Oracle Cloud Infrastructure v2.29.0 published on Wednesday, Apr 9, 2025 by Pulumi
oci.Waas.getWaasPolicy
Explore with Pulumi AI
This data source provides details about a specific Waas Policy resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.
Gets the details of a WAAS policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testWaasPolicy = oci.Waas.getWaasPolicy({
waasPolicyId: testWaasPolicyOciWaasWaasPolicy.id,
});
import pulumi
import pulumi_oci as oci
test_waas_policy = oci.Waas.get_waas_policy(waas_policy_id=test_waas_policy_oci_waas_waas_policy["id"])
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/waas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := waas.GetWaasPolicy(ctx, &waas.GetWaasPolicyArgs{
WaasPolicyId: testWaasPolicyOciWaasWaasPolicy.Id,
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testWaasPolicy = Oci.Waas.GetWaasPolicy.Invoke(new()
{
WaasPolicyId = testWaasPolicyOciWaasWaasPolicy.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.WaasFunctions;
import com.pulumi.oci.Waas.inputs.GetWaasPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var testWaasPolicy = WaasFunctions.getWaasPolicy(GetWaasPolicyArgs.builder()
.waasPolicyId(testWaasPolicyOciWaasWaasPolicy.id())
.build());
}
}
variables:
testWaasPolicy:
fn::invoke:
function: oci:Waas:getWaasPolicy
arguments:
waasPolicyId: ${testWaasPolicyOciWaasWaasPolicy.id}
Using getWaasPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getWaasPolicy(args: GetWaasPolicyArgs, opts?: InvokeOptions): Promise<GetWaasPolicyResult>
function getWaasPolicyOutput(args: GetWaasPolicyOutputArgs, opts?: InvokeOptions): Output<GetWaasPolicyResult>
def get_waas_policy(waas_policy_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetWaasPolicyResult
def get_waas_policy_output(waas_policy_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetWaasPolicyResult]
func GetWaasPolicy(ctx *Context, args *GetWaasPolicyArgs, opts ...InvokeOption) (*GetWaasPolicyResult, error)
func GetWaasPolicyOutput(ctx *Context, args *GetWaasPolicyOutputArgs, opts ...InvokeOption) GetWaasPolicyResultOutput
> Note: This function is named GetWaasPolicy
in the Go SDK.
public static class GetWaasPolicy
{
public static Task<GetWaasPolicyResult> InvokeAsync(GetWaasPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetWaasPolicyResult> Invoke(GetWaasPolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)
public static Output<GetWaasPolicyResult> getWaasPolicy(GetWaasPolicyArgs args, InvokeOptions options)
fn::invoke:
function: oci:Waas/getWaasPolicy:getWaasPolicy
arguments:
# arguments dictionary
The following arguments are supported:
- Waas
Policy Id This property is required. string - The OCID of the WAAS policy.
- Waas
Policy Id This property is required. string - The OCID of the WAAS policy.
- waas
Policy Id This property is required. String - The OCID of the WAAS policy.
- waas
Policy Id This property is required. string - The OCID of the WAAS policy.
- waas_
policy_ id This property is required. str - The OCID of the WAAS policy.
- waas
Policy Id This property is required. String - The OCID of the WAAS policy.
getWaasPolicy Result
The following output properties are available:
- Additional
Domains List<string> - An array of additional domains for this web application.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Compartment
Id string - The OCID of the WAAS policy's compartment.
- Dictionary<string, string>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- Domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Dictionary<string, string>
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Id string
- The provider-assigned unique ID for this managed resource.
- Origin
Groups List<GetWaas Policy Origin Group> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
List<Get
Waas Policy Origin> - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - Policy
Configs List<GetWaas Policy Policy Config> - The configuration details for the WAAS policy.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Waas
Policy stringId - Waf
Configs List<GetWaas Policy Waf Config> - The Web Application Firewall configuration for the WAAS policy.
- Additional
Domains []string - An array of additional domains for this web application.
- Cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- Compartment
Id string - The OCID of the WAAS policy's compartment.
- map[string]string
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Display
Name string - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- Domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- map[string]string
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Id string
- The provider-assigned unique ID for this managed resource.
- Origin
Groups []GetWaas Policy Origin Group - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Origins
[]Get
Waas Policy Origin - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - Policy
Configs []GetWaas Policy Policy Config - The configuration details for the WAAS policy.
- State string
- The current lifecycle state of the WAAS policy.
- Time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- Waas
Policy stringId - Waf
Configs []GetWaas Policy Waf Config - The Web Application Firewall configuration for the WAAS policy.
- additional
Domains List<String> - An array of additional domains for this web application.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id String - The OCID of the WAAS policy's compartment.
- Map<String,String>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain String
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Map<String,String>
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id String
- The provider-assigned unique ID for this managed resource.
- origin
Groups List<GetPolicy Origin Group> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
List<Get
Policy Origin> - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy
Configs List<GetPolicy Policy Config> - The configuration details for the WAAS policy.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waas
Policy StringId - waf
Configs List<GetPolicy Waf Config> - The Web Application Firewall configuration for the WAAS policy.
- additional
Domains string[] - An array of additional domains for this web application.
- cname string
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id string - The OCID of the WAAS policy's compartment.
- {[key: string]: string}
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name string - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain string
- The domain for which the cookie is set, defaults to WAAS policy domain.
- {[key: string]: string}
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id string
- The provider-assigned unique ID for this managed resource.
- origin
Groups GetWaas Policy Origin Group[] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Get
Waas Policy Origin[] - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy
Configs GetWaas Policy Policy Config[] - The configuration details for the WAAS policy.
- state string
- The current lifecycle state of the WAAS policy.
- time
Created string - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waas
Policy stringId - waf
Configs GetWaas Policy Waf Config[] - The Web Application Firewall configuration for the WAAS policy.
- additional_
domains Sequence[str] - An array of additional domains for this web application.
- cname str
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment_
id str - The OCID of the WAAS policy's compartment.
- Mapping[str, str]
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display_
name str - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain str
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Mapping[str, str]
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id str
- The provider-assigned unique ID for this managed resource.
- origin_
groups Sequence[waas.Get Waas Policy Origin Group] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins
Sequence[waas.
Get Waas Policy Origin] - A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy_
configs Sequence[waas.Get Waas Policy Policy Config] - The configuration details for the WAAS policy.
- state str
- The current lifecycle state of the WAAS policy.
- time_
created str - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waas_
policy_ strid - waf_
configs Sequence[waas.Get Waas Policy Waf Config] - The Web Application Firewall configuration for the WAAS policy.
- additional
Domains List<String> - An array of additional domains for this web application.
- cname String
- The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.
- compartment
Id String - The OCID of the WAAS policy's compartment.
- Map<String>
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- display
Name String - The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.
- domain String
- The domain for which the cookie is set, defaults to WAAS policy domain.
- Map<String>
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- id String
- The provider-assigned unique ID for this managed resource.
- origin
Groups List<Property Map> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - origins List<Property Map>
- A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. Examples:
primary
orsecondary
. - policy
Configs List<Property Map> - The configuration details for the WAAS policy.
- state String
- The current lifecycle state of the WAAS policy.
- time
Created String - The date and time the policy was created, expressed in RFC 3339 timestamp format.
- waas
Policy StringId - waf
Configs List<Property Map> - The Web Application Firewall configuration for the WAAS policy.
