfig>: The Web Application Firewall configuration for the WAAS policy.

AdditionalDomains []string: An array of additional domains for this web application.
Cname string: The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
CompartmentId string: The OCID of the WAAS policy's compartment.
DefinedTags map[string]string: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
DisplayName string: The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
Domain string: The domain for which the cookie is set, defaults to WAAS policy domain.
FreeformTags map[string]string: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string: The provider-assigned unique ID for this managed resource.
OriginGroups []GetWaasPolicyOriginGroup: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
Origins []GetWaasPolicyOrigin: A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
PolicyConfigs []GetWaasPolicyPolicyConfig: The configuration details for the WAAS policy.
State string: The current lifecycle state of the WAAS policy.
TimeCreated string: The date and time the policy was created, expressed in RFC 3339 timestamp format.
WaasPolicyId string
WafConfigs []GetWaasPolicyWafConfig: The Web Application Firewall configuration for the WAAS policy.

additionalDomains List<String>: An array of additional domains for this web application.
cname String: The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartmentId String: The OCID of the WAAS policy's compartment.
definedTags Map<String,String>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
displayName String: The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain String: The domain for which the cookie is set, defaults to WAAS policy domain.
freeformTags Map<String,String>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String: The provider-assigned unique ID for this managed resource.
originGroups List<GetPolicyOriginGroup>: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins List<GetPolicyOrigin>: A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policyConfigs List<GetPolicyPolicyConfig>: The configuration details for the WAAS policy.
state String: The current lifecycle state of the WAAS policy.
timeCreated String: The date and time the policy was created, expressed in RFC 3339 timestamp format.
waasPolicyId String
wafConfigs List<GetPolicyWafConfig>: The Web Application Firewall configuration for the WAAS policy.

additionalDomains string[]: An array of additional domains for this web application.
cname string: The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartmentId string: The OCID of the WAAS policy's compartment.
definedTags {[key: string]: string}: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
displayName string: The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain string: The domain for which the cookie is set, defaults to WAAS policy domain.
freeformTags {[key: string]: string}: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id string: The provider-assigned unique ID for this managed resource.
originGroups GetWaasPolicyOriginGroup[]: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins GetWaasPolicyOrigin[]: A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policyConfigs GetWaasPolicyPolicyConfig[]: The configuration details for the WAAS policy.
state string: The current lifecycle state of the WAAS policy.
timeCreated string: The date and time the policy was created, expressed in RFC 3339 timestamp format.
waasPolicyId string
wafConfigs GetWaasPolicyWafConfig[]: The Web Application Firewall configuration for the WAAS policy.

additional_domains Sequence[str]: An array of additional domains for this web application.
cname str: The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartment_id str: The OCID of the WAAS policy's compartment.
defined_tags Mapping[str, str]: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
display_name str: The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain str: The domain for which the cookie is set, defaults to WAAS policy domain.
freeform_tags Mapping[str, str]: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id str: The provider-assigned unique ID for this managed resource.
origin_groups Sequence[waas.GetWaasPolicyOriginGroup]: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins Sequence[waas.GetWaasPolicyOrigin]: A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policy_configs Sequence[waas.GetWaasPolicyPolicyConfig]: The configuration details for the WAAS policy.
state str: The current lifecycle state of the WAAS policy.
time_created str: The date and time the policy was created, expressed in RFC 3339 timestamp format.
waas_policy_id str
waf_configs Sequence[waas.GetWaasPolicyWafConfig]: The Web Application Firewall configuration for the WAAS policy.

additionalDomains List<String>: An array of additional domains for this web application.
cname String: The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartmentId String: The OCID of the WAAS policy's compartment.
definedTags Map<String>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
displayName String: The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain String: The domain for which the cookie is set, defaults to WAAS policy domain.
freeformTags Map<String>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String: The provider-assigned unique ID for this managed resource.
originGroups List<Property Map>: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins List<Property Map>: A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policyConfigs List<Property Map>: The configuration details for the WAAS policy.
state String: The current lifecycle state of the WAAS policy.
timeCreated String: The date and time the policy was created, expressed in RFC 3339 timestamp format.
waasPolicyId String
wafConfigs List<Property Map>: The Web Application Firewall configuration for the WAAS policy.

Supporting Types

GetWaasPolicyOrigin

CustomHeaders List<GetWaasPolicyOriginCustomHeader>: A list of HTTP headers to forward to your origin.
Label string
Uri string: The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
HttpPort int: The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
HttpsPort int: The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

CustomHeaders []GetWaasPolicyOriginCustomHeader: A list of HTTP headers to forward to your origin.
Label string
Uri string: The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
HttpPort int: The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
HttpsPort int: The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

customHeaders List<GetPolicyOriginCustomHeader>: A list of HTTP headers to forward to your origin.
label String
uri String: The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
httpPort Integer: The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
httpsPort Integer: The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

customHeaders GetWaasPolicyOriginCustomHeader[]: A list of HTTP headers to forward to your origin.
label string
uri string: The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
httpPort number: The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
httpsPort number: The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

custom_headers Sequence[waas.GetWaasPolicyOriginCustomHeader]: A list of HTTP headers to forward to your origin.
label str
uri str: The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
http_port int: The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
https_port int: The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

customHeaders List<Property Map>: A list of HTTP headers to forward to your origin.
label String
uri String: The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
httpPort Number: The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
httpsPort Number: The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

GetWaasPolicyOriginCustomHeader

Name string: The unique name of the whitelist.
Value string: The value of the header.

Name string: The unique name of the whitelist.
Value string: The value of the header.

name String: The unique name of the whitelist.
value String: The value of the header.

name string: The unique name of the whitelist.
value string: The value of the header.

name str: The unique name of the whitelist.
value str: The value of the header.

name String: The unique name of the whitelist.
value String: The value of the header.

