1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Waas
  5. getWaasPolicy
Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi

oci.Waas.getWaasPolicy

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi

This data source provides details about a specific Waas Policy resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.

Gets the details of a WAAS policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testWaasPolicy = oci.Waas.getWaasPolicy({
    waasPolicyId: testWaasPolicyOciWaasWaasPolicy.id,
});
Copy
import pulumi
import pulumi_oci as oci

test_waas_policy = oci.Waas.get_waas_policy(waas_policy_id=test_waas_policy_oci_waas_waas_policy["id"])
Copy
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/waas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := waas.GetWaasPolicy(ctx, &waas.GetWaasPolicyArgs{
			WaasPolicyId: testWaasPolicyOciWaasWaasPolicy.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testWaasPolicy = Oci.Waas.GetWaasPolicy.Invoke(new()
    {
        WaasPolicyId = testWaasPolicyOciWaasWaasPolicy.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.WaasFunctions;
import com.pulumi.oci.Waas.inputs.GetWaasPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testWaasPolicy = WaasFunctions.getWaasPolicy(GetWaasPolicyArgs.builder()
            .waasPolicyId(testWaasPolicyOciWaasWaasPolicy.id())
            .build());

    }
}
Copy
variables:
  testWaasPolicy:
    fn::invoke:
      function: oci:Waas:getWaasPolicy
      arguments:
        waasPolicyId: ${testWaasPolicyOciWaasWaasPolicy.id}
Copy

Using getWaasPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getWaasPolicy(args: GetWaasPolicyArgs, opts?: InvokeOptions): Promise<GetWaasPolicyResult>
function getWaasPolicyOutput(args: GetWaasPolicyOutputArgs, opts?: InvokeOptions): Output<GetWaasPolicyResult>
Copy
def get_waas_policy(waas_policy_id: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetWaasPolicyResult
def get_waas_policy_output(waas_policy_id: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetWaasPolicyResult]
Copy
func GetWaasPolicy(ctx *Context, args *GetWaasPolicyArgs, opts ...InvokeOption) (*GetWaasPolicyResult, error)
func GetWaasPolicyOutput(ctx *Context, args *GetWaasPolicyOutputArgs, opts ...InvokeOption) GetWaasPolicyResultOutput
Copy

> Note: This function is named GetWaasPolicy in the Go SDK.

public static class GetWaasPolicy 
{
    public static Task<GetWaasPolicyResult> InvokeAsync(GetWaasPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetWaasPolicyResult> Invoke(GetWaasPolicyInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)
public static Output<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: oci:Waas/getWaasPolicy:getWaasPolicy
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

WaasPolicyId This property is required. string
The OCID of the WAAS policy.
WaasPolicyId This property is required. string
The OCID of the WAAS policy.
waasPolicyId This property is required. String
The OCID of the WAAS policy.
waasPolicyId This property is required. string
The OCID of the WAAS policy.
waas_policy_id This property is required. str
The OCID of the WAAS policy.
waasPolicyId This property is required. String
The OCID of the WAAS policy.

getWaasPolicy Result

The following output properties are available:

AdditionalDomains List<string>
An array of additional domains for this web application.
Cname string
The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
CompartmentId string
The OCID of the WAAS policy's compartment.
DefinedTags Dictionary<string, string>
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
DisplayName string
The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
Domain string
The domain for which the cookie is set, defaults to WAAS policy domain.
FreeformTags Dictionary<string, string>
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string
The provider-assigned unique ID for this managed resource.
OriginGroups List<GetWaasPolicyOriginGroup>
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
Origins List<GetWaasPolicyOrigin>
A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
PolicyConfigs List<GetWaasPolicyPolicyConfig>
The configuration details for the WAAS policy.
State string
The current lifecycle state of the WAAS policy.
TimeCreated string
The date and time the policy was created, expressed in RFC 3339 timestamp format.
WaasPolicyId string
WafConfigs List<GetWaasPolicyWafConfig>
The Web Application Firewall configuration for the WAAS policy.
AdditionalDomains []string
An array of additional domains for this web application.
Cname string
The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
CompartmentId string
The OCID of the WAAS policy's compartment.
DefinedTags map[string]string
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
DisplayName string
The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
Domain string
The domain for which the cookie is set, defaults to WAAS policy domain.
FreeformTags map[string]string
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string
The provider-assigned unique ID for this managed resource.
OriginGroups []GetWaasPolicyOriginGroup
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
Origins []GetWaasPolicyOrigin
A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
PolicyConfigs []GetWaasPolicyPolicyConfig
The configuration details for the WAAS policy.
State string
The current lifecycle state of the WAAS policy.
TimeCreated string
The date and time the policy was created, expressed in RFC 3339 timestamp format.
WaasPolicyId string
WafConfigs []GetWaasPolicyWafConfig
The Web Application Firewall configuration for the WAAS policy.
additionalDomains List<String>
An array of additional domains for this web application.
cname String
The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartmentId String
The OCID of the WAAS policy's compartment.
definedTags Map<String,String>
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
displayName String
The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain String
The domain for which the cookie is set, defaults to WAAS policy domain.
freeformTags Map<String,String>
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String
The provider-assigned unique ID for this managed resource.
originGroups List<GetPolicyOriginGroup>
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins List<GetPolicyOrigin>
A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policyConfigs List<GetPolicyPolicyConfig>
The configuration details for the WAAS policy.
state String
The current lifecycle state of the WAAS policy.
timeCreated String
The date and time the policy was created, expressed in RFC 3339 timestamp format.
waasPolicyId String
wafConfigs List<GetPolicyWafConfig>
The Web Application Firewall configuration for the WAAS policy.
additionalDomains string[]
An array of additional domains for this web application.
cname string
The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartmentId string
The OCID of the WAAS policy's compartment.
definedTags {[key: string]: string}
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
displayName string
The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain string
The domain for which the cookie is set, defaults to WAAS policy domain.
freeformTags {[key: string]: string}
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id string
The provider-assigned unique ID for this managed resource.
originGroups GetWaasPolicyOriginGroup[]
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins GetWaasPolicyOrigin[]
A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policyConfigs GetWaasPolicyPolicyConfig[]
The configuration details for the WAAS policy.
state string
The current lifecycle state of the WAAS policy.
timeCreated string
The date and time the policy was created, expressed in RFC 3339 timestamp format.
waasPolicyId string
wafConfigs GetWaasPolicyWafConfig[]
The Web Application Firewall configuration for the WAAS policy.
additional_domains Sequence[str]
An array of additional domains for this web application.
cname str
The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartment_id str
The OCID of the WAAS policy's compartment.
defined_tags Mapping[str, str]
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
display_name str
The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain str
The domain for which the cookie is set, defaults to WAAS policy domain.
freeform_tags Mapping[str, str]
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id str
The provider-assigned unique ID for this managed resource.
origin_groups Sequence[waas.GetWaasPolicyOriginGroup]
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins Sequence[waas.GetWaasPolicyOrigin]
A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policy_configs Sequence[waas.GetWaasPolicyPolicyConfig]
The configuration details for the WAAS policy.
state str
The current lifecycle state of the WAAS policy.
time_created str
The date and time the policy was created, expressed in RFC 3339 timestamp format.
waas_policy_id str
waf_configs Sequence[waas.GetWaasPolicyWafConfig]
The Web Application Firewall configuration for the WAAS policy.
additionalDomains List<String>
An array of additional domains for this web application.
cname String
The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
compartmentId String
The OCID of the WAAS policy's compartment.
definedTags Map<String>
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
displayName String
The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
domain String
The domain for which the cookie is set, defaults to WAAS policy domain.
freeformTags Map<String>
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String
The provider-assigned unique ID for this managed resource.
originGroups List<Property Map>
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
origins List<Property Map>
A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples: primary or secondary.
policyConfigs List<Property Map>
The configuration details for the WAAS policy.
state String
The current lifecycle state of the WAAS policy.
timeCreated String
The date and time the policy was created, expressed in RFC 3339 timestamp format.
waasPolicyId String
wafConfigs List<Property Map>
The Web Application Firewall configuration for the WAAS policy.