Supporting Types
GetWaasPolicyOrigin
- Custom
Headers This property is required. List<GetWaas Policy Origin Custom Header> - A list of HTTP headers to forward to your origin.
- Label
This property is required. string - Uri
This property is required. string - The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - Http
Port int - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - Https
Port int - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- Custom
Headers This property is required. []GetWaas Policy Origin Custom Header - A list of HTTP headers to forward to your origin.
- Label
This property is required. string - Uri
This property is required. string - The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - Http
Port int - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - Https
Port int - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- custom
Headers This property is required. List<GetPolicy Origin Custom Header> - A list of HTTP headers to forward to your origin.
- label
This property is required. String - uri
This property is required. String - The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - http
Port Integer - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port Integer - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- custom
Headers This property is required. GetWaas Policy Origin Custom Header[] - A list of HTTP headers to forward to your origin.
- label
This property is required. string - uri
This property is required. string - The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - http
Port number - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port number - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- custom_
headers This property is required. Sequence[waas.Get Waas Policy Origin Custom Header] - A list of HTTP headers to forward to your origin.
- label
This property is required. str - uri
This property is required. str - The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - http_
port int - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https_
port int - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
- custom
Headers This property is required. List<Property Map> - A list of HTTP headers to forward to your origin.
- label
This property is required. String - uri
This property is required. String - The URI of the origin. Does not support paths. Port numbers should be specified in the
httpPort
andhttpsPort
fields. - http
Port Number - The HTTP port on the origin that the web application listens on. If unspecified, defaults to
80
. If0
is specified - the origin is not used for HTTP traffic. - https
Port Number - The HTTPS port on the origin that the web application listens on. If unspecified, defaults to
443
. If0
is specified - the origin is not used for HTTPS traffic.
GetWaasPolicyOriginCustomHeader
GetWaasPolicyOriginGroup
- Label
This property is required. string - Origin
Groups This property is required. List<GetWaas Policy Origin Group Origin Group>
- Label
This property is required. string - Origin
Groups This property is required. []GetWaas Policy Origin Group Origin Group
- label
This property is required. String - origin
Groups This property is required. List<GetPolicy Origin Group Origin Group>
- label
This property is required. string - origin
Groups This property is required. GetWaas Policy Origin Group Origin Group[]
- label
This property is required. str - origin_
groups This property is required. Sequence[waas.Get Waas Policy Origin Group Origin Group]
- label
This property is required. String - origin
Groups This property is required. List<Property Map>
GetWaasPolicyOriginGroupOriginGroup
GetWaasPolicyPolicyConfig
- Certificate
Id This property is required. string - The OCID of the SSL certificate to use if HTTPS is supported.
- Cipher
Group This property is required. string - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- Client
Address Header This property is required. string - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - Health
Checks This property is required. GetWaas Policy Policy Config Health Checks - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- Is
Behind Cdn This property is required. bool - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - Is
Cache Control Respected This property is required. bool - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - Is
Https Enabled This property is required. bool - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - Is
Https Forced This property is required. bool - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - Is
Origin Compression Enabled This property is required. bool - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - Is
Response Buffering Enabled This property is required. bool - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- Is
Sni Enabled This property is required. bool - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- Load
Balancing Method This property is required. GetWaas Policy Policy Config Load Balancing Method - An object that represents a load balancing method and its properties.
- Tls
Protocols This property is required. List<string> - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- Websocket
Path Prefixes This property is required. List<string> - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- Certificate
Id This property is required. string - The OCID of the SSL certificate to use if HTTPS is supported.
- Cipher
Group This property is required. string - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- Client
Address Header This property is required. string - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - Health
Checks This property is required. GetWaas Policy Policy Config Health Checks - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- Is
Behind Cdn This property is required. bool - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - Is
Cache Control Respected This property is required. bool - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - Is
Https Enabled This property is required. bool - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - Is
Https Forced This property is required. bool - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - Is
Origin Compression Enabled This property is required. bool - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - Is
Response Buffering Enabled This property is required. bool - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- Is
Sni Enabled This property is required. bool - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- Load
Balancing Method This property is required. GetWaas Policy Policy Config Load Balancing Method - An object that represents a load balancing method and its properties.
- Tls
Protocols This property is required. []string - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- Websocket
Path Prefixes This property is required. []string - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id This property is required. String - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group This property is required. String - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address Header This property is required. String - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health
Checks This property is required. GetPolicy Policy Config Health Checks - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind Cdn This property is required. Boolean - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache Control Respected This property is required. Boolean - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https Enabled This property is required. Boolean - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https Forced This property is required. Boolean - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin Compression Enabled This property is required. Boolean - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response Buffering Enabled This property is required. Boolean - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni Enabled This property is required. Boolean - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing Method This property is required. GetPolicy Policy Config Load Balancing Method - An object that represents a load balancing method and its properties.
- tls
Protocols This property is required. List<String> - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket
Path Prefixes This property is required. List<String> - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id This property is required. string - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group This property is required. string - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address Header This property is required. string - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health
Checks This property is required. GetWaas Policy Policy Config Health Checks - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind Cdn This property is required. boolean - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache Control Respected This property is required. boolean - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https Enabled This property is required. boolean - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https Forced This property is required. boolean - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin Compression Enabled This property is required. boolean - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response Buffering Enabled This property is required. boolean - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni Enabled This property is required. boolean - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing Method This property is required. GetWaas Policy Policy Config Load Balancing Method - An object that represents a load balancing method and its properties.
- tls
Protocols This property is required. string[] - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket
Path Prefixes This property is required. string[] - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate_
id This property is required. str - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher_
group This property is required. str - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client_
address_ header This property is required. str - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health_
checks This property is required. waas.Get Waas Policy Policy Config Health Checks - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is_
behind_ cdn This property is required. bool - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is_
cache_ control_ respected This property is required. bool - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is_
https_ enabled This property is required. bool - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is_
https_ forced This property is required. bool - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is_
origin_ compression_ enabled This property is required. bool - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is_
response_ buffering_ enabled This property is required. bool - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is_
sni_ enabled This property is required. bool - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load_
balancing_ method This property is required. waas.Get Waas Policy Policy Config Load Balancing Method - An object that represents a load balancing method and its properties.
- tls_
protocols This property is required. Sequence[str] - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket_
path_ prefixes This property is required. Sequence[str] - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
- certificate
Id This property is required. String - The OCID of the SSL certificate to use if HTTPS is supported.
- cipher
Group This property is required. String - The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
- DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled:
- client
Address Header This property is required. String - Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if
isBehindCdn
is enabled. - health
Checks This property is required. Property Map - Health checks monitor the status of your origin servers and only route traffic to the origins that pass the health check. If the health check fails, origin is automatically removed from the load balancing. There is roughly one health check per EDGE POP per period. Any checks that pass will be reported as "healthy".
- is
Behind Cdn This property is required. Boolean - Enabling
isBehindCdn
allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. - is
Cache Control Respected This property is required. Boolean - Enable or disable automatic content caching based on the response
cache-control
header. This feature enables the origin to act as a proxy cache. Caching is usually defined usingcache-control
header. For examplecache-control: max-age=120
means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. - is
Https Enabled This property is required. Boolean - Enable or disable HTTPS support. If true, a
certificateId
is required. If unspecified, defaults tofalse
. - is
Https Forced This property is required. Boolean - Force HTTP to HTTPS redirection. If unspecified, defaults to
false
. - is
Origin Compression Enabled This property is required. Boolean - Enable or disable GZIP compression of origin responses. If enabled, the header
Accept-Encoding: gzip
is sent to origin, otherwise, the emptyAccept-Encoding:
header is used. - is
Response Buffering Enabled This property is required. Boolean - Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.