GetWaasPolicyOriginGroup

Label string
OriginGroups List<GetWaasPolicyOriginGroupOriginGroup>

Label string
OriginGroups []GetWaasPolicyOriginGroupOriginGroup

label String
originGroups List<GetPolicyOriginGroupOriginGroup>

label string
originGroups GetWaasPolicyOriginGroupOriginGroup[]

label str
origin_groups Sequence[waas.GetWaasPolicyOriginGroupOriginGroup]

label String
originGroups List<Property Map>

GetWaasPolicyOriginGroupOriginGroup

Origin string: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
Weight int

Origin string: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
Weight int

origin String: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight Integer

origin string: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight number

origin str: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight int

origin String: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight Number

GetWaasPolicyPolicyConfig

CertificateId string

The OCID of the SSL certificate to use if HTTPS is supported.

CipherGroup string

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

ClientAddressHeader string

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

HealthChecks GetWaasPolicyPolicyConfigHealthChecks

Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".

IsBehindCdn bool

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

IsCacheControlRespected bool

Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.

IsHttpsEnabled bool

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

IsHttpsForced bool

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

IsOriginCompressionEnabled bool

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

IsResponseBufferingEnabled bool

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

IsSniEnabled bool

SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.

LoadBalancingMethod GetWaasPolicyPolicyConfigLoadBalancingMethod

An object that represents a load balancing method and its properties.

TlsProtocols List<string>

A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

TLS_V1: corresponds to TLS 1.0 specification.
TLS_V1_1: corresponds to TLS 1.1 specification.
TLS_V1_2: corresponds to TLS 1.2 specification.
TLS_V1_3: corresponds to TLS 1.3 specification.

WebsocketPathPrefixes List<string>

ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.

CertificateId string

The OCID of the SSL certificate to use if HTTPS is supported.

CipherGroup string

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

ClientAddressHeader string

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

HealthChecks GetWaasPolicyPolicyConfigHealthChecks

IsBehindCdn bool

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

IsCacheControlRespected bool

IsHttpsEnabled bool

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

IsHttpsForced bool

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

IsOriginCompressionEnabled bool

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

IsResponseBufferingEnabled bool

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

IsSniEnabled bool

LoadBalancingMethod GetWaasPolicyPolicyConfigLoadBalancingMethod

An object that represents a load balancing method and its properties.

TlsProtocols []string

TLS_V1: corresponds to TLS 1.0 specification.
TLS_V1_1: corresponds to TLS 1.1 specification.
TLS_V1_2: corresponds to TLS 1.2 specification.
TLS_V1_3: corresponds to TLS 1.3 specification.

WebsocketPathPrefixes []string

certificateId String

The OCID of the SSL certificate to use if HTTPS is supported.

cipherGroup String

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

clientAddressHeader String

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

healthChecks GetPolicyPolicyConfigHealthChecks

isBehindCdn Boolean

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

isCacheControlRespected Boolean

isHttpsEnabled Boolean

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

isHttpsForced Boolean

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

isOriginCompressionEnabled Boolean

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

isResponseBufferingEnabled Boolean

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

isSniEnabled Boolean

loadBalancingMethod GetPolicyPolicyConfigLoadBalancingMethod

An object that represents a load balancing method and its properties.

tlsProtocols List<String>

TLS_V1: corresponds to TLS 1.0 specification.
TLS_V1_1: corresponds to TLS 1.1 specification.
TLS_V1_2: corresponds to TLS 1.2 specification.
TLS_V1_3: corresponds to TLS 1.3 specification.

websocketPathPrefixes List<String>

certificateId string

The OCID of the SSL certificate to use if HTTPS is supported.

cipherGroup string

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

clientAddressHeader string

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

healthChecks GetWaasPolicyPolicyConfigHealthChecks

isBehindCdn boolean

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

isCacheControlRespected boolean

isHttpsEnabled boolean

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

isHttpsForced boolean

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

isOriginCompressionEnabled boolean

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

isResponseBufferingEnabled boolean

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

isSniEnabled boolean

loadBalancingMethod GetWaasPolicyPolicyConfigLoadBalancingMethod

An object that represents a load balancing method and its properties.

tlsProtocols string[]

TLS_V1: corresponds to TLS 1.0 specification.
TLS_V1_1: corresponds to TLS 1.1 specification.
TLS_V1_2: corresponds to TLS 1.2 specification.
TLS_V1_3: corresponds to TLS 1.3 specification.

websocketPathPrefixes string[]

certificate_id str

The OCID of the SSL certificate to use if HTTPS is supported.

cipher_group str

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

client_address_header str

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

health_checks waas.GetWaasPolicyPolicyConfigHealthChecks

is_behind_cdn bool

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

is_cache_control_respected bool

is_https_enabled bool

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

is_https_forced bool

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

is_origin_compression_enabled bool

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

is_response_buffering_enabled bool

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

is_sni_enabled bool

load_balancing_method waas.GetWaasPolicyPolicyConfigLoadBalancingMethod

An object that represents a load balancing method and its properties.

tls_protocols Sequence[str]

TLS_V1: corresponds to TLS 1.0 specification.
TLS_V1_1: corresponds to TLS 1.1 specification.
TLS_V1_2: corresponds to TLS 1.2 specification.
TLS_V1_3: corresponds to TLS 1.3 specification.

websocket_path_prefixes Sequence[str]

certificateId String

The OCID of the SSL certificate to use if HTTPS is supported.

cipherGroup String

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

clientAddressHeader String

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.

healthChecks Property Map

isBehindCdn Boolean

Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

isCacheControlRespected Boolean

isHttpsEnabled Boolean

Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

isHttpsForced Boolean

Force HTTP to HTTPS redirection. If unspecified, defaults to false.

isOriginCompressionEnabled Boolean

Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.

isResponseBufferingEnabled Boolean

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

isSniEnabled Boolean

loadBalancingMethod Property Map

An object that represents a load balancing method and its properties.

tlsProtocols List<String>

TLS_V1: corresponds to TLS 1.0 specification.
TLS_V1_1: corresponds to TLS 1.1 specification.
TLS_V1_2: corresponds to TLS 1.2 specification.
TLS_V1_3: corresponds to TLS 1.3 specification.

websocketPathPrefixes List<String>

GetWaasPolicyPolicyConfigHealthChecks

ExpectedResponseCodeGroups List<string>

The HTTP response codes that signify a healthy state.