Supporting Types

GetWaasPolicyOrigin

CustomHeaders This property is required. List<GetWaasPolicyOriginCustomHeader>
A list of HTTP headers to forward to your origin.
Label This property is required. string
Uri This property is required. string
The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
HttpPort int
The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
HttpsPort int
The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
CustomHeaders This property is required. []GetWaasPolicyOriginCustomHeader
A list of HTTP headers to forward to your origin.
Label This property is required. string
Uri This property is required. string
The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
HttpPort int
The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
HttpsPort int
The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
customHeaders This property is required. List<GetPolicyOriginCustomHeader>
A list of HTTP headers to forward to your origin.
label This property is required. String
uri This property is required. String
The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
httpPort Integer
The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
httpsPort Integer
The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
customHeaders This property is required. GetWaasPolicyOriginCustomHeader[]
A list of HTTP headers to forward to your origin.
label This property is required. string
uri This property is required. string
The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
httpPort number
The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
httpsPort number
The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
custom_headers This property is required. Sequence[waas.GetWaasPolicyOriginCustomHeader]
A list of HTTP headers to forward to your origin.
label This property is required. str
uri This property is required. str
The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
http_port int
The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
https_port int
The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.
customHeaders This property is required. List<Property Map>
A list of HTTP headers to forward to your origin.
label This property is required. String
uri This property is required. String
The URI of the origin. Does not support paths. Port numbers should be specified in the httpPort and httpsPort fields.
httpPort Number
The HTTP port on the origin that the web application listens on. If unspecified, defaults to 80. If 0 is specified - the origin is not used for HTTP traffic.
httpsPort Number
The HTTPS port on the origin that the web application listens on. If unspecified, defaults to 443. If 0 is specified - the origin is not used for HTTPS traffic.

GetWaasPolicyOriginCustomHeader

Name This property is required. string
The unique name of the whitelist.
Value This property is required. string
The value of the header.
Name This property is required. string
The unique name of the whitelist.
Value This property is required. string
The value of the header.
name This property is required. String
The unique name of the whitelist.
value This property is required. String
The value of the header.
name This property is required. string
The unique name of the whitelist.
value This property is required. string
The value of the header.
name This property is required. str
The unique name of the whitelist.
value This property is required. str
The value of the header.
name This property is required. String
The unique name of the whitelist.
value This property is required. String
The value of the header.

GetWaasPolicyOriginGroup

Label This property is required. string
OriginGroups This property is required. List<GetWaasPolicyOriginGroupOriginGroup>
Label This property is required. string
OriginGroups This property is required. []GetWaasPolicyOriginGroupOriginGroup
label This property is required. String
originGroups This property is required. List<GetPolicyOriginGroupOriginGroup>
label This property is required. string
originGroups This property is required. GetWaasPolicyOriginGroupOriginGroup[]
label This property is required. str
origin_groups This property is required. Sequence[waas.GetWaasPolicyOriginGroupOriginGroup]
label This property is required. String
originGroups This property is required. List<Property Map>

GetWaasPolicyOriginGroupOriginGroup

Origin This property is required. string
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
Weight This property is required. int
Origin This property is required. string
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
Weight This property is required. int
origin This property is required. String
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight This property is required. Integer
origin This property is required. string
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight This property is required. number
origin This property is required. str
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight This property is required. int
origin This property is required. String
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
weight This property is required. Number

GetWaasPolicyPolicyConfig

CertificateId This property is required. string
The OCID of the SSL certificate to use if HTTPS is supported.
CipherGroup This property is required. string
The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ClientAddressHeader This property is required. string
Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
HealthChecks This property is required. GetWaasPolicyPolicyConfigHealthChecks
Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
IsBehindCdn This property is required. bool
Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
IsCacheControlRespected This property is required. bool
Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
IsHttpsEnabled This property is required. bool
Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
IsHttpsForced This property is required. bool
Force HTTP to HTTPS redirection. If unspecified, defaults to false.
IsOriginCompressionEnabled This property is required. bool
Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
IsResponseBufferingEnabled This property is required. bool
Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
IsSniEnabled This property is required. bool
SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
LoadBalancingMethod This property is required. GetWaasPolicyPolicyConfigLoadBalancingMethod
An object that represents a load balancing method and its properties.
TlsProtocols This property is required. List<string>
A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.
  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.
WebsocketPathPrefixes This property is required. List<string>
ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
CertificateId This property is required. string
The OCID of the SSL certificate to use if HTTPS is supported.
CipherGroup This property is required. string
The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ClientAddressHeader This property is required. string
Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
HealthChecks This property is required. GetWaasPolicyPolicyConfigHealthChecks
Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
IsBehindCdn This property is required. bool
Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
IsCacheControlRespected This property is required. bool
Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
IsHttpsEnabled This property is required. bool
Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
IsHttpsForced This property is required. bool
Force HTTP to HTTPS redirection. If unspecified, defaults to false.
IsOriginCompressionEnabled This property is required. bool
Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
IsResponseBufferingEnabled This property is required. bool
Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
IsSniEnabled This property is required. bool
SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
LoadBalancingMethod This property is required. GetWaasPolicyPolicyConfigLoadBalancingMethod
An object that represents a load balancing method and its properties.
TlsProtocols This property is required. []string
A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.
  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.
WebsocketPathPrefixes This property is required. []string
ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
certificateId This property is required. String
The OCID of the SSL certificate to use if HTTPS is supported.
cipherGroup This property is required. String
The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
clientAddressHeader This property is required. String
Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
healthChecks This property is required. GetPolicyPolicyConfigHealthChecks
Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
isBehindCdn This property is required. Boolean
Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
isCacheControlRespected This property is required. Boolean
Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
isHttpsEnabled This property is required. Boolean
Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
isHttpsForced This property is required. Boolean
Force HTTP to HTTPS redirection. If unspecified, defaults to false.
isOriginCompressionEnabled This property is required. Boolean
Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
isResponseBufferingEnabled This property is required. Boolean
Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
isSniEnabled This property is required. Boolean
SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
loadBalancingMethod This property is required. GetPolicyPolicyConfigLoadBalancingMethod
An object that represents a load balancing method and its properties.
tlsProtocols This property is required. List<String>
A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.
  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.
websocketPathPrefixes This property is required. List<String>
ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
certificateId This property is required. string
The OCID of the SSL certificate to use if HTTPS is supported.
cipherGroup This property is required. string
The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
clientAddressHeader This property is required. string
Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
healthChecks This property is required. GetWaasPolicyPolicyConfigHealthChecks
Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
isBehindCdn This property is required. boolean
Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
isCacheControlRespected This property is required. boolean
Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
isHttpsEnabled This property is required. boolean
Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
isHttpsForced This property is required. boolean
Force HTTP to HTTPS redirection. If unspecified, defaults to false.
isOriginCompressionEnabled This property is required. boolean
Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
isResponseBufferingEnabled This property is required. boolean
Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
isSniEnabled This property is required. boolean
SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
loadBalancingMethod This property is required. GetWaasPolicyPolicyConfigLoadBalancingMethod
An object that represents a load balancing method and its properties.
tlsProtocols This property is required. string[]
A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.
  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.
websocketPathPrefixes This property is required. string[]
ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
certificate_id This property is required. str
The OCID of the SSL certificate to use if HTTPS is supported.
cipher_group This property is required. str
The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
client_address_header This property is required. str
Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
health_checks This property is required. waas.GetWaasPolicyPolicyConfigHealthChecks
Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
is_behind_cdn This property is required. bool
Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
is_cache_control_respected This property is required. bool
Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
is_https_enabled This property is required. bool
Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
is_https_forced This property is required. bool
Force HTTP to HTTPS redirection. If unspecified, defaults to false.
is_origin_compression_enabled This property is required. bool
Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
is_response_buffering_enabled This property is required. bool
Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
is_sni_enabled This property is required. bool
SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
load_balancing_method This property is required. waas.GetWaasPolicyPolicyConfigLoadBalancingMethod
An object that represents a load balancing method and its properties.
tls_protocols This property is required. Sequence[str]
A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.
  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.
websocket_path_prefixes This property is required. Sequence[str]
ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.
certificateId This property is required. String
The OCID of the SSL certificate to use if HTTPS is supported.
cipherGroup This property is required. String
The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
clientAddressHeader This property is required. String
Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if isBehindCdn is enabled.
healthChecks This property is required. Property Map
Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
isBehindCdn This property is required. Boolean
Enabling isBehindCdn allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.
isCacheControlRespected This property is required. Boolean
Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching is usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.
isHttpsEnabled This property is required. Boolean
Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.
isHttpsForced This property is required. Boolean
Force HTTP to HTTPS redirection. If unspecified, defaults to false.
isOriginCompressionEnabled This property is required. Boolean
Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise, the empty Accept-Encoding: header is used.
isResponseBufferingEnabled This property is required. Boolean
Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
isSniEnabled This property is required. Boolean
SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
loadBalancingMethod This property is required. Property Map
An object that represents a load balancing method and its properties.
tlsProtocols This property is required. List<String>
A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.
  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.
websocketPathPrefixes This property is required. List<String>
ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of websocketPathPrefixes array value. In All other cases challenges, like JSC, HIC and etc., remain active.