- is
Sni Enabled This property is required. Boolean - SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.
- load
Balancing Method This property is required. Property Map - An object that represents a load balancing method and its properties.
- tls
Protocols This property is required. List<String> - A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.
- TLS_V1: corresponds to TLS 1.0 specification.
- TLS_V1_1: corresponds to TLS 1.1 specification.
- TLS_V1_2: corresponds to TLS 1.2 specification.
- TLS_V1_3: corresponds to TLS 1.3 specification.
- websocket
Path Prefixes This property is required. List<String> - ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of
websocketPathPrefixes
array value. In All other cases challenges, like JSC, HIC and etc., remain active.
GetWaasPolicyPolicyConfigHealthChecks
- Expected
Response Code Groups This property is required. List<string> - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- Expected
Response Text This property is required. string - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- Headers
This property is required. Dictionary<string, string> - HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - Healthy
Threshold This property is required. int - Number of successful health checks after which the server is marked up.
- Interval
In Seconds This property is required. int - Time between health checks of an individual origin server, in seconds.
- Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Response Text Check Enabled This property is required. bool - Enables or disables additional check for predefined text in addition to response code.
- Method
This property is required. string - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Path
This property is required. string - Path to visit on your origins when performing the health check.
- Timeout
In Seconds This property is required. int - Response timeout represents wait time until request is considered failed, in seconds.
- Unhealthy
Threshold This property is required. int - Number of failed health checks after which the server is marked down.
- Expected
Response Code Groups This property is required. []string - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- Expected
Response Text This property is required. string - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- Headers
This property is required. map[string]string - HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - Healthy
Threshold This property is required. int - Number of successful health checks after which the server is marked up.
- Interval
In Seconds This property is required. int - Time between health checks of an individual origin server, in seconds.
- Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Response Text Check Enabled This property is required. bool - Enables or disables additional check for predefined text in addition to response code.
- Method
This property is required. string - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Path
This property is required. string - Path to visit on your origins when performing the health check.
- Timeout
In Seconds This property is required. int - Response timeout represents wait time until request is considered failed, in seconds.
- Unhealthy
Threshold This property is required. int - Number of failed health checks after which the server is marked down.
- expected
Response Code Groups This property is required. List<String> - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response Text This property is required. String - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers
This property is required. Map<String,String> - HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy
Threshold This property is required. Integer - Number of successful health checks after which the server is marked up.
- interval
In Seconds This property is required. Integer - Time between health checks of an individual origin server, in seconds.
- is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Response Text Check Enabled This property is required. Boolean - Enables or disables additional check for predefined text in addition to response code.
- method
This property is required. String - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path
This property is required. String - Path to visit on your origins when performing the health check.
- timeout
In Seconds This property is required. Integer - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold This property is required. Integer - Number of failed health checks after which the server is marked down.
- expected
Response Code Groups This property is required. string[] - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response Text This property is required. string - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers
This property is required. {[key: string]: string} - HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy
Threshold This property is required. number - Number of successful health checks after which the server is marked up.
- interval
In Seconds This property is required. number - Time between health checks of an individual origin server, in seconds.
- is
Enabled This property is required. boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Response Text Check Enabled This property is required. boolean - Enables or disables additional check for predefined text in addition to response code.
- method
This property is required. string - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path
This property is required. string - Path to visit on your origins when performing the health check.
- timeout
In Seconds This property is required. number - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold This property is required. number - Number of failed health checks after which the server is marked down.
- expected_
response_ code_ groups This property is required. Sequence[str] - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected_
response_ text This property is required. str - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers
This property is required. Mapping[str, str] - HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy_
threshold This property is required. int - Number of successful health checks after which the server is marked up.
- interval_
in_ seconds This property is required. int - Time between health checks of an individual origin server, in seconds.
- is_
enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is_
response_ text_ check_ enabled This property is required. bool - Enables or disables additional check for predefined text in addition to response code.
- method
This property is required. str - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path
This property is required. str - Path to visit on your origins when performing the health check.
- timeout_
in_ seconds This property is required. int - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy_
threshold This property is required. int - Number of failed health checks after which the server is marked down.
- expected
Response Code Groups This property is required. List<String> - The HTTP response codes that signify a healthy state.
- 2XX: Success response code group.
- 3XX: Redirection response code group.
- 4XX: Client errors response code group.
- 5XX: Server errors response code group.
- expected
Response Text This property is required. String - Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.
- headers
This property is required. Map<String> - HTTP header fields to include in health check requests, expressed as
"name": "value"
properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value "waf health checks". - healthy
Threshold This property is required. Number - Number of successful health checks after which the server is marked up.
- interval
In Seconds This property is required. Number - Time between health checks of an individual origin server, in seconds.
- is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Response Text Check Enabled This property is required. Boolean - Enables or disables additional check for predefined text in addition to response code.
- method
This property is required. String - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- path
This property is required. String - Path to visit on your origins when performing the health check.
- timeout
In Seconds This property is required. Number - Response timeout represents wait time until request is considered failed, in seconds.
- unhealthy
Threshold This property is required. Number - Number of failed health checks after which the server is marked down.
GetWaasPolicyPolicyConfigLoadBalancingMethod
- Domain
This property is required. string - The domain for which the cookie is set, defaults to WAAS policy domain.
- Expiration
Time In Seconds This property is required. int - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- Method
This property is required. string - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Name
This property is required. string - The unique name of the whitelist.
- Domain
This property is required. string - The domain for which the cookie is set, defaults to WAAS policy domain.
- Expiration
Time In Seconds This property is required. int - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- Method
This property is required. string - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- Name
This property is required. string - The unique name of the whitelist.
- domain
This property is required. String - The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time In Seconds This property is required. Integer - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method
This property is required. String - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name
This property is required. String - The unique name of the whitelist.
- domain
This property is required. string - The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time In Seconds This property is required. number - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method
This property is required. string - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name
This property is required. string - The unique name of the whitelist.
- domain
This property is required. str - The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration_
time_ in_ seconds This property is required. int - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method
This property is required. str - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name
This property is required. str - The unique name of the whitelist.
- domain
This property is required. String - The domain for which the cookie is set, defaults to WAAS policy domain.
- expiration
Time In Seconds This property is required. Number - The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.
- method
This property is required. String - Load balancing methods are algorithms used to efficiently distribute traffic among origin servers.
- IP_HASH: All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially.
- ROUND_ROBIN: Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight.
- STICKY_COOKIE: Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.
- name
This property is required. String - The unique name of the whitelist.
GetWaasPolicyWafConfig
- Access
Rules This property is required. List<GetWaas Policy Waf Config Access Rule> - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - Address
Rate Limiting This property is required. GetWaas Policy Waf Config Address Rate Limiting - The IP address rate limiting settings used to limit the number of requests from an address.
- Caching
Rules This property is required. List<GetWaas Policy Waf Config Caching Rule> - A list of caching rules applied to the web application.