2XX: Success response code group.
3XX: Redirection response code group.
4XX: Client errors response code group.
5XX: Server errors response code group.

ExpectedResponseText string

Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

Headers Dictionary<string, string>

HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".

HealthyThreshold int

Number of successful health checks after which the server is marked up.

IntervalInSeconds int

Time between health checks of an individual origin server, in seconds.

IsEnabled bool

Enables or disables the JavaScript challenge Web Application Firewall feature.

IsResponseTextCheckEnabled bool

Enables or disables additional check for predefined text in addition to response code.

Method string

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

Path string

Path to visit on your origins when performing the health check.

TimeoutInSeconds int

Response timeout represents wait time until request is considered failed, in seconds.

UnhealthyThreshold int

Number of failed health checks after which the server is marked down.

ExpectedResponseCodeGroups []string

The HTTP response codes that signify a healthy state.

2XX: Success response code group.
3XX: Redirection response code group.
4XX: Client errors response code group.
5XX: Server errors response code group.

ExpectedResponseText string

Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

Headers map[string]string

HealthyThreshold int

Number of successful health checks after which the server is marked up.

IntervalInSeconds int

Time between health checks of an individual origin server, in seconds.

IsEnabled bool

Enables or disables the JavaScript challenge Web Application Firewall feature.

IsResponseTextCheckEnabled bool

Enables or disables additional check for predefined text in addition to response code.

Method string

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

Path string

Path to visit on your origins when performing the health check.

TimeoutInSeconds int

Response timeout represents wait time until request is considered failed, in seconds.

UnhealthyThreshold int

Number of failed health checks after which the server is marked down.

expectedResponseCodeGroups List<String>

The HTTP response codes that signify a healthy state.

2XX: Success response code group.
3XX: Redirection response code group.
4XX: Client errors response code group.
5XX: Server errors response code group.

expectedResponseText String

Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

headers Map<String,String>

healthyThreshold Integer

Number of successful health checks after which the server is marked up.

intervalInSeconds Integer

Time between health checks of an individual origin server, in seconds.

isEnabled Boolean

Enables or disables the JavaScript challenge Web Application Firewall feature.

isResponseTextCheckEnabled Boolean

Enables or disables additional check for predefined text in addition to response code.

method String

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

path String

Path to visit on your origins when performing the health check.

timeoutInSeconds Integer

Response timeout represents wait time until request is considered failed, in seconds.

unhealthyThreshold Integer

Number of failed health checks after which the server is marked down.

expectedResponseCodeGroups string[]

The HTTP response codes that signify a healthy state.

2XX: Success response code group.
3XX: Redirection response code group.
4XX: Client errors response code group.
5XX: Server errors response code group.

expectedResponseText string

Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

headers {[key: string]: string}

healthyThreshold number

Number of successful health checks after which the server is marked up.

intervalInSeconds number

Time between health checks of an individual origin server, in seconds.

isEnabled boolean

Enables or disables the JavaScript challenge Web Application Firewall feature.

isResponseTextCheckEnabled boolean

Enables or disables additional check for predefined text in addition to response code.

method string

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

path string

Path to visit on your origins when performing the health check.

timeoutInSeconds number

Response timeout represents wait time until request is considered failed, in seconds.

unhealthyThreshold number

Number of failed health checks after which the server is marked down.

expected_response_code_groups Sequence[str]

The HTTP response codes that signify a healthy state.

2XX: Success response code group.
3XX: Redirection response code group.
4XX: Client errors response code group.
5XX: Server errors response code group.

expected_response_text str

Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

headers Mapping[str, str]

healthy_threshold int

Number of successful health checks after which the server is marked up.

interval_in_seconds int

Time between health checks of an individual origin server, in seconds.

is_enabled bool

Enables or disables the JavaScript challenge Web Application Firewall feature.

is_response_text_check_enabled bool

Enables or disables additional check for predefined text in addition to response code.

method str

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

path str

Path to visit on your origins when performing the health check.

timeout_in_seconds int

Response timeout represents wait time until request is considered failed, in seconds.

unhealthy_threshold int

Number of failed health checks after which the server is marked down.

expectedResponseCodeGroups List<String>

The HTTP response codes that signify a healthy state.

2XX: Success response code group.
3XX: Redirection response code group.
4XX: Client errors response code group.
5XX: Server errors response code group.

expectedResponseText String

Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

headers Map<String>

healthyThreshold Number

Number of successful health checks after which the server is marked up.

intervalInSeconds Number

Time between health checks of an individual origin server, in seconds.

isEnabled Boolean

Enables or disables the JavaScript challenge Web Application Firewall feature.

isResponseTextCheckEnabled Boolean

Enables or disables additional check for predefined text in addition to response code.

method String

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

path String

Path to visit on your origins when performing the health check.

timeoutInSeconds Number

Response timeout represents wait time until request is considered failed, in seconds.

unhealthyThreshold Number

Number of failed health checks after which the server is marked down.

GetWaasPolicyPolicyConfigLoadBalancingMethod

Domain string

The domain for which the cookie is set, defaults to WAAS policy domain.

ExpirationTimeInSeconds int

The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

Method string

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

Name string

The unique name of the whitelist.

Domain string

The domain for which the cookie is set, defaults to WAAS policy domain.

ExpirationTimeInSeconds int

The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

Method string

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

Name string

The unique name of the whitelist.

domain String

The domain for which the cookie is set, defaults to WAAS policy domain.

expirationTimeInSeconds Integer

The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

method String

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

name String

The unique name of the whitelist.

domain string

The domain for which the cookie is set, defaults to WAAS policy domain.

expirationTimeInSeconds number

The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

method string

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

name string

The unique name of the whitelist.

domain str

The domain for which the cookie is set, defaults to WAAS policy domain.

expiration_time_in_seconds int

The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

method str

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

name str

The unique name of the whitelist.

domain String

The domain for which the cookie is set, defaults to WAAS policy domain.

expirationTimeInSeconds Number

The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

method String

Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

name String

The unique name of the whitelist.