GetWaasPolicyPolicyConfigHealthChecks

ExpectedResponseCodeGroups This property is required. List<string>
The HTTP response codes that signify a healthy state.

  • 2XX: Success response code group.
  • 3XX: Redirection response code group.
  • 4XX: Client errors response code group.
  • 5XX: Server errors response code group.
ExpectedResponseText This property is required. string
Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
Headers This property is required. Dictionary<string, string>
HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
HealthyThreshold This property is required. int
Number of successful health checks after which the server is marked up.
IntervalInSeconds This property is required. int
Time between health checks of an individual origin server, in seconds.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
IsResponseTextCheckEnabled This property is required. bool
Enables or disables additional check for predefined text in addition to response code.
Method This property is required. string
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
Path This property is required. string
Path to visit on your origins when performing the health check.
TimeoutInSeconds This property is required. int
Response timeout represents wait time until request is considered failed, in seconds.
UnhealthyThreshold This property is required. int
Number of failed health checks after which the server is marked down.
ExpectedResponseCodeGroups This property is required. []string
The HTTP response codes that signify a healthy state.

  • 2XX: Success response code group.
  • 3XX: Redirection response code group.
  • 4XX: Client errors response code group.
  • 5XX: Server errors response code group.
ExpectedResponseText This property is required. string
Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
Headers This property is required. map[string]string
HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
HealthyThreshold This property is required. int
Number of successful health checks after which the server is marked up.
IntervalInSeconds This property is required. int
Time between health checks of an individual origin server, in seconds.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
IsResponseTextCheckEnabled This property is required. bool
Enables or disables additional check for predefined text in addition to response code.
Method This property is required. string
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
Path This property is required. string
Path to visit on your origins when performing the health check.
TimeoutInSeconds This property is required. int
Response timeout represents wait time until request is considered failed, in seconds.
UnhealthyThreshold This property is required. int
Number of failed health checks after which the server is marked down.
expectedResponseCodeGroups This property is required. List<String>
The HTTP response codes that signify a healthy state.

  • 2XX: Success response code group.
  • 3XX: Redirection response code group.
  • 4XX: Client errors response code group.
  • 5XX: Server errors response code group.
expectedResponseText This property is required. String
Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
headers This property is required. Map<String,String>
HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
healthyThreshold This property is required. Integer
Number of successful health checks after which the server is marked up.
intervalInSeconds This property is required. Integer
Time between health checks of an individual origin server, in seconds.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isResponseTextCheckEnabled This property is required. Boolean
Enables or disables additional check for predefined text in addition to response code.
method This property is required. String
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
path This property is required. String
Path to visit on your origins when performing the health check.
timeoutInSeconds This property is required. Integer
Response timeout represents wait time until request is considered failed, in seconds.
unhealthyThreshold This property is required. Integer
Number of failed health checks after which the server is marked down.
expectedResponseCodeGroups This property is required. string[]
The HTTP response codes that signify a healthy state.

  • 2XX: Success response code group.
  • 3XX: Redirection response code group.
  • 4XX: Client errors response code group.
  • 5XX: Server errors response code group.
expectedResponseText This property is required. string
Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
headers This property is required. {[key: string]: string}
HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
healthyThreshold This property is required. number
Number of successful health checks after which the server is marked up.
intervalInSeconds This property is required. number
Time between health checks of an individual origin server, in seconds.
isEnabled This property is required. boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isResponseTextCheckEnabled This property is required. boolean
Enables or disables additional check for predefined text in addition to response code.
method This property is required. string
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
path This property is required. string
Path to visit on your origins when performing the health check.
timeoutInSeconds This property is required. number
Response timeout represents wait time until request is considered failed, in seconds.
unhealthyThreshold This property is required. number
Number of failed health checks after which the server is marked down.
expected_response_code_groups This property is required. Sequence[str]
The HTTP response codes that signify a healthy state.

  • 2XX: Success response code group.
  • 3XX: Redirection response code group.
  • 4XX: Client errors response code group.
  • 5XX: Server errors response code group.
expected_response_text This property is required. str
Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
headers This property is required. Mapping[str, str]
HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
healthy_threshold This property is required. int
Number of successful health checks after which the server is marked up.
interval_in_seconds This property is required. int
Time between health checks of an individual origin server, in seconds.
is_enabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
is_response_text_check_enabled This property is required. bool
Enables or disables additional check for predefined text in addition to response code.
method This property is required. str
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
path This property is required. str
Path to visit on your origins when performing the health check.
timeout_in_seconds This property is required. int
Response timeout represents wait time until request is considered failed, in seconds.
unhealthy_threshold This property is required. int
Number of failed health checks after which the server is marked down.
expectedResponseCodeGroups This property is required. List<String>
The HTTP response codes that signify a healthy state.

  • 2XX: Success response code group.
  • 3XX: Redirection response code group.
  • 4XX: Client errors response code group.
  • 5XX: Server errors response code group.
expectedResponseText This property is required. String
Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
headers This property is required. Map<String>
HTTP header fields to include in health check requests, expressed as "name": "value" properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks".
healthyThreshold This property is required. Number
Number of successful health checks after which the server is marked up.
intervalInSeconds This property is required. Number
Time between health checks of an individual origin server, in seconds.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isResponseTextCheckEnabled This property is required. Boolean
Enables or disables additional check for predefined text in addition to response code.
method This property is required. String
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
path This property is required. String
Path to visit on your origins when performing the health check.
timeoutInSeconds This property is required. Number
Response timeout represents wait time until request is considered failed, in seconds.
unhealthyThreshold This property is required. Number
Number of failed health checks after which the server is marked down.