- Captchas
This property is required. List<GetWaas Policy Waf Config Captcha> - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- Custom
Protection Rules This property is required. List<GetWaas Policy Waf Config Custom Protection Rule> - A list of the custom protection rule OCIDs and their actions.
- Device
Fingerprint Challenge This property is required. GetWaas Policy Waf Config Device Fingerprint Challenge - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- Human
Interaction Challenge This property is required. GetWaas Policy Waf Config Human Interaction Challenge - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- Js
Challenge This property is required. GetWaas Policy Waf Config Js Challenge - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- Origin
This property is required. string - The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - Origin
Groups This property is required. List<string> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Protection
Settings This property is required. GetWaas Policy Waf Config Protection Settings - The settings to apply to protection rules.
- Whitelists
This property is required. List<GetWaas Policy Waf Config Whitelist> - A list of IP addresses that bypass the Web Application Firewall.
- Access
Rules This property is required. []GetWaas Policy Waf Config Access Rule - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - Address
Rate Limiting This property is required. GetWaas Policy Waf Config Address Rate Limiting - The IP address rate limiting settings used to limit the number of requests from an address.
- Caching
Rules This property is required. []GetWaas Policy Waf Config Caching Rule - A list of caching rules applied to the web application.
- Captchas
This property is required. []GetWaas Policy Waf Config Captcha - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- Custom
Protection Rules This property is required. []GetWaas Policy Waf Config Custom Protection Rule - A list of the custom protection rule OCIDs and their actions.
- Device
Fingerprint Challenge This property is required. GetWaas Policy Waf Config Device Fingerprint Challenge - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- Human
Interaction Challenge This property is required. GetWaas Policy Waf Config Human Interaction Challenge - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- Js
Challenge This property is required. GetWaas Policy Waf Config Js Challenge - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- Origin
This property is required. string - The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - Origin
Groups This property is required. []string - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - Protection
Settings This property is required. GetWaas Policy Waf Config Protection Settings - The settings to apply to protection rules.
- Whitelists
This property is required. []GetWaas Policy Waf Config Whitelist - A list of IP addresses that bypass the Web Application Firewall.
- access
Rules This property is required. List<GetPolicy Waf Config Access Rule> - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address
Rate Limiting This property is required. GetPolicy Waf Config Address Rate Limiting - The IP address rate limiting settings used to limit the number of requests from an address.
- caching
Rules This property is required. List<GetPolicy Waf Config Caching Rule> - A list of caching rules applied to the web application.
- captchas
This property is required. List<GetPolicy Waf Config Captcha> - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom
Protection Rules This property is required. List<GetPolicy Waf Config Custom Protection Rule> - A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint Challenge This property is required. GetPolicy Waf Config Device Fingerprint Challenge - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human
Interaction Challenge This property is required. GetPolicy Waf Config Human Interaction Challenge - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenge This property is required. GetPolicy Waf Config Js Challenge - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin
This property is required. String - The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin
Groups This property is required. List<String> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings This property is required. GetPolicy Waf Config Protection Settings - The settings to apply to protection rules.
- whitelists
This property is required. List<GetPolicy Waf Config Whitelist> - A list of IP addresses that bypass the Web Application Firewall.
- access
Rules This property is required. GetWaas Policy Waf Config Access Rule[] - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address
Rate Limiting This property is required. GetWaas Policy Waf Config Address Rate Limiting - The IP address rate limiting settings used to limit the number of requests from an address.
- caching
Rules This property is required. GetWaas Policy Waf Config Caching Rule[] - A list of caching rules applied to the web application.
- captchas
This property is required. GetWaas Policy Waf Config Captcha[] - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom
Protection Rules This property is required. GetWaas Policy Waf Config Custom Protection Rule[] - A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint Challenge This property is required. GetWaas Policy Waf Config Device Fingerprint Challenge - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human
Interaction Challenge This property is required. GetWaas Policy Waf Config Human Interaction Challenge - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenge This property is required. GetWaas Policy Waf Config Js Challenge - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin
This property is required. string - The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin
Groups This property is required. string[] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings This property is required. GetWaas Policy Waf Config Protection Settings - The settings to apply to protection rules.
- whitelists
This property is required. GetWaas Policy Waf Config Whitelist[] - A list of IP addresses that bypass the Web Application Firewall.
- access_
rules This property is required. Sequence[waas.Get Waas Policy Waf Config Access Rule] - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address_
rate_ limiting This property is required. waas.Get Waas Policy Waf Config Address Rate Limiting - The IP address rate limiting settings used to limit the number of requests from an address.
- caching_
rules This property is required. Sequence[waas.Get Waas Policy Waf Config Caching Rule] - A list of caching rules applied to the web application.
- captchas
This property is required. Sequence[waas.Get Waas Policy Waf Config Captcha] - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom_
protection_ rules This property is required. Sequence[waas.Get Waas Policy Waf Config Custom Protection Rule] - A list of the custom protection rule OCIDs and their actions.
- device_
fingerprint_ challenge This property is required. waas.Get Waas Policy Waf Config Device Fingerprint Challenge - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human_
interaction_ challenge This property is required. waas.Get Waas Policy Waf Config Human Interaction Challenge - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js_
challenge This property is required. waas.Get Waas Policy Waf Config Js Challenge - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin
This property is required. str - The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin_
groups This property is required. Sequence[str] - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection_
settings This property is required. waas.Get Waas Policy Waf Config Protection Settings - The settings to apply to protection rules.
- whitelists
This property is required. Sequence[waas.Get Waas Policy Waf Config Whitelist] - A list of IP addresses that bypass the Web Application Firewall.
- access
Rules This property is required. List<Property Map> - The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of
ALLOW
,DETECT
, andBLOCK
rules, based on different criteria. - address
Rate Limiting This property is required. Property Map - The IP address rate limiting settings used to limit the number of requests from an address.
- caching
Rules This property is required. List<Property Map> - A list of caching rules applied to the web application.
- captchas
This property is required. List<Property Map> - A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.
- custom
Protection Rules This property is required. List<Property Map> - A list of the custom protection rule OCIDs and their actions.
- device
Fingerprint Challenge This property is required. Property Map - The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.
- human
Interaction Challenge This property is required. Property Map - The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.
- js
Challenge This property is required. Property Map - The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.
- origin
This property is required. String - The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in
Origins
. Required when creating theWafConfig
resource, but not on update. - origin
Groups This property is required. List<String> - The map of origin groups and their keys used to associate origins to the
wafConfig
. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update theorigins
field of aUpdateWaasPolicy
request. - protection
Settings This property is required. Property Map - The settings to apply to protection rules.
- whitelists
This property is required. List<Property Map> - A list of IP addresses that bypass the Web Application Firewall.
GetWaasPolicyWafConfigAccessRule
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Bypass
Challenges This property is required. List<string> - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Criterias
This property is required. List<GetWaas Policy Waf Config Access Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Name
This property is required. string - The unique name of the whitelist.
- Redirect
Response Code This property is required. string - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- Redirect
Url This property is required. string - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - Response
Header Manipulations This property is required. List<GetWaas Policy Waf Config Access Rule Response Header Manipulation> - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Bypass
Challenges This property is required. []string - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Criterias
This property is required. []GetWaas Policy Waf Config Access Rule Criteria - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Name
This property is required. string - The unique name of the whitelist.