GetWaasPolicyWafConfig

AccessRules List<GetWaasPolicyWafConfigAccessRule>: The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
AddressRateLimiting GetWaasPolicyWafConfigAddressRateLimiting: The IP address rate limiting settings used to limit the number of requests from an address.
CachingRules List<GetWaasPolicyWafConfigCachingRule>: A list of caching rules applied to the web application.
Captchas List<GetWaasPolicyWafConfigCaptcha>: A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
CustomProtectionRules List<GetWaasPolicyWafConfigCustomProtectionRule>: A list of the custom protection rule OCIDs and their actions.
DeviceFingerprintChallenge GetWaasPolicyWafConfigDeviceFingerprintChallenge: The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
HumanInteractionChallenge GetWaasPolicyWafConfigHumanInteractionChallenge: The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
JsChallenge GetWaasPolicyWafConfigJsChallenge: The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
Origin string: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
OriginGroups List<string>: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
ProtectionSettings GetWaasPolicyWafConfigProtectionSettings: The settings to apply to protection rules.
Whitelists List<GetWaasPolicyWafConfigWhitelist>: A list of IP addresses that bypass the Web Application Firewall.

AccessRules []GetWaasPolicyWafConfigAccessRule: The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
AddressRateLimiting GetWaasPolicyWafConfigAddressRateLimiting: The IP address rate limiting settings used to limit the number of requests from an address.
CachingRules []GetWaasPolicyWafConfigCachingRule: A list of caching rules applied to the web application.
Captchas []GetWaasPolicyWafConfigCaptcha: A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
CustomProtectionRules []GetWaasPolicyWafConfigCustomProtectionRule: A list of the custom protection rule OCIDs and their actions.
DeviceFingerprintChallenge GetWaasPolicyWafConfigDeviceFingerprintChallenge: The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
HumanInteractionChallenge GetWaasPolicyWafConfigHumanInteractionChallenge: The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
JsChallenge GetWaasPolicyWafConfigJsChallenge: The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
Origin string: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
OriginGroups []string: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
ProtectionSettings GetWaasPolicyWafConfigProtectionSettings: The settings to apply to protection rules.
Whitelists []GetWaasPolicyWafConfigWhitelist: A list of IP addresses that bypass the Web Application Firewall.

accessRules List<GetPolicyWafConfigAccessRule>: The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
addressRateLimiting GetPolicyWafConfigAddressRateLimiting: The IP address rate limiting settings used to limit the number of requests from an address.
cachingRules List<GetPolicyWafConfigCachingRule>: A list of caching rules applied to the web application.
captchas List<GetPolicyWafConfigCaptcha>: A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
customProtectionRules List<GetPolicyWafConfigCustomProtectionRule>: A list of the custom protection rule OCIDs and their actions.
deviceFingerprintChallenge GetPolicyWafConfigDeviceFingerprintChallenge: The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
humanInteractionChallenge GetPolicyWafConfigHumanInteractionChallenge: The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
jsChallenge GetPolicyWafConfigJsChallenge: The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin String: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
originGroups List<String>: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protectionSettings GetPolicyWafConfigProtectionSettings: The settings to apply to protection rules.
whitelists List<GetPolicyWafConfigWhitelist>: A list of IP addresses that bypass the Web Application Firewall.

accessRules GetWaasPolicyWafConfigAccessRule[]: The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
addressRateLimiting GetWaasPolicyWafConfigAddressRateLimiting: The IP address rate limiting settings used to limit the number of requests from an address.
cachingRules GetWaasPolicyWafConfigCachingRule[]: A list of caching rules applied to the web application.
captchas GetWaasPolicyWafConfigCaptcha[]: A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
customProtectionRules GetWaasPolicyWafConfigCustomProtectionRule[]: A list of the custom protection rule OCIDs and their actions.
deviceFingerprintChallenge GetWaasPolicyWafConfigDeviceFingerprintChallenge: The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
humanInteractionChallenge GetWaasPolicyWafConfigHumanInteractionChallenge: The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
jsChallenge GetWaasPolicyWafConfigJsChallenge: The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin string: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
originGroups string[]: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protectionSettings GetWaasPolicyWafConfigProtectionSettings: The settings to apply to protection rules.
whitelists GetWaasPolicyWafConfigWhitelist[]: A list of IP addresses that bypass the Web Application Firewall.

access_rules Sequence[waas.GetWaasPolicyWafConfigAccessRule]: The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
address_rate_limiting waas.GetWaasPolicyWafConfigAddressRateLimiting: The IP address rate limiting settings used to limit the number of requests from an address.
caching_rules Sequence[waas.GetWaasPolicyWafConfigCachingRule]: A list of caching rules applied to the web application.
captchas Sequence[waas.GetWaasPolicyWafConfigCaptcha]: A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
custom_protection_rules Sequence[waas.GetWaasPolicyWafConfigCustomProtectionRule]: A list of the custom protection rule OCIDs and their actions.
device_fingerprint_challenge waas.GetWaasPolicyWafConfigDeviceFingerprintChallenge: The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
human_interaction_challenge waas.GetWaasPolicyWafConfigHumanInteractionChallenge: The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
js_challenge waas.GetWaasPolicyWafConfigJsChallenge: The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin str: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
origin_groups Sequence[str]: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protection_settings waas.GetWaasPolicyWafConfigProtectionSettings: The settings to apply to protection rules.
whitelists Sequence[waas.GetWaasPolicyWafConfigWhitelist]: A list of IP addresses that bypass the Web Application Firewall.

accessRules List<Property Map>: The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
addressRateLimiting Property Map: The IP address rate limiting settings used to limit the number of requests from an address.
cachingRules List<Property Map>: A list of caching rules applied to the web application.
captchas List<Property Map>: A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
customProtectionRules List<Property Map>: A list of the custom protection rule OCIDs and their actions.
deviceFingerprintChallenge Property Map: The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
humanInteractionChallenge Property Map: The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
jsChallenge Property Map: The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin String: The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
originGroups List<String>: The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protectionSettings Property Map: The settings to apply to protection rules.
whitelists List<Property Map>: A list of IP addresses that bypass the Web Application Firewall.

GetWaasPolicyWafConfigAccessRule

Action string

The action to take against requests from detected bots. If unspecified, defaults to DETECT.

BlockAction string

If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.