GetWaasPolicyPolicyConfigLoadBalancingMethod

Domain This property is required. string
The domain for which the cookie is set, defaults to WAAS policy domain.
ExpirationTimeInSeconds This property is required. int
The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
Method This property is required. string
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
Name This property is required. string
The unique name of the whitelist.
Domain This property is required. string
The domain for which the cookie is set, defaults to WAAS policy domain.
ExpirationTimeInSeconds This property is required. int
The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
Method This property is required. string
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
Name This property is required. string
The unique name of the whitelist.
domain This property is required. String
The domain for which the cookie is set, defaults to WAAS policy domain.
expirationTimeInSeconds This property is required. Integer
The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
method This property is required. String
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
name This property is required. String
The unique name of the whitelist.
domain This property is required. string
The domain for which the cookie is set, defaults to WAAS policy domain.
expirationTimeInSeconds This property is required. number
The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
method This property is required. string
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
name This property is required. string
The unique name of the whitelist.
domain This property is required. str
The domain for which the cookie is set, defaults to WAAS policy domain.
expiration_time_in_seconds This property is required. int
The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
method This property is required. str
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
name This property is required. str
The unique name of the whitelist.
domain This property is required. String
The domain for which the cookie is set, defaults to WAAS policy domain.
expirationTimeInSeconds This property is required. Number
The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
method This property is required. String
Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.

  • IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
  • ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
  • STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
name This property is required. String
The unique name of the whitelist.

GetWaasPolicyWafConfig

AccessRules This property is required. List<GetWaasPolicyWafConfigAccessRule>
The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
AddressRateLimiting This property is required. GetWaasPolicyWafConfigAddressRateLimiting
The IP address rate limiting settings used to limit the number of requests from an address.
CachingRules This property is required. List<GetWaasPolicyWafConfigCachingRule>
A list of caching rules applied to the web application.
Captchas This property is required. List<GetWaasPolicyWafConfigCaptcha>
A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
CustomProtectionRules This property is required. List<GetWaasPolicyWafConfigCustomProtectionRule>
A list of the custom protection rule OCIDs and their actions.
DeviceFingerprintChallenge This property is required. GetWaasPolicyWafConfigDeviceFingerprintChallenge
The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
HumanInteractionChallenge This property is required. GetWaasPolicyWafConfigHumanInteractionChallenge
The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
JsChallenge This property is required. GetWaasPolicyWafConfigJsChallenge
The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
Origin This property is required. string
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
OriginGroups This property is required. List<string>
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
ProtectionSettings This property is required. GetWaasPolicyWafConfigProtectionSettings
The settings to apply to protection rules.
Whitelists This property is required. List<GetWaasPolicyWafConfigWhitelist>
A list of IP addresses that bypass the Web Application Firewall.
AccessRules This property is required. []GetWaasPolicyWafConfigAccessRule
The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
AddressRateLimiting This property is required. GetWaasPolicyWafConfigAddressRateLimiting
The IP address rate limiting settings used to limit the number of requests from an address.
CachingRules This property is required. []GetWaasPolicyWafConfigCachingRule
A list of caching rules applied to the web application.
Captchas This property is required. []GetWaasPolicyWafConfigCaptcha
A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
CustomProtectionRules This property is required. []GetWaasPolicyWafConfigCustomProtectionRule
A list of the custom protection rule OCIDs and their actions.
DeviceFingerprintChallenge This property is required. GetWaasPolicyWafConfigDeviceFingerprintChallenge
The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
HumanInteractionChallenge This property is required. GetWaasPolicyWafConfigHumanInteractionChallenge
The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
JsChallenge This property is required. GetWaasPolicyWafConfigJsChallenge
The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
Origin This property is required. string
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
OriginGroups This property is required. []string
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
ProtectionSettings This property is required. GetWaasPolicyWafConfigProtectionSettings
The settings to apply to protection rules.
Whitelists This property is required. []GetWaasPolicyWafConfigWhitelist
A list of IP addresses that bypass the Web Application Firewall.
accessRules This property is required. List<GetPolicyWafConfigAccessRule>
The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
addressRateLimiting This property is required. GetPolicyWafConfigAddressRateLimiting
The IP address rate limiting settings used to limit the number of requests from an address.
cachingRules This property is required. List<GetPolicyWafConfigCachingRule>
A list of caching rules applied to the web application.
captchas This property is required. List<GetPolicyWafConfigCaptcha>
A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
customProtectionRules This property is required. List<GetPolicyWafConfigCustomProtectionRule>
A list of the custom protection rule OCIDs and their actions.
deviceFingerprintChallenge This property is required. GetPolicyWafConfigDeviceFingerprintChallenge
The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
humanInteractionChallenge This property is required. GetPolicyWafConfigHumanInteractionChallenge
The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
jsChallenge This property is required. GetPolicyWafConfigJsChallenge
The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin This property is required. String
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
originGroups This property is required. List<String>
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protectionSettings This property is required. GetPolicyWafConfigProtectionSettings
The settings to apply to protection rules.
whitelists This property is required. List<GetPolicyWafConfigWhitelist>
A list of IP addresses that bypass the Web Application Firewall.
accessRules This property is required. GetWaasPolicyWafConfigAccessRule[]
The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
addressRateLimiting This property is required. GetWaasPolicyWafConfigAddressRateLimiting
The IP address rate limiting settings used to limit the number of requests from an address.
cachingRules This property is required. GetWaasPolicyWafConfigCachingRule[]
A list of caching rules applied to the web application.
captchas This property is required. GetWaasPolicyWafConfigCaptcha[]
A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
customProtectionRules This property is required. GetWaasPolicyWafConfigCustomProtectionRule[]
A list of the custom protection rule OCIDs and their actions.
deviceFingerprintChallenge This property is required. GetWaasPolicyWafConfigDeviceFingerprintChallenge
The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
humanInteractionChallenge This property is required. GetWaasPolicyWafConfigHumanInteractionChallenge
The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
jsChallenge This property is required. GetWaasPolicyWafConfigJsChallenge
The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin This property is required. string
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
originGroups This property is required. string[]
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protectionSettings This property is required. GetWaasPolicyWafConfigProtectionSettings
The settings to apply to protection rules.
whitelists This property is required. GetWaasPolicyWafConfigWhitelist[]
A list of IP addresses that bypass the Web Application Firewall.
access_rules This property is required. Sequence[waas.GetWaasPolicyWafConfigAccessRule]
The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
address_rate_limiting This property is required. waas.GetWaasPolicyWafConfigAddressRateLimiting
The IP address rate limiting settings used to limit the number of requests from an address.
caching_rules This property is required. Sequence[waas.GetWaasPolicyWafConfigCachingRule]
A list of caching rules applied to the web application.
captchas This property is required. Sequence[waas.GetWaasPolicyWafConfigCaptcha]
A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
custom_protection_rules This property is required. Sequence[waas.GetWaasPolicyWafConfigCustomProtectionRule]
A list of the custom protection rule OCIDs and their actions.
device_fingerprint_challenge This property is required. waas.GetWaasPolicyWafConfigDeviceFingerprintChallenge
The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
human_interaction_challenge This property is required. waas.GetWaasPolicyWafConfigHumanInteractionChallenge
The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
js_challenge This property is required. waas.GetWaasPolicyWafConfigJsChallenge
The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin This property is required. str
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
origin_groups This property is required. Sequence[str]
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protection_settings This property is required. waas.GetWaasPolicyWafConfigProtectionSettings
The settings to apply to protection rules.
whitelists This property is required. Sequence[waas.GetWaasPolicyWafConfigWhitelist]
A list of IP addresses that bypass the Web Application Firewall.
accessRules This property is required. List<Property Map>
The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of ALLOW, DETECT, and BLOCK rules, based on different criteria.
addressRateLimiting This property is required. Property Map
The IP address rate limiting settings used to limit the number of requests from an address.
cachingRules This property is required. List<Property Map>
A list of caching rules applied to the web application.
captchas This property is required. List<Property Map>
A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
customProtectionRules This property is required. List<Property Map>
A list of the custom protection rule OCIDs and their actions.
deviceFingerprintChallenge This property is required. Property Map
The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
humanInteractionChallenge This property is required. Property Map
The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
jsChallenge This property is required. Property Map
The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
origin This property is required. String
The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in Origins. Required when creating the WafConfig resource, but not on update.
originGroups This property is required. List<String>
The map of origin groups and their keys used to associate origins to the wafConfig. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the origins field of a UpdateWaasPolicy request.
protectionSettings This property is required. Property Map
The settings to apply to protection rules.
whitelists This property is required. List<Property Map>
A list of IP addresses that bypass the Web Application Firewall.