- Redirect
Response Code This property is required. string - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- Redirect
Url This property is required. string - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - Response
Header Manipulations This property is required. []GetWaas Policy Waf Config Access Rule Response Header Manipulation - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Integer - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass
Challenges This property is required. List<String> - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
This property is required. List<GetPolicy Waf Config Access Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name
This property is required. String - The unique name of the whitelist.
- redirect
Response Code This property is required. String - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url This property is required. String - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header Manipulations This property is required. List<GetPolicy Waf Config Access Rule Response Header Manipulation> - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass
Challenges This property is required. string[] - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
This property is required. GetWaas Policy Waf Config Access Rule Criteria[] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name
This property is required. string - The unique name of the whitelist.
- redirect
Response Code This property is required. string - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url This property is required. string - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header Manipulations This property is required. GetWaas Policy Waf Config Access Rule Response Header Manipulation[] - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block_
action This property is required. str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ page_ code This property is required. str - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ page_ description This property is required. str - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ page_ message This property is required. str - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass_
challenges This property is required. Sequence[str] - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
This property is required. str- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header This property is required. str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ label This property is required. str - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title This property is required. str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
This property is required. Sequence[waas.Get Waas Policy Waf Config Access Rule Criteria] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name
This property is required. str - The unique name of the whitelist.
- redirect_
response_ code This property is required. str - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect_
url This property is required. str - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response_
header_ manipulations This property is required. Sequence[waas.Get Waas Policy Waf Config Access Rule Response Header Manipulation] - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - bypass
Challenges This property is required. List<String> - The list of challenges to bypass when
action
is set toBYPASS
. If unspecified or empty, all challenges are bypassed.- JS_CHALLENGE: Bypasses JavaScript Challenge.
- DEVICE_FINGERPRINT_CHALLENGE: Bypasses Device Fingerprint Challenge.
- HUMAN_INTERACTION_CHALLENGE: Bypasses Human Interaction Challenge.
- CAPTCHA: Bypasses CAPTCHA Challenge.
This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- criterias
This property is required. List<Property Map> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- name
This property is required. String - The unique name of the whitelist.
- redirect
Response Code This property is required. String - The response status code to return when
action
is set toREDIRECT
.- MOVED_PERMANENTLY: Used for designating the permanent movement of a page (numerical code - 301).
- FOUND: Used for designating the temporary movement of a page (numerical code - 302).
- redirect
Url This property is required. String - The target to which the request should be redirected, represented as a URI reference. Required when
action
isREDIRECT
. - response
Header Manipulations This property is required. List<Property Map> - An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of
action
value.
GetWaasPolicyWafConfigAccessRuleCriteria
- Condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case Sensitive This property is required. bool - When enabled, the condition will be matched with case-sensitive rules.
- Value
This property is required. string - The value of the header.
- Condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case Sensitive This property is required. bool - When enabled, the condition will be matched with case-sensitive rules.
- Value
This property is required. string - The value of the header.
- condition
This property is required. String - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case Sensitive This property is required. Boolean - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. String - The value of the header.
- condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case Sensitive This property is required. boolean - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. string - The value of the header.
- condition
This property is required. str - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is_
case_ sensitive This property is required. bool - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. str - The value of the header.
- condition
This property is required. String - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case Sensitive This property is required. Boolean - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. String - The value of the header.
GetWaasPolicyWafConfigAccessRuleResponseHeaderManipulation
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Header
This property is required. string - A header field name that conforms to RFC 7230. Example:
example_header_name
- Value
This property is required. string - The value of the header.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Header
This property is required. string - A header field name that conforms to RFC 7230. Example:
example_header_name
- Value
This property is required. string - The value of the header.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - header
This property is required. String - A header field name that conforms to RFC 7230. Example:
example_header_name
- value
This property is required. String - The value of the header.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - header
This property is required. string - A header field name that conforms to RFC 7230. Example:
example_header_name
- value
This property is required. string - The value of the header.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - header
This property is required. str - A header field name that conforms to RFC 7230. Example:
example_header_name
- value
This property is required. str - The value of the header.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - header
This property is required. String - A header field name that conforms to RFC 7230. Example:
example_header_name
- value
This property is required. String - The value of the header.
GetWaasPolicyWafConfigAddressRateLimiting
- Allowed
Rate Per Address This property is required. int - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Delayed Count Per Address This property is required. int - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- Allowed
Rate Per Address This property is required. int - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Delayed Count Per Address This property is required. int - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed
Rate Per Address This property is required. Integer - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response Code This property is required. Integer - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Delayed Count Per Address This property is required. Integer - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed
Rate Per Address This property is required. number - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response Code This property is required. number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Enabled This property is required. boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Delayed Count Per Address This property is required. number - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed_
rate_ per_ address This property is required. int - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block_
response_ code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is_
enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max_
delayed_ count_ per_ address This property is required. int - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
- allowed
Rate Per Address This property is required. Number - The number of allowed requests per second from one IP address. If unspecified, defaults to
1
. - block
Response Code This property is required. Number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Delayed Count Per Address This property is required. Number - The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to
10
.
GetWaasPolicyWafConfigCachingRule
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Caching
Duration This property is required. string - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Client
Caching Duration This property is required. string - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Criterias
This property is required. List<GetWaas Policy Waf Config Caching Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Is
Client Caching Enabled This property is required. bool - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - Key
This property is required. string - The unique key for the caching rule.
- Name
This property is required. string - The unique name of the whitelist.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Caching
Duration This property is required. string - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Client
Caching Duration This property is required. string - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- Criterias
This property is required. []GetWaas Policy Waf Config Caching Rule Criteria - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Is
Client Caching Enabled This property is required. bool - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - Key
This property is required. string - The unique key for the caching rule.
- Name
This property is required. string - The unique name of the whitelist.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching
Duration This property is required. String - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching Duration This property is required. String - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
This property is required. List<GetPolicy Waf Config Caching Rule Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is
Client Caching Enabled This property is required. Boolean - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key
This property is required. String - The unique key for the caching rule.
- name
This property is required. String - The unique name of the whitelist.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching
Duration This property is required. string - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching Duration This property is required. string - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
This property is required. GetWaas Policy Waf Config Caching Rule Criteria[] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is
Client Caching Enabled This property is required. boolean - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key
This property is required. string - The unique key for the caching rule.
- name
This property is required. string - The unique name of the whitelist.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching_
duration This property is required. str - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client_
caching_ duration This property is required. str - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
This property is required. Sequence[waas.Get Waas Policy Waf Config Caching Rule Criteria] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is_
client_ caching_ enabled This property is required. bool - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key
This property is required. str - The unique key for the caching rule.
- name
This property is required. str - The unique name of the whitelist.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - caching
Duration This property is required. String - The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- client
Caching Duration This property is required. String - The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is
99
. Mixing of multiple units is not supported. Only applies when theaction
is set toCACHE
. Example:PT1H
- criterias
This property is required. List<Property Map> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- is
Client Caching Enabled This property is required. Boolean - Enables or disables client caching. Browsers use the
Cache-Control
header value for caching content locally in the browser. This setting overrides the addition of aCache-Control
header in responses. - key
This property is required. String - The unique key for the caching rule.
- name
This property is required. String - The unique name of the whitelist.
GetWaasPolicyWafConfigCachingRuleCriteria
- Condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value
This property is required. string - The value of the header.
- Condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Value
This property is required. string - The value of the header.
- condition
This property is required. String - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value
This property is required. String - The value of the header.
- condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value
This property is required. string - The value of the header.
- condition
This property is required. str - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value
This property is required. str - The value of the header.
- condition
This property is required. String - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- value
This property is required. String - The value of the header.
GetWaasPolicyWafConfigCaptcha
- Failure
Message This property is required. string - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
This property is required. string- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- Header
Text This property is required. string - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- Session
Expiration In Seconds This property is required. int - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - Submit
Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - Title
This property is required. string - The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- Url
This property is required. string - The unique URL path at which to show the CAPTCHA challenge.
- Failure
Message This property is required. string - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
This property is required. string- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- Header
Text This property is required. string - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- Session
Expiration In Seconds This property is required. int - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - Submit
Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - Title
This property is required. string - The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- Url
This property is required. string - The unique URL path at which to show the CAPTCHA challenge.
- failure
Message This property is required. String - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
This property is required. String- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text This property is required. String - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session
Expiration In Seconds This property is required. Integer - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title
This property is required. String - The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url
This property is required. String - The unique URL path at which to show the CAPTCHA challenge.
- failure
Message This property is required. string - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
This property is required. string- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text This property is required. string - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session
Expiration In Seconds This property is required. number - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title
This property is required. string - The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url
This property is required. string - The unique URL path at which to show the CAPTCHA challenge.
- failure_
message This property is required. str - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
This property is required. str- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header_
text This property is required. str - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session_
expiration_ in_ seconds This property is required. int - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit_
label This property is required. str - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title
This property is required. str - The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url
This property is required. str - The unique URL path at which to show the CAPTCHA challenge.
- failure
Message This property is required. String - The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to
The CAPTCHA was incorrect. Try again.
This property is required. String- The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'
- header
Text This property is required. String - The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'
- session
Expiration In Seconds This property is required. Number - The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to
300
. - submit
Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to
Yes, I am human
. - title
This property is required. String - The title used when displaying a CAPTCHA challenge. If unspecified, defaults to
Are you human?
- url
This property is required. String - The unique URL path at which to show the CAPTCHA challenge.
GetWaasPolicyWafConfigCustomProtectionRule
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Exclusions
This property is required. List<GetWaas Policy Waf Config Custom Protection Rule Exclusion> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Id
This property is required. string - The OCID of the custom protection rule.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Exclusions
This property is required. []GetWaas Policy Waf Config Custom Protection Rule Exclusion - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Id
This property is required. string - The OCID of the custom protection rule.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
This property is required. List<GetPolicy Waf Config Custom Protection Rule Exclusion> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id
This property is required. String - The OCID of the custom protection rule.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
This property is required. GetWaas Policy Waf Config Custom Protection Rule Exclusion[] - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id
This property is required. string - The OCID of the custom protection rule.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
This property is required. Sequence[waas.Get Waas Policy Waf Config Custom Protection Rule Exclusion] - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id
This property is required. str - The OCID of the custom protection rule.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - exclusions
This property is required. List<Property Map> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - id
This property is required. String - The OCID of the custom protection rule.
GetWaasPolicyWafConfigCustomProtectionRuleExclusion
- Exclusions
This property is required. List<string> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target
This property is required. string - The target of the exclusion.
- Exclusions
This property is required. []string - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - Target
This property is required. string - The target of the exclusion.
- exclusions
This property is required. List<String> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target
This property is required. String - The target of the exclusion.
- exclusions
This property is required. string[] - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target
This property is required. string - The target of the exclusion.
- exclusions
This property is required. Sequence[str] - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target
This property is required. str - The target of the exclusion.
- exclusions
This property is required. List<String> - An array of The target property of a request that would allow it to bypass the protection rule. For example, when
target
isREQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target isARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule.Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize themaxArgumentCount
ormaxTotalNameLengthOfArguments
properties, and thetarget
property has been set toARGS
, it is important that theexclusions
properties be defined to honor those protection rule settings in a consistent manner. - target
This property is required. String - The target of the exclusion.
GetWaasPolicyWafConfigDeviceFingerprintChallenge
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration In Seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings This property is required. GetWaas Policy Waf Config Device Fingerprint Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold Expiration In Seconds This property is required. int - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Address Count This property is required. int - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - Max
Address Count Expiration In Seconds This property is required. int - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration In Seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings This property is required. GetWaas Policy Waf Config Device Fingerprint Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold Expiration In Seconds This property is required. int - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Max
Address Count This property is required. int - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - Max
Address Count Expiration In Seconds This property is required. int - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. Integer - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings This property is required. GetPolicy Waf Config Device Fingerprint Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - failure
Threshold This property is required. Integer - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold Expiration In Seconds This property is required. Integer - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Address Count This property is required. Integer - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address Count Expiration In Seconds This property is required. Integer - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. number - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings This property is required. GetWaas Policy Waf Config Device Fingerprint Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - failure
Threshold This property is required. number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold Expiration In Seconds This property is required. number - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is
Enabled This property is required. boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Address Count This property is required. number - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address Count Expiration In Seconds This property is required. number - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ in_ seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge_
settings This property is required. waas.Get Waas Policy Waf Config Device Fingerprint Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - failure_
threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure_
threshold_ expiration_ in_ seconds This property is required. int - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is_
enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max_
address_ count This property is required. int - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max_
address_ count_ expiration_ in_ seconds This property is required. int - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. Number - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings This property is required. Property Map - The challenge settings if
action
is set toBLOCK
. - failure
Threshold This property is required. Number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold Expiration In Seconds This property is required. Number - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- max
Address Count This property is required. Number - The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to
20
. - max
Address Count Expiration In Seconds This property is required. Number - The number of seconds before the maximum addresses count resets. If unspecified, defaults to
60
.