BlockErrorPageCode string

The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.

BlockErrorPageDescription string

The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.

BlockErrorPageMessage string

The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'

BlockResponseCode int

The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.

BypassChallenges List<string>

The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

JS_CHALLENGE: Bypasses JavaScript Challenge.
DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
CAPTCHA: Bypasses CAPTCHA Challenge.

CaptchaFooter string

The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.

CaptchaHeader string

The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to

We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.

CaptchaSubmitLabel string

The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.

CaptchaTitle string

The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

Criterias List<GetWaasPolicyWafConfigAccessRuleCriteria>

When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

Name string

The unique name of the whitelist.

RedirectResponseCode string

The response status code to return when action is set to REDIRECT.

MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
FOUND: Used for designating the temporary movement of a page (numerical code - 302).

RedirectUrl string

The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.

ResponseHeaderManipulations List<GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation>

An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

Action string

The action to take against requests from detected bots. If unspecified, defaults to DETECT.

BlockAction string

If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.

BlockErrorPageCode string

BlockErrorPageDescription string

BlockErrorPageMessage string

BlockResponseCode int

BypassChallenges []string

The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

JS_CHALLENGE: Bypasses JavaScript Challenge.
DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
CAPTCHA: Bypasses CAPTCHA Challenge.

CaptchaFooter string

CaptchaHeader string

The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to

We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.

CaptchaSubmitLabel string

CaptchaTitle string

The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

Criterias []GetWaasPolicyWafConfigAccessRuleCriteria

When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

Name string

The unique name of the whitelist.

RedirectResponseCode string

The response status code to return when action is set to REDIRECT.

MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
FOUND: Used for designating the temporary movement of a page (numerical code - 302).

RedirectUrl string

The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.

ResponseHeaderManipulations []GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation

An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

action String

The action to take against requests from detected bots. If unspecified, defaults to DETECT.

blockAction String

If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.

blockErrorPageCode String

blockErrorPageDescription String

blockErrorPageMessage String

blockResponseCode Integer

bypassChallenges List<String>

The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

JS_CHALLENGE: Bypasses JavaScript Challenge.
DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
CAPTCHA: Bypasses CAPTCHA Challenge.

captchaFooter String

captchaHeader String

The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to

We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.

captchaSubmitLabel String

captchaTitle String

The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

criterias List<GetPolicyWafConfigAccessRuleCriteria>

When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

name String

The unique name of the whitelist.

redirectResponseCode String

The response status code to return when action is set to REDIRECT.

MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
FOUND: Used for designating the temporary movement of a page (numerical code - 302).

redirectUrl String

The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.

responseHeaderManipulations List<GetPolicyWafConfigAccessRuleResponseHeaderManipulation>

An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

action string

The action to take against requests from detected bots. If unspecified, defaults to DETECT.

blockAction string

If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.

blockErrorPageCode string

blockErrorPageDescription string

blockErrorPageMessage string

blockResponseCode number

bypassChallenges string[]

The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

JS_CHALLENGE: Bypasses JavaScript Challenge.
DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
CAPTCHA: Bypasses CAPTCHA Challenge.

captchaFooter string

captchaHeader string

The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to

We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.

captchaSubmitLabel string

captchaTitle string

The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

criterias GetWaasPolicyWafConfigAccessRuleCriteria[]

When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

name string

The unique name of the whitelist.

redirectResponseCode string

The response status code to return when action is set to REDIRECT.

MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
FOUND: Used for designating the temporary movement of a page (numerical code - 302).

redirectUrl string

The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.

responseHeaderManipulations GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation[]

An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

action str

The action to take against requests from detected bots. If unspecified, defaults to DETECT.

block_action str

If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.

block_error_page_code str

block_error_page_description str

block_error_page_message str

block_response_code int

bypass_challenges Sequence[str]

The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

JS_CHALLENGE: Bypasses JavaScript Challenge.
DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
CAPTCHA: Bypasses CAPTCHA Challenge.

captcha_footer str

captcha_header str

The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to

We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.

captcha_submit_label str

captcha_title str

The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

criterias Sequence[waas.GetWaasPolicyWafConfigAccessRuleCriteria]

When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

name str

The unique name of the whitelist.

redirect_response_code str

The response status code to return when action is set to REDIRECT.

MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
FOUND: Used for designating the temporary movement of a page (numerical code - 302).

redirect_url str

The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.

response_header_manipulations Sequence[waas.GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation]

An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

action String

The action to take against requests from detected bots. If unspecified, defaults to DETECT.

blockAction String

If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.

blockErrorPageCode String

blockErrorPageDescription String

blockErrorPageMessage String

blockResponseCode Number

bypassChallenges List<String>

The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

JS_CHALLENGE: Bypasses JavaScript Challenge.
DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
CAPTCHA: Bypasses CAPTCHA Challenge.

captchaFooter String

captchaHeader String

The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to

We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.

captchaSubmitLabel String

captchaTitle String

The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

criterias List<Property Map>

When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

name String

The unique name of the whitelist.

redirectResponseCode String

The response status code to return when action is set to REDIRECT.

MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
FOUND: Used for designating the temporary movement of a page (numerical code - 302).

redirectUrl String

The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.

responseHeaderManipulations List<Property Map>

An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

GetWaasPolicyWafConfigAccessRuleCriteria

Condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

IsCaseSensitive bool

When enabled, the condition will be matched with case-sensitive rules.

Value string

The value of the header.

Condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

IsCaseSensitive bool

When enabled, the condition will be matched with case-sensitive rules.

Value string

The value of the header.

condition String

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

isCaseSensitive Boolean

When enabled, the condition will be matched with case-sensitive rules.

value String

The value of the header.

condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

isCaseSensitive boolean

When enabled, the condition will be matched with case-sensitive rules.

value string

The value of the header.

condition str

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

is_case_sensitive bool

When enabled, the condition will be matched with case-sensitive rules.

value str

The value of the header.

condition String

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

isCaseSensitive Boolean

When enabled, the condition will be matched with case-sensitive rules.

value String

The value of the header.

GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Header string: A header field name that conforms to RFC 7230. Example: example_header_name
Value string: The value of the header.