GetWaasPolicyWafConfigAccessRule

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
BypassChallenges This property is required. List<string>
The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

  • JS_CHALLENGE: Bypasses JavaScript Challenge.
  • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
  • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
  • CAPTCHA: Bypasses CAPTCHA Challenge.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
Criterias This property is required. List<GetWaasPolicyWafConfigAccessRuleCriteria>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
Name This property is required. string
The unique name of the whitelist.
RedirectResponseCode This property is required. string
The response status code to return when action is set to REDIRECT.

  • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
  • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
RedirectUrl This property is required. string
The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
ResponseHeaderManipulations This property is required. List<GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation>
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
BypassChallenges This property is required. []string
The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

  • JS_CHALLENGE: Bypasses JavaScript Challenge.
  • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
  • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
  • CAPTCHA: Bypasses CAPTCHA Challenge.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
Criterias This property is required. []GetWaasPolicyWafConfigAccessRuleCriteria
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
Name This property is required. string
The unique name of the whitelist.
RedirectResponseCode This property is required. string
The response status code to return when action is set to REDIRECT.

  • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
  • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
RedirectUrl This property is required. string
The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
ResponseHeaderManipulations This property is required. []GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Integer
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
bypassChallenges This property is required. List<String>
The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

  • JS_CHALLENGE: Bypasses JavaScript Challenge.
  • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
  • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
  • CAPTCHA: Bypasses CAPTCHA Challenge.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
criterias This property is required. List<GetPolicyWafConfigAccessRuleCriteria>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
name This property is required. String
The unique name of the whitelist.
redirectResponseCode This property is required. String
The response status code to return when action is set to REDIRECT.

  • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
  • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
redirectUrl This property is required. String
The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
responseHeaderManipulations This property is required. List<GetPolicyWafConfigAccessRuleResponseHeaderManipulation>
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
blockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
bypassChallenges This property is required. string[]
The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

  • JS_CHALLENGE: Bypasses JavaScript Challenge.
  • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
  • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
  • CAPTCHA: Bypasses CAPTCHA Challenge.
captchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
criterias This property is required. GetWaasPolicyWafConfigAccessRuleCriteria[]
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
name This property is required. string
The unique name of the whitelist.
redirectResponseCode This property is required. string
The response status code to return when action is set to REDIRECT.

  • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
  • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
redirectUrl This property is required. string
The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
responseHeaderManipulations This property is required. GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation[]
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
block_action This property is required. str
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code This property is required. str
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description This property is required. str
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message This property is required. str
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
bypass_challenges This property is required. Sequence[str]
The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

  • JS_CHALLENGE: Bypasses JavaScript Challenge.
  • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
  • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
  • CAPTCHA: Bypasses CAPTCHA Challenge.
captcha_footer This property is required. str
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header This property is required. str
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label This property is required. str
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title This property is required. str
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
criterias This property is required. Sequence[waas.GetWaasPolicyWafConfigAccessRuleCriteria]
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
name This property is required. str
The unique name of the whitelist.
redirect_response_code This property is required. str
The response status code to return when action is set to REDIRECT.

  • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
  • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
redirect_url This property is required. str
The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
response_header_manipulations This property is required. Sequence[waas.GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation]
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
bypassChallenges This property is required. List<String>
The list of challenges to bypass when action is set to BYPASS. If unspecified or empty, all challenges are bypassed.

  • JS_CHALLENGE: Bypasses JavaScript Challenge.
  • DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
  • HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
  • CAPTCHA: Bypasses CAPTCHA Challenge.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
criterias This property is required. List<Property Map>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
name This property is required. String
The unique name of the whitelist.
redirectResponseCode This property is required. String
The response status code to return when action is set to REDIRECT.

  • MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
  • FOUND: Used for designating the temporary movement of a page (numerical code - 302).
redirectUrl This property is required. String
The target to which the request should be redirected, represented as a URI reference. Required when action is REDIRECT.
responseHeaderManipulations This property is required. List<Property Map>
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of action value.

GetWaasPolicyWafConfigAccessRuleCriteria

Condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
IsCaseSensitive This property is required. bool
When enabled, the condition will be matched with case-sensitive rules.
Value This property is required. string
The value of the header.
Condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
IsCaseSensitive This property is required. bool
When enabled, the condition will be matched with case-sensitive rules.
Value This property is required. string
The value of the header.
condition This property is required. String
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
isCaseSensitive This property is required. Boolean
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. String
The value of the header.
condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
isCaseSensitive This property is required. boolean
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. string
The value of the header.
condition This property is required. str
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
is_case_sensitive This property is required. bool
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. str
The value of the header.
condition This property is required. String
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
isCaseSensitive This property is required. Boolean
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. String
The value of the header.

GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Header This property is required. string
A header field name that conforms to RFC 7230. Example: example_header_name
Value This property is required. string
The value of the header.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Header This property is required. string
A header field name that conforms to RFC 7230. Example: example_header_name
Value This property is required. string
The value of the header.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header This property is required. String
A header field name that conforms to RFC 7230. Example: example_header_name
value This property is required. String
The value of the header.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header This property is required. string
A header field name that conforms to RFC 7230. Example: example_header_name
value This property is required. string
The value of the header.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header This property is required. str
A header field name that conforms to RFC 7230. Example: example_header_name
value This property is required. str
The value of the header.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
header This property is required. String
A header field name that conforms to RFC 7230. Example: example_header_name
value This property is required. String
The value of the header.

GetWaasPolicyWafConfigAddressRateLimiting

AllowedRatePerAddress This property is required. int
The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxDelayedCountPerAddress This property is required. int
The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
AllowedRatePerAddress This property is required. int
The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxDelayedCountPerAddress This property is required. int
The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
allowedRatePerAddress This property is required. Integer
The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
blockResponseCode This property is required. Integer
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
maxDelayedCountPerAddress This property is required. Integer
The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
allowedRatePerAddress This property is required. number
The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
blockResponseCode This property is required. number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isEnabled This property is required. boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
maxDelayedCountPerAddress This property is required. number
The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
allowed_rate_per_address This property is required. int
The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
block_response_code This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
is_enabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
max_delayed_count_per_address This property is required. int
The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.
allowedRatePerAddress This property is required. Number
The number of allowed requests per second from one IP address. If unspecified, defaults to 1.
blockResponseCode This property is required. Number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
maxDelayedCountPerAddress This property is required. Number
The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to 10.