GetWaasPolicyWafConfigDeviceFingerprintChallengeChallengeSettings
- Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Integer - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action This property is required. str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ page_ code This property is required. str - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ page_ description This property is required. str - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ page_ message This property is required. str - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. str- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header This property is required. str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ label This property is required. str - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title This property is required. str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
GetWaasPolicyWafConfigHumanInteractionChallenge
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration In Seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings This property is required. GetWaas Policy Waf Config Human Interaction Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold Expiration In Seconds This property is required. int - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Interaction
Threshold This property is required. int - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat Enabled This property is required. bool - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Recording
Period In Seconds This property is required. int - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - Set
Http Header This property is required. GetWaas Policy Waf Config Human Interaction Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration In Seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Challenge
Settings This property is required. GetWaas Policy Waf Config Human Interaction Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - Failure
Threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Failure
Threshold Expiration In Seconds This property is required. int - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - Interaction
Threshold This property is required. int - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat Enabled This property is required. bool - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Recording
Period In Seconds This property is required. int - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - Set
Http Header This property is required. GetWaas Policy Waf Config Human Interaction Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. Integer - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings This property is required. GetPolicy Waf Config Human Interaction Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - failure
Threshold This property is required. Integer - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold Expiration In Seconds This property is required. Integer - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold This property is required. Integer - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat Enabled This property is required. Boolean - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period In Seconds This property is required. Integer - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http Header This property is required. GetPolicy Waf Config Human Interaction Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. number - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings This property is required. GetWaas Policy Waf Config Human Interaction Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - failure
Threshold This property is required. number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold Expiration In Seconds This property is required. number - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold This property is required. number - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Enabled This property is required. boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat Enabled This property is required. boolean - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period In Seconds This property is required. number - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http Header This property is required. GetWaas Policy Waf Config Human Interaction Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ in_ seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge_
settings This property is required. waas.Get Waas Policy Waf Config Human Interaction Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - failure_
threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure_
threshold_ expiration_ in_ seconds This property is required. int - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction_
threshold This property is required. int - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is_
enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is_
nat_ enabled This property is required. bool - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording_
period_ in_ seconds This property is required. int - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set_
http_ header This property is required. waas.Get Waas Policy Waf Config Human Interaction Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. Number - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - challenge
Settings This property is required. Property Map - The challenge settings if
action
is set toBLOCK
. - failure
Threshold This property is required. Number - The number of failed requests before taking action. If unspecified, defaults to
10
. - failure
Threshold Expiration In Seconds This property is required. Number - The number of seconds before the failure threshold resets. If unspecified, defaults to
60
. - interaction
Threshold This property is required. Number - The number of interactions required to pass the challenge. If unspecified, defaults to
3
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat Enabled This property is required. Boolean - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- recording
Period In Seconds This property is required. Number - The number of seconds to record the interactions from the user. If unspecified, defaults to
15
. - set
Http Header This property is required. Property Map - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
GetWaasPolicyWafConfigHumanInteractionChallengeChallengeSettings
- Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Integer - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action This property is required. str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ page_ code This property is required. str - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ page_ description This property is required. str - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ page_ message This property is required. str - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. str- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header This property is required. str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ label This property is required. str - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title This property is required. str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
GetWaasPolicyWafConfigHumanInteractionChallengeSetHttpHeader
GetWaasPolicyWafConfigJsChallenge
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration In Seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Are
Redirects Challenged This property is required. bool - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- Challenge
Settings This property is required. GetWaas Policy Waf Config Js Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - Criterias
This property is required. List<GetWaas Policy Waf Config Js Challenge Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Failure
Threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat Enabled This property is required. bool - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Set
Http Header This property is required. GetWaas Policy Waf Config Js Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- Action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - Action
Expiration In Seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - Are
Redirects Challenged This property is required. bool - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- Challenge
Settings This property is required. GetWaas Policy Waf Config Js Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - Criterias
This property is required. []GetWaas Policy Waf Config Js Challenge Criteria - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- Failure
Threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - Is
Enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- Is
Nat Enabled This property is required. bool - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- Set
Http Header This property is required. GetWaas Policy Waf Config Js Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. Integer - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects Challenged This property is required. Boolean - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings This property is required. GetPolicy Waf Config Js Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - criterias
This property is required. List<GetPolicy Waf Config Js Challenge Criteria> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold This property is required. Integer - The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat Enabled This property is required. Boolean - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http Header This property is required. GetPolicy Waf Config Js Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. string - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. number - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects Challenged This property is required. boolean - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings This property is required. GetWaas Policy Waf Config Js Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - criterias
This property is required. GetWaas Policy Waf Config Js Challenge Criteria[] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold This property is required. number - The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Enabled This property is required. boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat Enabled This property is required. boolean - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http Header This property is required. GetWaas Policy Waf Config Js Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. str - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action_
expiration_ in_ seconds This property is required. int - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are_
redirects_ challenged This property is required. bool - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge_
settings This property is required. waas.Get Waas Policy Waf Config Js Challenge Challenge Settings - The challenge settings if
action
is set toBLOCK
. - criterias
This property is required. Sequence[waas.Get Waas Policy Waf Config Js Challenge Criteria] - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure_
threshold This property is required. int - The number of failed requests before taking action. If unspecified, defaults to
10
. - is_
enabled This property is required. bool - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is_
nat_ enabled This property is required. bool - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set_
http_ header This property is required. waas.Get Waas Policy Waf Config Js Challenge Set Http Header - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
- action
This property is required. String - The action to take against requests from detected bots. If unspecified, defaults to
DETECT
. - action
Expiration In Seconds This property is required. Number - The number of seconds between challenges from the same IP address. If unspecified, defaults to
60
. - are
Redirects Challenged This property is required. Boolean - When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.
- challenge
Settings This property is required. Property Map - The challenge settings if
action
is set toBLOCK
. - criterias
This property is required. List<Property Map> - When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.
- failure
Threshold This property is required. Number - The number of failed requests before taking action. If unspecified, defaults to
10
. - is
Enabled This property is required. Boolean - Enables or disables the JavaScript challenge Web Application Firewall feature.
- is
Nat Enabled This property is required. Boolean - When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.
- set
Http Header This property is required. Property Map - Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the
action
is set toDETECT
.
GetWaasPolicyWafConfigJsChallengeChallengeSettings
- Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - Captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- Captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - Captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Integer - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. string- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. string - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. string - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. string - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block_
action This property is required. str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ page_ code This property is required. str - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ page_ description This property is required. str - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ page_ message This property is required. str - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. str- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha_
header This property is required. str - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha_
submit_ label This property is required. str - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha_
title This property is required. str - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
- block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. This property is required. String- The text to show in the footer when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, default toEnter the letters and numbers as they are shown in image above
. - captcha
Header This property is required. String - The text to show in the header when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toWe have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.
- captcha
Submit Label This property is required. String - The text to show on the label of the CAPTCHA challenge submit button when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toYes, I am human
. - captcha
Title This property is required. String - The title used when showing a CAPTCHA challenge when
action
is set toBLOCK
,blockAction
is set toSHOW_CAPTCHA
, and the request is blocked. If unspecified, defaults toAre you human?
GetWaasPolicyWafConfigJsChallengeCriteria
- Condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case Sensitive This property is required. bool - When enabled, the condition will be matched with case-sensitive rules.
- Value
This property is required. string - The value of the header.
- Condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- Is
Case Sensitive This property is required. bool - When enabled, the condition will be matched with case-sensitive rules.
- Value
This property is required. string - The value of the header.
- condition
This property is required. String - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case Sensitive This property is required. Boolean - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. String - The value of the header.
- condition
This property is required. string - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case Sensitive This property is required. boolean - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. string - The value of the header.
- condition
This property is required. str - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is_
case_ sensitive This property is required. bool - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. str - The value of the header.
- condition
This property is required. String - The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request.
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
value
field. URL must start with a/
. - URL_IS_NOT: Matches if the concatenation of request URL path and query is not identical to the contents of the
value
field. URL must start with a/
. - URL_STARTS_WITH: Matches if the concatenation of request URL path and query starts with the contents of the
value
field. URL must start with a/
. - URL_PART_ENDS_WITH: Matches if the concatenation of request URL path and query ends with the contents of the
value
field. - URL_PART_CONTAINS: Matches if the concatenation of request URL path and query contains the contents of the
value
field. - URL_REGEX: Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org).
- URL_DOES_NOT_MATCH_REGEX: Matches if the concatenation of request URL path and query is not described by the regular expression in the
value
field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - URL_DOES_NOT_START_WITH: Matches if the concatenation of request URL path and query does not start with the contents of the
value
field. - URL_PART_DOES_NOT_CONTAIN: Matches if the concatenation of request URL path and query does not contain the contents of the
value
field. - URL_PART_DOES_NOT_END_WITH: Matches if the concatenation of request URL path and query does not end with the contents of the
value
field. - IP_IS: Matches if the request originates from one of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IS_NOT: Matches if the request does not originate from any of the IP addresses contained in the defined address list. The
value
in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \n Example: "1.1.1.1\n1.1.1.2\n1.2.2.1/30" - IP_IN_LIST: Matches if the request originates from one of the IP addresses contained in the referenced address list. The
value
in this case is OCID of the address list. - IP_NOT_IN_LIST: Matches if the request does not originate from any IP address contained in the referenced address list. The
value
field in this case is OCID of the address list. - HTTP_HEADER_CONTAINS: The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value.
host:test.example.com
is an example of a criteria value wherehost
is the header field name andtest.example.com
is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. Example: With a criteria value ofhost:test.example.com
, wherehost
is the name of the field andtest.example.com
is the value of the host field, a request with the header values,Host: www.test.example.com
will match, where as a request with header values ofhost: www.example.com
orhost: test.sub.example.com
will not match. - HTTP_METHOD_IS: Matches if the request method is identical to one of the values listed in field. The
value
in this case is string with one or multiple HTTP methods separated by new line symbol \n The list of available methods:GET
,HEAD
,POST
,PUT
,DELETE
,CONNECT
,OPTIONS
,TRACE
,PATCH
- URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the
- is
Case Sensitive This property is required. Boolean - When enabled, the condition will be matched with case-sensitive rules.
- value
This property is required. String - The value of the header.
GetWaasPolicyWafConfigJsChallengeSetHttpHeader
GetWaasPolicyWafConfigProtectionSettings
- Allowed
Http Methods This property is required. List<string> - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Response Inspected This property is required. bool - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - Max
Argument Count This property is required. int - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- Max
Name Length Per Argument This property is required. int - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - Max
Response Size In Ki B This property is required. int - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - Max
Total Name Length Of Arguments This property is required. int - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - Media
Types This property is required. List<string> - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - Recommendations
Period In Days This property is required. int - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- Allowed
Http Methods This property is required. []string - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - Block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - Block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - Block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- Block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - Block
Response Code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - Is
Response Inspected This property is required. bool - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - Max
Argument Count This property is required. int - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- Max
Name Length Per Argument This property is required. int - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - Max
Response Size In Ki B This property is required. int - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - Max
Total Name Length Of Arguments This property is required. int - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - Media
Types This property is required. []string - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - Recommendations
Period In Days This property is required. int - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed
Http Methods This property is required. List<String> - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Integer - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response Inspected This property is required. Boolean - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max
Argument Count This property is required. Integer - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name Length Per Argument This property is required. Integer - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response Size In Ki B This property is required. Integer - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total Name Length Of Arguments This property is required. Integer - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types This property is required. List<String> - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations
Period In Days This property is required. Integer - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed
Http Methods This property is required. string[] - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action This property is required. string - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. string - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. string - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. string - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response Inspected This property is required. boolean - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max
Argument Count This property is required. number - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name Length Per Argument This property is required. number - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response Size In Ki B This property is required. number - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total Name Length Of Arguments This property is required. number - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types This property is required. string[] - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations
Period In Days This property is required. number - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed_
http_ methods This property is required. Sequence[str] - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block_
action This property is required. str - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block_
error_ page_ code This property is required. str - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block_
error_ page_ description This property is required. str - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block_
error_ page_ message This property is required. str - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block_
response_ code This property is required. int - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is_
response_ inspected This property is required. bool - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max_
argument_ count This property is required. int - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max_
name_ length_ per_ argument This property is required. int - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max_
response_ size_ in_ ki_ b This property is required. int - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max_
total_ name_ length_ of_ arguments This property is required. int - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media_
types This property is required. Sequence[str] - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations_
period_ in_ days This property is required. int - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
- allowed
Http Methods This property is required. List<String> - The list of allowed HTTP methods. If unspecified, default to
[OPTIONS, GET, HEAD, POST]
. This setting only applies if a corresponding protection rule is enabled, such as the "Restrict HTTP Request Methods" rule (key: 911100). - block
Action This property is required. String - If
action
is set toBLOCK
, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults toSET_RESPONSE_CODE
. - block
Error Page Code This property is required. String - The error code to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. - block
Error Page Description This property is required. String - The description text to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults toAccess blocked by website owner. Please contact support.
- block
Error Page Message This property is required. String - The message to show on the error page when
action
is set toBLOCK
,blockAction
is set toSHOW_ERROR_PAGE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.' - block
Response Code This property is required. Number - The response code returned when
action
is set toBLOCK
,blockAction
is set toSET_RESPONSE_CODE
, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to403
. The list of available response codes:400
,401
,403
,405
,409
,411
,412
,413
,414
,415
,416
,500
,501
,502
,503
,504
,507
. - is
Response Inspected This property is required. Boolean - Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to
false
. - max
Argument Count This property is required. Number - The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
255
. This setting only applies if a corresponding protection rule is enabled, such as the "Number of Arguments Limits" rule (key: 960335). Example: IfmaxArgumentCount
to2
for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked:GET /myapp/path?query=one&query=two&query=three
POST /myapp/path
with Body{"argument1":"one","argument2":"two","argument3":"three"}
- max
Name Length Per Argument This property is required. Number - The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
400
. This setting only applies if a corresponding protection rule is enabled, such as the "Values Limits" rule (key: 960208). - max
Response Size In Ki B This property is required. Number - The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to
1024
. - max
Total Name Length Of Arguments This property is required. Number - The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to
64000
. This setting only applies if a corresponding protection rule is enabled, such as the "Total Arguments Limits" rule (key: 960341). - media
Types This property is required. List<String> - The list of media types to allow for inspection, if
isResponseInspected
is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to["text/html", "text/plain", "text/xml"]
. - recommendations
Period In Days This property is required. Number - The length of time to analyze traffic traffic, in days. After the analysis period,
WafRecommendations
will be populated. If unspecified, defaults to10
.
GetWaasPolicyWafConfigWhitelist
- Address
Lists This property is required. List<string> - A list of OCID of IP address lists to include in the whitelist.
- Addresses
This property is required. List<string> - A set of IP addresses or CIDR notations to include in the whitelist.
- Name
This property is required. string - The unique name of the whitelist.
- Address
Lists This property is required. []string - A list of OCID of IP address lists to include in the whitelist.
- Addresses
This property is required. []string - A set of IP addresses or CIDR notations to include in the whitelist.
- Name
This property is required. string - The unique name of the whitelist.
- address
Lists This property is required. List<String> - A list of OCID of IP address lists to include in the whitelist.
- addresses
This property is required. List<String> - A set of IP addresses or CIDR notations to include in the whitelist.
- name
This property is required. String - The unique name of the whitelist.
- address
Lists This property is required. string[] - A list of OCID of IP address lists to include in the whitelist.
- addresses
This property is required. string[] - A set of IP addresses or CIDR notations to include in the whitelist.
- name
This property is required. string - The unique name of the whitelist.
- address_
lists This property is required. Sequence[str] - A list of OCID of IP address lists to include in the whitelist.
- addresses
This property is required. Sequence[str] - A set of IP addresses or CIDR notations to include in the whitelist.
- name
This property is required. str - The unique name of the whitelist.
- address
Lists This property is required. List<String> - A list of OCID of IP address lists to include in the whitelist.
- addresses
This property is required. List<String> - A set of IP addresses or CIDR notations to include in the whitelist.
- name
This property is required. String - The unique name of the whitelist.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.