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Header string: A header field name that conforms to RFC 7230. Example: example_header_name
Value string: The value of the header.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header String: A header field name that conforms to RFC 7230. Example: example_header_name
value String: The value of the header.

action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header string: A header field name that conforms to RFC 7230. Example: example_header_name
value string: The value of the header.

action str: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header str: A header field name that conforms to RFC 7230. Example: example_header_name
value str: The value of the header.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header String: A header field name that conforms to RFC 7230. Example: example_header_name
value String: The value of the header.

GetWaasPolicyWafConfigAddressRateLimiting

AllowedRatePerAddress int: The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxDelayedCountPerAddress int: The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

AllowedRatePerAddress int: The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxDelayedCountPerAddress int: The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

allowedRatePerAddress Integer: The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
blockResponseCode Integer: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
maxDelayedCountPerAddress Integer: The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

allowedRatePerAddress number: The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
blockResponseCode number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isEnabled boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
maxDelayedCountPerAddress number: The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

allowed_rate_per_address int: The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
block_response_code int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
is_enabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
max_delayed_count_per_address int: The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

allowedRatePerAddress Number: The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
blockResponseCode Number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
maxDelayedCountPerAddress Number: The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

GetWaasPolicyWafConfigCachingRule

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
CachingDuration string: The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
ClientCachingDuration string: The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
Criterias List<GetWaasPolicyWafConfigCachingRuleCriteria>: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
IsClientCachingEnabled bool: Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
Key string: The unique key for the caching rule.
Name string: The unique name of the whitelist.

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
CachingDuration string: The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
ClientCachingDuration string: The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
Criterias []GetWaasPolicyWafConfigCachingRuleCriteria: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
IsClientCachingEnabled bool: Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
Key string: The unique key for the caching rule.
Name string: The unique name of the whitelist.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
cachingDuration String: The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
clientCachingDuration String: The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias List<GetPolicyWafConfigCachingRuleCriteria>: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
isClientCachingEnabled Boolean: Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key String: The unique key for the caching rule.
name String: The unique name of the whitelist.

action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
cachingDuration string: The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
clientCachingDuration string: The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias GetWaasPolicyWafConfigCachingRuleCriteria[]: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
isClientCachingEnabled boolean: Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key string: The unique key for the caching rule.
name string: The unique name of the whitelist.

action str: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
caching_duration str: The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
client_caching_duration str: The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias Sequence[waas.GetWaasPolicyWafConfigCachingRuleCriteria]: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
is_client_caching_enabled bool: Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key str: The unique key for the caching rule.
name str: The unique name of the whitelist.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
cachingDuration String: The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
clientCachingDuration String: The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias List<Property Map>: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
isClientCachingEnabled Boolean: Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key String: The unique key for the caching rule.
name String: The unique name of the whitelist.

GetWaasPolicyWafConfigCachingRuleCriteria

Condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

Value string

The value of the header.

Condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

Value string

The value of the header.

condition String

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

value String

The value of the header.

condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

value string

The value of the header.

condition str

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

value str

The value of the header.

condition String

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

value String

The value of the header.

GetWaasPolicyWafConfigCaptcha

FailureMessage string: The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
FooterText string: The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
HeaderText string: The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
SessionExpirationInSeconds int: The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
SubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
Title string: The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
Url string: The unique URL path at which to show the CAPTCHA challenge.

FailureMessage string: The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
FooterText string: The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
HeaderText string: The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
SessionExpirationInSeconds int: The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
SubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
Title string: The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
Url string: The unique URL path at which to show the CAPTCHA challenge.

failureMessage String: The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footerText String: The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
headerText String: The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
sessionExpirationInSeconds Integer: The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submitLabel String: The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title String: The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url String: The unique URL path at which to show the CAPTCHA challenge.

failureMessage string: The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footerText string: The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
headerText string: The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
sessionExpirationInSeconds number: The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submitLabel string: The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title string: The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url string: The unique URL path at which to show the CAPTCHA challenge.

failure_message str: The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footer_text str: The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
header_text str: The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
session_expiration_in_seconds int: The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submit_label str: The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title str: The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url str: The unique URL path at which to show the CAPTCHA challenge.

failureMessage String: The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footerText String: The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
headerText String: The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
sessionExpirationInSeconds Number: The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submitLabel String: The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title String: The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url String: The unique URL path at which to show the CAPTCHA challenge.

GetWaasPolicyWafConfigCustomProtectionRule

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Exclusions List<GetWaasPolicyWafConfigCustomProtectionRuleExclusion>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Id string: The OCID of the custom protection rule.

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Exclusions []GetWaasPolicyWafConfigCustomProtectionRuleExclusion: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Id string: The OCID of the custom protection rule.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions List<GetPolicyWafConfigCustomProtectionRuleExclusion>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id String: The OCID of the custom protection rule.

action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions GetWaasPolicyWafConfigCustomProtectionRuleExclusion[]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id string: The OCID of the custom protection rule.

action str: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions Sequence[waas.GetWaasPolicyWafConfigCustomProtectionRuleExclusion]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id str: The OCID of the custom protection rule.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions List<Property Map>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id String: The OCID of the custom protection rule.

GetWaasPolicyWafConfigCustomProtectionRuleExclusion

Exclusions List<string>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Target string: The target of the exclusion.

Exclusions []string: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Target string: The target of the exclusion.

exclusions List<String>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target String: The target of the exclusion.

exclusions string[]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target string: The target of the exclusion.

exclusions Sequence[str]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target str: The target of the exclusion.

exclusions List<String>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target String: The target of the exclusion.

GetWaasPolicyWafConfigDeviceFingerprintChallenge

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
FailureThreshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds int: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxAddressCount int: The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
MaxAddressCountExpirationInSeconds int: The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
FailureThreshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds int: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxAddressCount int: The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
MaxAddressCountExpirationInSeconds int: The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds Integer: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings GetPolicyWafConfigDeviceFingerprintChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
failureThreshold Integer: The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds Integer: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
maxAddressCount Integer: The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
maxAddressCountExpirationInSeconds Integer: The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds number: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
failureThreshold number: The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds number: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
isEnabled boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
maxAddressCount number: The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
maxAddressCountExpirationInSeconds number: The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

action str: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
action_expiration_in_seconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challenge_settings waas.GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
failure_threshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
failure_threshold_expiration_in_seconds int: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
is_enabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
max_address_count int: The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
max_address_count_expiration_in_seconds int: The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds Number: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings Property Map: The challenge settings if action is set to BLOCK.
failureThreshold Number: The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds Number: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
maxAddressCount Number: The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
maxAddressCountExpirationInSeconds Number: The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings

BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Integer: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter String: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader String: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel String: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle String: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

block_action str: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code str: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description str: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message str: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captcha_footer str: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header str: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label str: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title str: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter String: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader String: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel String: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle String: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

GetWaasPolicyWafConfigHumanInteractionChallenge

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
FailureThreshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds int: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
InteractionThreshold int: The number of interactions required to pass the challenge. If unspecified, defaults to 3.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled bool: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
RecordingPeriodInSeconds int: The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
SetHttpHeader GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
FailureThreshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds int: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
InteractionThreshold int: The number of interactions required to pass the challenge. If unspecified, defaults to 3.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled bool: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
RecordingPeriodInSeconds int: The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
SetHttpHeader GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds Integer: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings GetPolicyWafConfigHumanInteractionChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
failureThreshold Integer: The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds Integer: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interactionThreshold Integer: The number of interactions required to pass the challenge. If unspecified, defaults to 3.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled Boolean: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recordingPeriodInSeconds Integer: The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
setHttpHeader GetPolicyWafConfigHumanInteractionChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds number: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
failureThreshold number: The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds number: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interactionThreshold number: The number of interactions required to pass the challenge. If unspecified, defaults to 3.
isEnabled boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled boolean: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recordingPeriodInSeconds number: The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
setHttpHeader GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action str: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
action_expiration_in_seconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challenge_settings waas.GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
failure_threshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
failure_threshold_expiration_in_seconds int: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interaction_threshold int: The number of interactions required to pass the challenge. If unspecified, defaults to 3.
is_enabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
is_nat_enabled bool: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recording_period_in_seconds int: The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
set_http_header waas.GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds Number: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings Property Map: The challenge settings if action is set to BLOCK.
failureThreshold Number: The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds Number: The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interactionThreshold Number: The number of interactions required to pass the challenge. If unspecified, defaults to 3.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled Boolean: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recordingPeriodInSeconds Number: The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
setHttpHeader Property Map: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings

BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Integer: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter String: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader String: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel String: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle String: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

block_action str: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code str: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description str: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message str: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captcha_footer str: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header str: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label str: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title str: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter String: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader String: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel String: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle String: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader

Name string: The unique name of the whitelist.
Value string: The value of the header.

Name string: The unique name of the whitelist.
Value string: The value of the header.

name String: The unique name of the whitelist.
value String: The value of the header.

name string: The unique name of the whitelist.
value string: The value of the header.

name str: The unique name of the whitelist.
value str: The value of the header.

name String: The unique name of the whitelist.
value String: The value of the header.

GetWaasPolicyWafConfigJsChallenge

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
AreRedirectsChallenged bool: When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
ChallengeSettings GetWaasPolicyWafConfigJsChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
Criterias List<GetWaasPolicyWafConfigJsChallengeCriteria>: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
FailureThreshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled bool: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
SetHttpHeader GetWaasPolicyWafConfigJsChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

Action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
AreRedirectsChallenged bool: When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
ChallengeSettings GetWaasPolicyWafConfigJsChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
Criterias []GetWaasPolicyWafConfigJsChallengeCriteria: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
FailureThreshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
IsEnabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled bool: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
SetHttpHeader GetWaasPolicyWafConfigJsChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds Integer: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
areRedirectsChallenged Boolean: When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challengeSettings GetPolicyWafConfigJsChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
criterias List<GetPolicyWafConfigJsChallengeCriteria>: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failureThreshold Integer: The number of failed requests before taking action. If unspecified, defaults to 10.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled Boolean: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
setHttpHeader GetPolicyWafConfigJsChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action string: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds number: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
areRedirectsChallenged boolean: When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challengeSettings GetWaasPolicyWafConfigJsChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
criterias GetWaasPolicyWafConfigJsChallengeCriteria[]: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failureThreshold number: The number of failed requests before taking action. If unspecified, defaults to 10.
isEnabled boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled boolean: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
setHttpHeader GetWaasPolicyWafConfigJsChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action str: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
action_expiration_in_seconds int: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
are_redirects_challenged bool: When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challenge_settings waas.GetWaasPolicyWafConfigJsChallengeChallengeSettings: The challenge settings if action is set to BLOCK.
criterias Sequence[waas.GetWaasPolicyWafConfigJsChallengeCriteria]: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failure_threshold int: The number of failed requests before taking action. If unspecified, defaults to 10.
is_enabled bool: Enables or disables the JavaScript challenge Web Application Firewall feature.
is_nat_enabled bool: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
set_http_header waas.GetWaasPolicyWafConfigJsChallengeSetHttpHeader: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

action String: The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds Number: The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
areRedirectsChallenged Boolean: When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challengeSettings Property Map: The challenge settings if action is set to BLOCK.
criterias List<Property Map>: When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failureThreshold Number: The number of failed requests before taking action. If unspecified, defaults to 10.
isEnabled Boolean: Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled Boolean: When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
setHttpHeader Property Map: Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

GetWaasPolicyWafConfigJsChallengeChallengeSettings

BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Integer: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter String: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader String: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel String: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle String: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter string: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader string: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel string: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle string: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

block_action str: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code str: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description str: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message str: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captcha_footer str: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header str: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label str: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title str: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter String: The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader String: The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel String: The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle String: The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

GetWaasPolicyWafConfigJsChallengeCriteria

Condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

IsCaseSensitive bool

When enabled, the condition will be matched with case-sensitive rules.

Value string

The value of the header.

Condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

IsCaseSensitive bool

When enabled, the condition will be matched with case-sensitive rules.

Value string

The value of the header.

condition String

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

isCaseSensitive Boolean

When enabled, the condition will be matched with case-sensitive rules.

value String

The value of the header.

condition string

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

isCaseSensitive boolean

When enabled, the condition will be matched with case-sensitive rules.

value string

The value of the header.

condition str

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

is_case_sensitive bool

When enabled, the condition will be matched with case-sensitive rules.

value str

The value of the header.

condition String

The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH

isCaseSensitive Boolean

When enabled, the condition will be matched with case-sensitive rules.

value String

The value of the header.

GetWaasPolicyWafConfigJsChallengeSetHttpHeader

Name string: The unique name of the whitelist.
Value string: The value of the header.

Name string: The unique name of the whitelist.
Value string: The value of the header.

name String: The unique name of the whitelist.
value String: The value of the header.

name string: The unique name of the whitelist.
value string: The value of the header.

name str: The unique name of the whitelist.
value str: The value of the header.

name String: The unique name of the whitelist.
value String: The value of the header.

GetWaasPolicyWafConfigProtectionSettings

AllowedHttpMethods List<string>: The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsResponseInspected bool: Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
MaxArgumentCount int: The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
MaxNameLengthPerArgument int: The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
MaxResponseSizeInKiB int: The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
MaxTotalNameLengthOfArguments int: The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
MediaTypes List<string>: The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
RecommendationsPeriodInDays int: The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

AllowedHttpMethods []string: The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
BlockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsResponseInspected bool: Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
MaxArgumentCount int: The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
MaxNameLengthPerArgument int: The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
MaxResponseSizeInKiB int: The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
MaxTotalNameLengthOfArguments int: The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
MediaTypes []string: The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
RecommendationsPeriodInDays int: The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

allowedHttpMethods List<String>: The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Integer: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isResponseInspected Boolean: Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
maxArgumentCount Integer: The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
maxNameLengthPerArgument Integer: The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
maxResponseSizeInKiB Integer: The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
maxTotalNameLengthOfArguments Integer: The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
mediaTypes List<String>: The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendationsPeriodInDays Integer: The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

allowedHttpMethods string[]: The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
blockAction string: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode string: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription string: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage string: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isResponseInspected boolean: Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
maxArgumentCount number: The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
maxNameLengthPerArgument number: The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
maxResponseSizeInKiB number: The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
maxTotalNameLengthOfArguments number: The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
mediaTypes string[]: The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendationsPeriodInDays number: The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

allowed_http_methods Sequence[str]: The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
block_action str: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code str: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description str: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message str: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code int: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
is_response_inspected bool: Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
max_argument_count int: The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
max_name_length_per_argument int: The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
max_response_size_in_ki_b int: The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
max_total_name_length_of_arguments int: The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
media_types Sequence[str]: The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendations_period_in_days int: The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

allowedHttpMethods List<String>: The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
blockAction String: If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode String: The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription String: The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage String: The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode Number: The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isResponseInspected Boolean: Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
maxArgumentCount Number: The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
maxNameLengthPerArgument Number: The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
maxResponseSizeInKiB Number: The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
maxTotalNameLengthOfArguments Number: The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
mediaTypes List<String>: The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendationsPeriodInDays Number: The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

GetWaasPolicyWafConfigWhitelist

AddressLists List<string>: A list of OCID of IP address lists to include in the whitelist.
Addresses List<string>: A set of IP addresses or CIDR notations to include in the whitelist.
Name string: The unique name of the whitelist.

AddressLists []string: A list of OCID of IP address lists to include in the whitelist.
Addresses []string: A set of IP addresses or CIDR notations to include in the whitelist.
Name string: The unique name of the whitelist.

addressLists List<String>: A list of OCID of IP address lists to include in the whitelist.
addresses List<String>: A set of IP addresses or CIDR notations to include in the whitelist.
name String: The unique name of the whitelist.

addressLists string[]: A list of OCID of IP address lists to include in the whitelist.
addresses string[]: A set of IP addresses or CIDR notations to include in the whitelist.
name string: The unique name of the whitelist.

address_lists Sequence[str]: A list of OCID of IP address lists to include in the whitelist.
addresses Sequence[str]: A set of IP addresses or CIDR notations to include in the whitelist.
name str: The unique name of the whitelist.

addressLists List<String>: A list of OCID of IP address lists to include in the whitelist.
addresses List<String>: A set of IP addresses or CIDR notations to include in the whitelist.
name String: The unique name of the whitelist.

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi

pulumi/pulumi-oci

oci.Waas.getWaasPolicy

On this page

On this page

Example Usage

Using getWaasPolicy

getWaasPolicy Result

Supporting Types

GetWaasPolicyOrigin

GetWaasPolicyOriginCustomHeader

GetWaasPolicyOriginGroup

GetWaasPolicyOriginGroupOriginGroup

GetWaasPolicyPolicyConfig

GetWaasPolicyPolicyConfigHealthChecks

GetWaasPolicyPolicyConfigLoadBalancingMethod

GetWaasPolicyWafConfig

GetWaasPolicyWafConfigAccessRule

GetWaasPolicyWafConfigAccessRuleCriteria

GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation

GetWaasPolicyWafConfigAddressRateLimiting

GetWaasPolicyWafConfigCachingRule

GetWaasPolicyWafConfigCachingRuleCriteria

GetWaasPolicyWafConfigCaptcha

GetWaasPolicyWafConfigCustomProtectionRule

GetWaasPolicyWafConfigCustomProtectionRuleExclusion

GetWaasPolicyWafConfigDeviceFingerprintChallenge

GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings

GetWaasPolicyWafConfigHumanInteractionChallenge

GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings

GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader

GetWaasPolicyWafConfigJsChallenge

GetWaasPolicyWafConfigJsChallengeChallengeSettings

GetWaasPolicyWafConfigJsChallengeCriteria

GetWaasPolicyWafConfigJsChallengeSetHttpHeader

GetWaasPolicyWafConfigProtectionSettings

GetWaasPolicyWafConfigWhitelist

Package Details

On this page

On this page