GetWaasPolicyWafConfigCachingRule

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
CachingDuration This property is required. string
The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
ClientCachingDuration This property is required. string
The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
Criterias This property is required. List<GetWaasPolicyWafConfigCachingRuleCriteria>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
IsClientCachingEnabled This property is required. bool
Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
Key This property is required. string
The unique key for the caching rule.
Name This property is required. string
The unique name of the whitelist.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
CachingDuration This property is required. string
The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
ClientCachingDuration This property is required. string
The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
Criterias This property is required. []GetWaasPolicyWafConfigCachingRuleCriteria
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
IsClientCachingEnabled This property is required. bool
Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
Key This property is required. string
The unique key for the caching rule.
Name This property is required. string
The unique name of the whitelist.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
cachingDuration This property is required. String
The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
clientCachingDuration This property is required. String
The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias This property is required. List<GetPolicyWafConfigCachingRuleCriteria>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
isClientCachingEnabled This property is required. Boolean
Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key This property is required. String
The unique key for the caching rule.
name This property is required. String
The unique name of the whitelist.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
cachingDuration This property is required. string
The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
clientCachingDuration This property is required. string
The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias This property is required. GetWaasPolicyWafConfigCachingRuleCriteria[]
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
isClientCachingEnabled This property is required. boolean
Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key This property is required. string
The unique key for the caching rule.
name This property is required. string
The unique name of the whitelist.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
caching_duration This property is required. str
The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
client_caching_duration This property is required. str
The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias This property is required. Sequence[waas.GetWaasPolicyWafConfigCachingRuleCriteria]
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
is_client_caching_enabled This property is required. bool
Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key This property is required. str
The unique key for the caching rule.
name This property is required. str
The unique name of the whitelist.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
cachingDuration This property is required. String
The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
clientCachingDuration This property is required. String
The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is 99. Mixing of multiple units is not supported. Only applies when the action is set to CACHE. Example: PT1H
criterias This property is required. List<Property Map>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
isClientCachingEnabled This property is required. Boolean
Enables or disables client caching. Browsers use the Cache-Control header value for caching content locally in the browser. This setting overrides the addition of a Cache-Control header in responses.
key This property is required. String
The unique key for the caching rule.
name This property is required. String
The unique name of the whitelist.

GetWaasPolicyWafConfigCachingRuleCriteria

Condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
Value This property is required. string
The value of the header.
Condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
Value This property is required. string
The value of the header.
condition This property is required. String
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
value This property is required. String
The value of the header.
condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
value This property is required. string
The value of the header.
condition This property is required. str
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
value This property is required. str
The value of the header.
condition This property is required. String
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
value This property is required. String
The value of the header.

GetWaasPolicyWafConfigCaptcha

FailureMessage This property is required. string
The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
FooterText This property is required. string
The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
HeaderText This property is required. string
The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
SessionExpirationInSeconds This property is required. int
The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
SubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
Title This property is required. string
The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
Url This property is required. string
The unique URL path at which to show the CAPTCHA challenge.
FailureMessage This property is required. string
The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
FooterText This property is required. string
The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
HeaderText This property is required. string
The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
SessionExpirationInSeconds This property is required. int
The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
SubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
Title This property is required. string
The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
Url This property is required. string
The unique URL path at which to show the CAPTCHA challenge.
failureMessage This property is required. String
The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footerText This property is required. String
The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
headerText This property is required. String
The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
sessionExpirationInSeconds This property is required. Integer
The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title This property is required. String
The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url This property is required. String
The unique URL path at which to show the CAPTCHA challenge.
failureMessage This property is required. string
The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footerText This property is required. string
The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
headerText This property is required. string
The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
sessionExpirationInSeconds This property is required. number
The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title This property is required. string
The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url This property is required. string
The unique URL path at which to show the CAPTCHA challenge.
failure_message This property is required. str
The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footer_text This property is required. str
The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
header_text This property is required. str
The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
session_expiration_in_seconds This property is required. int
The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submit_label This property is required. str
The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title This property is required. str
The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url This property is required. str
The unique URL path at which to show the CAPTCHA challenge.
failureMessage This property is required. String
The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to The CAPTCHA was incorrect. Try again.
footerText This property is required. String
The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
headerText This property is required. String
The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
sessionExpirationInSeconds This property is required. Number
The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to 300.
submitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to Yes, I am human.
title This property is required. String
The title used when displaying a CAPTCHA challenge. If unspecified, defaults to Are you human?
url This property is required. String
The unique URL path at which to show the CAPTCHA challenge.

GetWaasPolicyWafConfigCustomProtectionRule

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Exclusions This property is required. List<GetWaasPolicyWafConfigCustomProtectionRuleExclusion>
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Id This property is required. string
The OCID of the custom protection rule.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
Exclusions This property is required. []GetWaasPolicyWafConfigCustomProtectionRuleExclusion
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Id This property is required. string
The OCID of the custom protection rule.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions This property is required. List<GetPolicyWafConfigCustomProtectionRuleExclusion>
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id This property is required. String
The OCID of the custom protection rule.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions This property is required. GetWaasPolicyWafConfigCustomProtectionRuleExclusion[]
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id This property is required. string
The OCID of the custom protection rule.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions This property is required. Sequence[waas.GetWaasPolicyWafConfigCustomProtectionRuleExclusion]
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id This property is required. str
The OCID of the custom protection rule.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
exclusions This property is required. List<Property Map>
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
id This property is required. String
The OCID of the custom protection rule.

GetWaasPolicyWafConfigCustomProtectionRuleExclusion

Exclusions This property is required. List<string>
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Target This property is required. string
The target of the exclusion.
Exclusions This property is required. []string
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Target This property is required. string
The target of the exclusion.
exclusions This property is required. List<String>
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target This property is required. String
The target of the exclusion.
exclusions This property is required. string[]
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target This property is required. string
The target of the exclusion.
exclusions This property is required. Sequence[str]
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target This property is required. str
The target of the exclusion.
exclusions This property is required. List<String>
An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target This property is required. String
The target of the exclusion.

GetWaasPolicyWafConfigDeviceFingerprintChallenge

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings This property is required. GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
FailureThreshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds This property is required. int
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxAddressCount This property is required. int
The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
MaxAddressCountExpirationInSeconds This property is required. int
The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings This property is required. GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
FailureThreshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds This property is required. int
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
MaxAddressCount This property is required. int
The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
MaxAddressCountExpirationInSeconds This property is required. int
The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. Integer
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings This property is required. GetPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
failureThreshold This property is required. Integer
The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds This property is required. Integer
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
maxAddressCount This property is required. Integer
The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
maxAddressCountExpirationInSeconds This property is required. Integer
The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. number
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings This property is required. GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
failureThreshold This property is required. number
The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds This property is required. number
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
isEnabled This property is required. boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
maxAddressCount This property is required. number
The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
maxAddressCountExpirationInSeconds This property is required. number
The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
action_expiration_in_seconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challenge_settings This property is required. waas.GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
failure_threshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
failure_threshold_expiration_in_seconds This property is required. int
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
is_enabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
max_address_count This property is required. int
The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
max_address_count_expiration_in_seconds This property is required. int
The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. Number
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings This property is required. Property Map
The challenge settings if action is set to BLOCK.
failureThreshold This property is required. Number
The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds This property is required. Number
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
maxAddressCount This property is required. Number
The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to 20.
maxAddressCountExpirationInSeconds This property is required. Number
The number of seconds before the maximum addresses count resets. If unspecified, defaults to 60.

GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings

BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Integer
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
block_action This property is required. str
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code This property is required. str
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description This property is required. str
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message This property is required. str
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captcha_footer This property is required. str
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header This property is required. str
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label This property is required. str
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title This property is required. str
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

GetWaasPolicyWafConfigHumanInteractionChallenge

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings This property is required. GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
FailureThreshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds This property is required. int
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
InteractionThreshold This property is required. int
The number of interactions required to pass the challenge. If unspecified, defaults to 3.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled This property is required. bool
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
RecordingPeriodInSeconds This property is required. int
The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
SetHttpHeader This property is required. GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
ChallengeSettings This property is required. GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
FailureThreshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
FailureThresholdExpirationInSeconds This property is required. int
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
InteractionThreshold This property is required. int
The number of interactions required to pass the challenge. If unspecified, defaults to 3.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled This property is required. bool
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
RecordingPeriodInSeconds This property is required. int
The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
SetHttpHeader This property is required. GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. Integer
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings This property is required. GetPolicyWafConfigHumanInteractionChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
failureThreshold This property is required. Integer
The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds This property is required. Integer
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interactionThreshold This property is required. Integer
The number of interactions required to pass the challenge. If unspecified, defaults to 3.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled This property is required. Boolean
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recordingPeriodInSeconds This property is required. Integer
The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
setHttpHeader This property is required. GetPolicyWafConfigHumanInteractionChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. number
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings This property is required. GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
failureThreshold This property is required. number
The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds This property is required. number
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interactionThreshold This property is required. number
The number of interactions required to pass the challenge. If unspecified, defaults to 3.
isEnabled This property is required. boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled This property is required. boolean
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recordingPeriodInSeconds This property is required. number
The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
setHttpHeader This property is required. GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
action_expiration_in_seconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challenge_settings This property is required. waas.GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
failure_threshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
failure_threshold_expiration_in_seconds This property is required. int
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interaction_threshold This property is required. int
The number of interactions required to pass the challenge. If unspecified, defaults to 3.
is_enabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
is_nat_enabled This property is required. bool
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recording_period_in_seconds This property is required. int
The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
set_http_header This property is required. waas.GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. Number
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
challengeSettings This property is required. Property Map
The challenge settings if action is set to BLOCK.
failureThreshold This property is required. Number
The number of failed requests before taking action. If unspecified, defaults to 10.
failureThresholdExpirationInSeconds This property is required. Number
The number of seconds before the failure threshold resets. If unspecified, defaults to 60.
interactionThreshold This property is required. Number
The number of interactions required to pass the challenge. If unspecified, defaults to 3.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled This property is required. Boolean
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
recordingPeriodInSeconds This property is required. Number
The number of seconds to record the interactions from the user. If unspecified, defaults to 15.
setHttpHeader This property is required. Property Map
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings

BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Integer
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
block_action This property is required. str
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code This property is required. str
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description This property is required. str
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message This property is required. str
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captcha_footer This property is required. str
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header This property is required. str
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label This property is required. str
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title This property is required. str
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader

Name This property is required. string
The unique name of the whitelist.
Value This property is required. string
The value of the header.
Name This property is required. string
The unique name of the whitelist.
Value This property is required. string
The value of the header.
name This property is required. String
The unique name of the whitelist.
value This property is required. String
The value of the header.
name This property is required. string
The unique name of the whitelist.
value This property is required. string
The value of the header.
name This property is required. str
The unique name of the whitelist.
value This property is required. str
The value of the header.
name This property is required. String
The unique name of the whitelist.
value This property is required. String
The value of the header.

GetWaasPolicyWafConfigJsChallenge

Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
AreRedirectsChallenged This property is required. bool
When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
ChallengeSettings This property is required. GetWaasPolicyWafConfigJsChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
Criterias This property is required. List<GetWaasPolicyWafConfigJsChallengeCriteria>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
FailureThreshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled This property is required. bool
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
SetHttpHeader This property is required. GetWaasPolicyWafConfigJsChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
Action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
ActionExpirationInSeconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
AreRedirectsChallenged This property is required. bool
When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
ChallengeSettings This property is required. GetWaasPolicyWafConfigJsChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
Criterias This property is required. []GetWaasPolicyWafConfigJsChallengeCriteria
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
FailureThreshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
IsEnabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
IsNatEnabled This property is required. bool
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
SetHttpHeader This property is required. GetWaasPolicyWafConfigJsChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. Integer
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
areRedirectsChallenged This property is required. Boolean
When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challengeSettings This property is required. GetPolicyWafConfigJsChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
criterias This property is required. List<GetPolicyWafConfigJsChallengeCriteria>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failureThreshold This property is required. Integer
The number of failed requests before taking action. If unspecified, defaults to 10.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled This property is required. Boolean
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
setHttpHeader This property is required. GetPolicyWafConfigJsChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. string
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. number
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
areRedirectsChallenged This property is required. boolean
When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challengeSettings This property is required. GetWaasPolicyWafConfigJsChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
criterias This property is required. GetWaasPolicyWafConfigJsChallengeCriteria[]
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failureThreshold This property is required. number
The number of failed requests before taking action. If unspecified, defaults to 10.
isEnabled This property is required. boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled This property is required. boolean
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
setHttpHeader This property is required. GetWaasPolicyWafConfigJsChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. str
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
action_expiration_in_seconds This property is required. int
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
are_redirects_challenged This property is required. bool
When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challenge_settings This property is required. waas.GetWaasPolicyWafConfigJsChallengeChallengeSettings
The challenge settings if action is set to BLOCK.
criterias This property is required. Sequence[waas.GetWaasPolicyWafConfigJsChallengeCriteria]
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failure_threshold This property is required. int
The number of failed requests before taking action. If unspecified, defaults to 10.
is_enabled This property is required. bool
Enables or disables the JavaScript challenge Web Application Firewall feature.
is_nat_enabled This property is required. bool
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
set_http_header This property is required. waas.GetWaasPolicyWafConfigJsChallengeSetHttpHeader
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.
action This property is required. String
The action to take against requests from detected bots. If unspecified, defaults to DETECT.
actionExpirationInSeconds This property is required. Number
The number of seconds between challenges from the same IP address. If unspecified, defaults to 60.
areRedirectsChallenged This property is required. Boolean
When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
challengeSettings This property is required. Property Map
The challenge settings if action is set to BLOCK.
criterias This property is required. List<Property Map>
When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
failureThreshold This property is required. Number
The number of failed requests before taking action. If unspecified, defaults to 10.
isEnabled This property is required. Boolean
Enables or disables the JavaScript challenge Web Application Firewall feature.
isNatEnabled This property is required. Boolean
When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
setHttpHeader This property is required. Property Map
Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the action is set to DETECT.

GetWaasPolicyWafConfigJsChallengeChallengeSettings

BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
CaptchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
CaptchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
CaptchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
CaptchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Integer
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. string
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. string
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. string
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. string
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
block_action This property is required. str
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code This property is required. str
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description This property is required. str
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message This property is required. str
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captcha_footer This property is required. str
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captcha_header This property is required. str
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captcha_submit_label This property is required. str
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captcha_title This property is required. str
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
captchaFooter This property is required. String
The text to show in the footer when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, default to Enter the letters and numbers as they are shown in image above.
captchaHeader This property is required. String
The text to show in the header when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
captchaSubmitLabel This property is required. String
The text to show on the label of the CAPTCHA challenge submit button when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Yes, I am human.
captchaTitle This property is required. String
The title used when showing a CAPTCHA challenge when action is set to BLOCK, blockAction is set to SHOW_CAPTCHA, and the request is blocked. If unspecified, defaults to Are you human?

GetWaasPolicyWafConfigJsChallengeCriteria

Condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
IsCaseSensitive This property is required. bool
When enabled, the condition will be matched with case-sensitive rules.
Value This property is required. string
The value of the header.
Condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
IsCaseSensitive This property is required. bool
When enabled, the condition will be matched with case-sensitive rules.
Value This property is required. string
The value of the header.
condition This property is required. String
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
isCaseSensitive This property is required. Boolean
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. String
The value of the header.
condition This property is required. string
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
isCaseSensitive This property is required. boolean
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. string
The value of the header.
condition This property is required. str
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
is_case_sensitive This property is required. bool
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. str
The value of the header.
condition This property is required. String
The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.

  • URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
  • URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the value field. URL must start with a /.
  • URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the value field. URL must start with a /.
  • URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the value field.
  • URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the value field.
  • URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
  • URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the value field.
  • URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the value field.
  • URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the value field.
  • IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The value in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30"
  • IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The value in this case is OCID of the address list.
  • IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The value field in this case is OCID of the address list.
  • HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. host:test.example.com is an example of a criteria value where host is the header field name and test.example.com is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value of host:test.example.com, where host is the name of the field and test.example.com is the value of the host field, a request with the header values, Host: www.test.example.com will match, where as a request with header values of host: www.example.com or host: test.sub.example.com will not match.
  • HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The value in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
isCaseSensitive This property is required. Boolean
When enabled, the condition will be matched with case-sensitive rules.
value This property is required. String
The value of the header.

GetWaasPolicyWafConfigJsChallengeSetHttpHeader

Name This property is required. string
The unique name of the whitelist.
Value This property is required. string
The value of the header.
Name This property is required. string
The unique name of the whitelist.
Value This property is required. string
The value of the header.
name This property is required. String
The unique name of the whitelist.
value This property is required. String
The value of the header.
name This property is required. string
The unique name of the whitelist.
value This property is required. string
The value of the header.
name This property is required. str
The unique name of the whitelist.
value This property is required. str
The value of the header.
name This property is required. String
The unique name of the whitelist.
value This property is required. String
The value of the header.

GetWaasPolicyWafConfigProtectionSettings

AllowedHttpMethods This property is required. List<string>
The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsResponseInspected This property is required. bool
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
MaxArgumentCount This property is required. int
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
MaxNameLengthPerArgument This property is required. int
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
MaxResponseSizeInKiB This property is required. int
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
MaxTotalNameLengthOfArguments This property is required. int
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
MediaTypes This property is required. List<string>
The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
RecommendationsPeriodInDays This property is required. int
The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
AllowedHttpMethods This property is required. []string
The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
BlockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
BlockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
BlockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
BlockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
BlockResponseCode This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
IsResponseInspected This property is required. bool
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
MaxArgumentCount This property is required. int
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
MaxNameLengthPerArgument This property is required. int
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
MaxResponseSizeInKiB This property is required. int
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
MaxTotalNameLengthOfArguments This property is required. int
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
MediaTypes This property is required. []string
The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
RecommendationsPeriodInDays This property is required. int
The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
allowedHttpMethods This property is required. List<String>
The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Integer
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isResponseInspected This property is required. Boolean
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
maxArgumentCount This property is required. Integer
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
maxNameLengthPerArgument This property is required. Integer
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
maxResponseSizeInKiB This property is required. Integer
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
maxTotalNameLengthOfArguments This property is required. Integer
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
mediaTypes This property is required. List<String>
The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendationsPeriodInDays This property is required. Integer
The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
allowedHttpMethods This property is required. string[]
The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
blockAction This property is required. string
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. string
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. string
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. string
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isResponseInspected This property is required. boolean
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
maxArgumentCount This property is required. number
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
maxNameLengthPerArgument This property is required. number
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
maxResponseSizeInKiB This property is required. number
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
maxTotalNameLengthOfArguments This property is required. number
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
mediaTypes This property is required. string[]
The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendationsPeriodInDays This property is required. number
The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
allowed_http_methods This property is required. Sequence[str]
The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
block_action This property is required. str
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
block_error_page_code This property is required. str
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
block_error_page_description This property is required. str
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
block_error_page_message This property is required. str
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
block_response_code This property is required. int
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
is_response_inspected This property is required. bool
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
max_argument_count This property is required. int
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
max_name_length_per_argument This property is required. int
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
max_response_size_in_ki_b This property is required. int
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
max_total_name_length_of_arguments This property is required. int
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
media_types This property is required. Sequence[str]
The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendations_period_in_days This property is required. int
The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.
allowedHttpMethods This property is required. List<String>
The list of allowed HTTP methods. If unspecified, default to [OPTIONS, GET, HEAD, POST]. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100).
blockAction This property is required. String
If action is set to BLOCK, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to SET_RESPONSE_CODE.
blockErrorPageCode This property is required. String
The error code to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403.
blockErrorPageDescription This property is required. String
The description text to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to Access blocked by website owner. Please contact support.
blockErrorPageMessage This property is required. String
The message to show on the error page when action is set to BLOCK, blockAction is set to SHOW_ERROR_PAGE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'
blockResponseCode This property is required. Number
The response code returned when action is set to BLOCK, blockAction is set to SET_RESPONSE_CODE, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 403. The list of available response codes: 400, 401, 403, 405, 409, 411, 412, 413, 414, 415, 416, 500, 501, 502, 503, 504, 507.
isResponseInspected This property is required. Boolean
Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to false.
maxArgumentCount This property is required. Number
The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 255. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: If maxArgumentCount to 2 for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: GET /myapp/path?query=one&query=two&query=three POST /myapp/path with Body {"argument1":"one","argument2":"two","argument3":"three"}
maxNameLengthPerArgument This property is required. Number
The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 400. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208).
maxResponseSizeInKiB This property is required. Number
The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to 1024.
maxTotalNameLengthOfArguments This property is required. Number
The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to 64000. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341).
mediaTypes This property is required. List<String>
The list of media types to allow for inspection, if isResponseInspected is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to ["text/html", "text/plain", "text/xml"].
recommendationsPeriodInDays This property is required. Number
The length of time to analyze traffic traffic, in days. After the analysis period, WafRecommendations will be populated. If unspecified, defaults to 10.

GetWaasPolicyWafConfigWhitelist

AddressLists This property is required. List<string>
A list of OCID of IP address lists to include in the whitelist.
Addresses This property is required. List<string>
A set of IP addresses or CIDR notations to include in the whitelist.
Name This property is required. string
The unique name of the whitelist.
AddressLists This property is required. []string
A list of OCID of IP address lists to include in the whitelist.
Addresses This property is required. []string
A set of IP addresses or CIDR notations to include in the whitelist.
Name This property is required. string
The unique name of the whitelist.
addressLists This property is required. List<String>
A list of OCID of IP address lists to include in the whitelist.
addresses This property is required. List<String>
A set of IP addresses or CIDR notations to include in the whitelist.
name This property is required. String
The unique name of the whitelist.
addressLists This property is required. string[]
A list of OCID of IP address lists to include in the whitelist.
addresses This property is required. string[]
A set of IP addresses or CIDR notations to include in the whitelist.
name This property is required. string
The unique name of the whitelist.
address_lists This property is required. Sequence[str]
A list of OCID of IP address lists to include in the whitelist.
addresses This property is required. Sequence[str]
A set of IP addresses or CIDR notations to include in the whitelist.
name This property is required. str
The unique name of the whitelist.
addressLists This property is required. List<String>
A list of OCID of IP address lists to include in the whitelist.
addresses This property is required. List<String>
A set of IP addresses or CIDR notations to include in the whitelist.
name This property is required. String
The unique name of the whitelist.

Package Details

Repository
oci pulumi/pulumi-oci
License
Apache-2.0
Notes
This Pulumi package is based on the oci Terraform Provider.
Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi