Alibaba Cloud v3.55.0, Apr 30 24

Alibaba Cloud v3.55.0 published on Tuesday, Apr 30, 2024 by Pulumi

alicloud.dcdn.WafRule

Explore with Pulumi AI

Alibaba Cloud v3.55.0 published on Tuesday, Apr 30, 2024 by Pulumi

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";

const config = new pulumi.Config();
const name = config.get("name") || "tf_example";
const _default = new random.index.Integer("default", {
    min: 10000,
    max: 99999,
});
const example = new alicloud.dcdn.WafPolicy("example", {
    defenseScene: "waf_group",
    policyName: `${name}_${_default.result}`,
    policyType: "custom",
    status: "on",
});
const exampleWafRule = new alicloud.dcdn.WafRule("example", {
    policyId: example.id,
    ruleName: name,
    conditions: [
        {
            key: "URI",
            opValue: "ne",
            values: "/login.php",
        },
        {
            key: "Header",
            subKey: "a",
            opValue: "eq",
            values: "b",
        },
    ],
    status: "on",
    action: "monitor",
    rateLimit: {
        target: "IP",
        interval: 5,
        threshold: 5,
        ttl: 1800,
        status: {
            code: "200",
            ratio: 60,
        },
    },
});

import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random

config = pulumi.Config()
name = config.get("name")
if name is None:
    name = "tf_example"
default = random.index.Integer("default",
    min=10000,
    max=99999)
example = alicloud.dcdn.WafPolicy("example",
    defense_scene="waf_group",
    policy_name=f"{name}_{default['result']}",
    policy_type="custom",
    status="on")
example_waf_rule = alicloud.dcdn.WafRule("example",
    policy_id=example.id,
    rule_name=name,
    conditions=[
        alicloud.dcdn.WafRuleConditionArgs(
            key="URI",
            op_value="ne",
            values="/login.php",
        ),
        alicloud.dcdn.WafRuleConditionArgs(
            key="Header",
            sub_key="a",
            op_value="eq",
            values="b",
        ),
    ],
    status="on",
    action="monitor",
    rate_limit=alicloud.dcdn.WafRuleRateLimitArgs(
        target="IP",
        interval=5,
        threshold=5,
        ttl=1800,
        status=alicloud.dcdn.WafRuleRateLimitStatusArgs(
            code="200",
            ratio=60,
        ),
    ))

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/dcdn"
	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		name := "tf_example"
		if param := cfg.Get("name"); param != "" {
			name = param
		}
		_, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
			Min: 10000,
			Max: 99999,
		})
		if err != nil {
			return err
		}
		example, err := dcdn.NewWafPolicy(ctx, "example", &dcdn.WafPolicyArgs{
			DefenseScene: pulumi.String("waf_group"),
			PolicyName:   pulumi.String(fmt.Sprintf("%v_%v", name, _default.Result)),
			PolicyType:   pulumi.String("custom"),
			Status:       pulumi.String("on"),
		})
		if err != nil {
			return err
		}
		_, err = dcdn.NewWafRule(ctx, "example", &dcdn.WafRuleArgs{
			PolicyId: example.ID(),
			RuleName: pulumi.String(name),
			Conditions: dcdn.WafRuleConditionArray{
				&dcdn.WafRuleConditionArgs{
					Key:     pulumi.String("URI"),
					OpValue: pulumi.String("ne"),
					Values:  pulumi.String("/login.php"),
				},
				&dcdn.WafRuleConditionArgs{
					Key:     pulumi.String("Header"),
					SubKey:  pulumi.String("a"),
					OpValue: pulumi.String("eq"),
					Values:  pulumi.String("b"),
				},
			},
			Status: pulumi.String("on"),
			Action: pulumi.String("monitor"),
			RateLimit: &dcdn.WafRuleRateLimitArgs{
				Target:    pulumi.String("IP"),
				Interval:  pulumi.Int(5),
				Threshold: pulumi.Int(5),
				Ttl:       pulumi.Int(1800),
				Status: &dcdn.WafRuleRateLimitStatusArgs{
					Code:  pulumi.String("200"),
					Ratio: pulumi.Int(60),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var name = config.Get("name") ?? "tf_example";
    var @default = new Random.Index.Integer("default", new()
    {
        Min = 10000,
        Max = 99999,
    });

    var example = new AliCloud.Dcdn.WafPolicy("example", new()
    {
        DefenseScene = "waf_group",
        PolicyName = $"{name}_{@default.Result}",
        PolicyType = "custom",
        Status = "on",
    });

    var exampleWafRule = new AliCloud.Dcdn.WafRule("example", new()
    {
        PolicyId = example.Id,
        RuleName = name,
        Conditions = new[]
        {
            new AliCloud.Dcdn.Inputs.WafRuleConditionArgs
            {
                Key = "URI",
                OpValue = "ne",
                Values = "/login.php",
            },
            new AliCloud.Dcdn.Inputs.WafRuleConditionArgs
            {
                Key = "Header",
                SubKey = "a",
                OpValue = "eq",
                Values = "b",
            },
        },
        Status = "on",
        Action = "monitor",
        RateLimit = new AliCloud.Dcdn.Inputs.WafRuleRateLimitArgs
        {
            Target = "IP",
            Interval = 5,
            Threshold = 5,
            Ttl = 1800,
            Status = new AliCloud.Dcdn.Inputs.WafRuleRateLimitStatusArgs
            {
                Code = "200",
                Ratio = 60,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.dcdn.WafPolicy;
import com.pulumi.alicloud.dcdn.WafPolicyArgs;
import com.pulumi.alicloud.dcdn.WafRule;
import com.pulumi.alicloud.dcdn.WafRuleArgs;
import com.pulumi.alicloud.dcdn.inputs.WafRuleConditionArgs;
import com.pulumi.alicloud.dcdn.inputs.WafRuleRateLimitArgs;
import com.pulumi.alicloud.dcdn.inputs.WafRuleRateLimitStatusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var name = config.get("name").orElse("tf_example");
        var default_ = new Integer("default", IntegerArgs.builder()        
            .min(10000)
            .max(99999)
            .build());

        var example = new WafPolicy("example", WafPolicyArgs.builder()        
            .defenseScene("waf_group")
            .policyName(String.format("%s_%s", name,default_.result()))
            .policyType("custom")
            .status("on")
            .build());

        var exampleWafRule = new WafRule("exampleWafRule", WafRuleArgs.builder()        
            .policyId(example.id())
            .ruleName(name)
            .conditions(            
                WafRuleConditionArgs.builder()
                    .key("URI")
                    .opValue("ne")
                    .values("/login.php")
                    .build(),
                WafRuleConditionArgs.builder()
                    .key("Header")
                    .subKey("a")
                    .opValue("eq")
                    .values("b")
                    .build())
            .status("on")
            .action("monitor")
            .rateLimit(WafRuleRateLimitArgs.builder()
                .target("IP")
                .interval("5")
                .threshold("5")
                .ttl("1800")
                .status(WafRuleRateLimitStatusArgs.builder()
                    .code("200")
                    .ratio("60")
                    .build())
                .build())
            .build());

    }
}

configuration:
  name:
    type: string
    default: tf_example
resources:
  default:
    type: random:integer
    properties:
      min: 10000
      max: 99999
  example:
    type: alicloud:dcdn:WafPolicy
    properties:
      defenseScene: waf_group
      policyName: ${name}_${default.result}
      policyType: custom
      status: on
  exampleWafRule:
    type: alicloud:dcdn:WafRule
    name: example
    properties:
      policyId: ${example.id}
      ruleName: ${name}
      conditions:
        - key: URI
          opValue: ne
          values: /login.php
        - key: Header
          subKey: a
          opValue: eq
          values: b
      status: on
      action: monitor
      rateLimit:
        target: IP
        interval: '5'
        threshold: '5'
        ttl: '1800'
        status:
          code: '200'
          ratio: '60'

Create WafRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new WafRule(name: string, args: WafRuleArgs, opts?: CustomResourceOptions);

@overload
def WafRule(resource_name: str,
            args: WafRuleArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def WafRule(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            policy_id: Optional[str] = None,
            rule_name: Optional[str] = None,
            conditions: Optional[Sequence[WafRuleConditionArgs]] = None,
            action: Optional[str] = None,
            effect: Optional[str] = None,
            other_region_list: Optional[str] = None,
            cn_region_list: Optional[str] = None,
            rate_limit: Optional[WafRuleRateLimitArgs] = None,
            regular_rules: Optional[Sequence[str]] = None,
            regular_types: Optional[Sequence[str]] = None,
            remote_addrs: Optional[Sequence[str]] = None,
            cc_status: Optional[str] = None,
            scenes: Optional[Sequence[str]] = None,
            status: Optional[str] = None,
            waf_group_ids: Optional[str] = None)

func NewWafRule(ctx *Context, name string, args WafRuleArgs, opts ...ResourceOption) (*WafRule, error)

public WafRule(string name, WafRuleArgs args, CustomResourceOptions? opts = null)

public WafRule(String name, WafRuleArgs args)
public WafRule(String name, WafRuleArgs args, CustomResourceOptions options)

type: alicloud:dcdn:WafRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WafRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WafRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WafRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WafRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WafRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var wafRuleResource = new AliCloud.Dcdn.WafRule("wafRuleResource", new()
{
    PolicyId = "string",
    RuleName = "string",
    Conditions = new[]
    {
        new AliCloud.Dcdn.Inputs.WafRuleConditionArgs
        {
            Key = "string",
            OpValue = "string",
            SubKey = "string",
            Values = "string",
        },
    },
    Action = "string",
    Effect = "string",
    OtherRegionList = "string",
    CnRegionList = "string",
    RateLimit = new AliCloud.Dcdn.Inputs.WafRuleRateLimitArgs
    {
        Interval = 0,
        Status = new AliCloud.Dcdn.Inputs.WafRuleRateLimitStatusArgs
        {
            Code = "string",
            Count = 0,
            Ratio = 0,
        },
        SubKey = "string",
        Target = "string",
        Threshold = 0,
        Ttl = 0,
    },
    RegularRules = new[]
    {
        "string",
    },
    RegularTypes = new[]
    {
        "string",
    },
    RemoteAddrs = new[]
    {
        "string",
    },
    CcStatus = "string",
    Scenes = new[]
    {
        "string",
    },
    Status = "string",
    WafGroupIds = "string",
});

example, err := dcdn.NewWafRule(ctx, "wafRuleResource", &dcdn.WafRuleArgs{
	PolicyId: pulumi.String("string"),
	RuleName: pulumi.String("string"),
	Conditions: dcdn.WafRuleConditionArray{
		&dcdn.WafRuleConditionArgs{
			Key:     pulumi.String("string"),
			OpValue: pulumi.String("string"),
			SubKey:  pulumi.String("string"),
			Values:  pulumi.String("string"),
		},
	},
	Action:          pulumi.String("string"),
	Effect:          pulumi.String("string"),
	OtherRegionList: pulumi.String("string"),
	CnRegionList:    pulumi.String("string"),
	RateLimit: &dcdn.WafRuleRateLimitArgs{
		Interval: pulumi.Int(0),
		Status: &dcdn.WafRuleRateLimitStatusArgs{
			Code:  pulumi.String("string"),
			Count: pulumi.Int(0),
			Ratio: pulumi.Int(0),
		},
		SubKey:    pulumi.String("string"),
		Target:    pulumi.String("string"),
		Threshold: pulumi.Int(0),
		Ttl:       pulumi.Int(0),
	},
	RegularRules: pulumi.StringArray{
		pulumi.String("string"),
	},
	RegularTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	RemoteAddrs: pulumi.StringArray{
		pulumi.String("string"),
	},
	CcStatus: pulumi.String("string"),
	Scenes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Status:      pulumi.String("string"),
	WafGroupIds: pulumi.String("string"),
})

var wafRuleResource = new WafRule("wafRuleResource", WafRuleArgs.builder()        
    .policyId("string")
    .ruleName("string")
    .conditions(WafRuleConditionArgs.builder()
        .key("string")
        .opValue("string")
        .subKey("string")
        .values("string")
        .build())
    .action("string")
    .effect("string")
    .otherRegionList("string")
    .cnRegionList("string")
    .rateLimit(WafRuleRateLimitArgs.builder()
        .interval(0)
        .status(WafRuleRateLimitStatusArgs.builder()
            .code("string")
            .count(0)
            .ratio(0)
            .build())
        .subKey("string")
        .target("string")
        .threshold(0)
        .ttl(0)
        .build())
    .regularRules("string")
    .regularTypes("string")
    .remoteAddrs("string")
    .ccStatus("string")
    .scenes("string")
    .status("string")
    .wafGroupIds("string")
    .build());

waf_rule_resource = alicloud.dcdn.WafRule("wafRuleResource",
    policy_id="string",
    rule_name="string",
    conditions=[alicloud.dcdn.WafRuleConditionArgs(
        key="string",
        op_value="string",
        sub_key="string",
        values="string",
    )],
    action="string",
    effect="string",
    other_region_list="string",
    cn_region_list="string",
    rate_limit=alicloud.dcdn.WafRuleRateLimitArgs(
        interval=0,
        status=alicloud.dcdn.WafRuleRateLimitStatusArgs(
            code="string",
            count=0,
            ratio=0,
        ),
        sub_key="string",
        target="string",
        threshold=0,
        ttl=0,
    ),
    regular_rules=["string"],
    regular_types=["string"],
    remote_addrs=["string"],
    cc_status="string",
    scenes=["string"],
    status="string",
    waf_group_ids="string")

const wafRuleResource = new alicloud.dcdn.WafRule("wafRuleResource", {
    policyId: "string",
    ruleName: "string",
    conditions: [{
        key: "string",
        opValue: "string",
        subKey: "string",
        values: "string",
    }],
    action: "string",
    effect: "string",
    otherRegionList: "string",
    cnRegionList: "string",
    rateLimit: {
        interval: 0,
        status: {
            code: "string",
            count: 0,
            ratio: 0,
        },
        subKey: "string",
        target: "string",
        threshold: 0,
        ttl: 0,
    },
    regularRules: ["string"],
    regularTypes: ["string"],
    remoteAddrs: ["string"],
    ccStatus: "string",
    scenes: ["string"],
    status: "string",
    wafGroupIds: "string",
});

type: alicloud:dcdn:WafRule
properties:
    action: string
    ccStatus: string
    cnRegionList: string
    conditions:
        - key: string
          opValue: string
          subKey: string
          values: string
    effect: string
    otherRegionList: string
    policyId: string
    rateLimit:
        interval: 0
        status:
            code: string
            count: 0
            ratio: 0
        subKey: string
        target: string
        threshold: 0
        ttl: 0
    regularRules:
        - string
    regularTypes:
        - string
    remoteAddrs:
        - string
    ruleName: string
    scenes:
        - string
    status: string
    wafGroupIds: string

WafRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The WafRule resource accepts the following input properties:

PolicyId string: The protection policy ID.
RuleName string: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
Action string: Specifies the action of the rule. Valid values: block, monitor, js.
CcStatus string: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
CnRegionList string: The blocked regions in the Chinese mainland, separated by commas (,).
Conditions List<Pulumi.AliCloud.Dcdn.Inputs.WafRuleCondition>: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
Effect string: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
OtherRegionList string: Blocked regions outside the Chinese mainland, separated by commas (,).
RateLimit Pulumi.AliCloud.Dcdn.Inputs.WafRuleRateLimit: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
RegularRules List<string>: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
RegularTypes List<string>: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
RemoteAddrs List<string>: Filter by IP address.
Scenes List<string>: The types of the protection policies.
Status string: The status of the waf rule. Valid values: on and off. Default value: on.
WafGroupIds string: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

PolicyId string: The protection policy ID.
RuleName string: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
Action string: Specifies the action of the rule. Valid values: block, monitor, js.
CcStatus string: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
CnRegionList string: The blocked regions in the Chinese mainland, separated by commas (,).
Conditions []WafRuleConditionArgs: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
Effect string: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
OtherRegionList string: Blocked regions outside the Chinese mainland, separated by commas (,).
RateLimit WafRuleRateLimitArgs: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
RegularRules []string: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
RegularTypes []string: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
RemoteAddrs []string: Filter by IP address.
Scenes []string: The types of the protection policies.
Status string: The status of the waf rule. Valid values: on and off. Default value: on.
WafGroupIds string: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

policyId String: The protection policy ID.
ruleName String: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
action String: Specifies the action of the rule. Valid values: block, monitor, js.
ccStatus String: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cnRegionList String: The blocked regions in the Chinese mainland, separated by commas (,).
conditions List<WafRuleCondition>: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
effect String: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
otherRegionList String: Blocked regions outside the Chinese mainland, separated by commas (,).
rateLimit WafRuleRateLimit: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regularRules List<String>: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regularTypes List<String>: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remoteAddrs List<String>: Filter by IP address.
scenes List<String>: The types of the protection policies.
status String: The status of the waf rule. Valid values: on and off. Default value: on.
wafGroupIds String: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

policyId string: The protection policy ID.
ruleName string: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
action string: Specifies the action of the rule. Valid values: block, monitor, js.
ccStatus string: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cnRegionList string: The blocked regions in the Chinese mainland, separated by commas (,).
conditions WafRuleCondition[]: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
effect string: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
otherRegionList string: Blocked regions outside the Chinese mainland, separated by commas (,).
rateLimit WafRuleRateLimit: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regularRules string[]: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regularTypes string[]: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remoteAddrs string[]: Filter by IP address.
scenes string[]: The types of the protection policies.
status string: The status of the waf rule. Valid values: on and off. Default value: on.
wafGroupIds string: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

policy_id str: The protection policy ID.
rule_name str: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
action str: Specifies the action of the rule. Valid values: block, monitor, js.
cc_status str: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cn_region_list str: The blocked regions in the Chinese mainland, separated by commas (,).
conditions Sequence[WafRuleConditionArgs]: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
effect str: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
other_region_list str: Blocked regions outside the Chinese mainland, separated by commas (,).
rate_limit WafRuleRateLimitArgs: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regular_rules Sequence[str]: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regular_types Sequence[str]: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remote_addrs Sequence[str]: Filter by IP address.
scenes Sequence[str]: The types of the protection policies.
status str: The status of the waf rule. Valid values: on and off. Default value: on.
waf_group_ids str: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

policyId String: The protection policy ID.
ruleName String: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
action String: Specifies the action of the rule. Valid values: block, monitor, js.
ccStatus String: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cnRegionList String: The blocked regions in the Chinese mainland, separated by commas (,).
conditions List<Property Map>: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
effect String: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
otherRegionList String: Blocked regions outside the Chinese mainland, separated by commas (,).
rateLimit Property Map: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regularRules List<String>: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regularTypes List<String>: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remoteAddrs List<String>: Filter by IP address.
scenes List<String>: The types of the protection policies.
status String: The status of the waf rule. Valid values: on and off. Default value: on.
wafGroupIds String: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

Outputs

All input properties are implicitly available as output properties. Additionally, the WafRule resource produces the following output properties:

DefenseScene string: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
GmtModified string: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
Id string: The provider-assigned unique ID for this managed resource.

DefenseScene string: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
GmtModified string: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
Id string: The provider-assigned unique ID for this managed resource.

defenseScene String: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
gmtModified String: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
id String: The provider-assigned unique ID for this managed resource.

defenseScene string: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
gmtModified string: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
id string: The provider-assigned unique ID for this managed resource.

defense_scene str: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
gmt_modified str: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
id str: The provider-assigned unique ID for this managed resource.

defenseScene String: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
gmtModified String: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing WafRule Resource

Get an existing WafRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WafRuleState, opts?: CustomResourceOptions): WafRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        cc_status: Optional[str] = None,
        cn_region_list: Optional[str] = None,
        conditions: Optional[Sequence[WafRuleConditionArgs]] = None,
        defense_scene: Optional[str] = None,
        effect: Optional[str] = None,
        gmt_modified: Optional[str] = None,
        other_region_list: Optional[str] = None,
        policy_id: Optional[str] = None,
        rate_limit: Optional[WafRuleRateLimitArgs] = None,
        regular_rules: Optional[Sequence[str]] = None,
        regular_types: Optional[Sequence[str]] = None,
        remote_addrs: Optional[Sequence[str]] = None,
        rule_name: Optional[str] = None,
        scenes: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        waf_group_ids: Optional[str] = None) -> WafRule

func GetWafRule(ctx *Context, name string, id IDInput, state *WafRuleState, opts ...ResourceOption) (*WafRule, error)

public static WafRule Get(string name, Input<string> id, WafRuleState? state, CustomResourceOptions? opts = null)

public static WafRule get(String name, Output<String> id, WafRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Specifies the action of the rule. Valid values: block, monitor, js.
CcStatus string: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
CnRegionList string: The blocked regions in the Chinese mainland, separated by commas (,).
Conditions List<Pulumi.AliCloud.Dcdn.Inputs.WafRuleCondition>: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
DefenseScene string: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
Effect string: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
GmtModified string: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
OtherRegionList string: Blocked regions outside the Chinese mainland, separated by commas (,).
PolicyId string: The protection policy ID.
RateLimit Pulumi.AliCloud.Dcdn.Inputs.WafRuleRateLimit: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
RegularRules List<string>: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
RegularTypes List<string>: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
RemoteAddrs List<string>: Filter by IP address.
RuleName string: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
Scenes List<string>: The types of the protection policies.
Status string: The status of the waf rule. Valid values: on and off. Default value: on.
WafGroupIds string: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

Action string: Specifies the action of the rule. Valid values: block, monitor, js.
CcStatus string: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
CnRegionList string: The blocked regions in the Chinese mainland, separated by commas (,).
Conditions []WafRuleConditionArgs: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
DefenseScene string: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
Effect string: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
GmtModified string: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
OtherRegionList string: Blocked regions outside the Chinese mainland, separated by commas (,).
PolicyId string: The protection policy ID.
RateLimit WafRuleRateLimitArgs: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
RegularRules []string: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
RegularTypes []string: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
RemoteAddrs []string: Filter by IP address.
RuleName string: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
Scenes []string: The types of the protection policies.
Status string: The status of the waf rule. Valid values: on and off. Default value: on.
WafGroupIds string: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

action String: Specifies the action of the rule. Valid values: block, monitor, js.
ccStatus String: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cnRegionList String: The blocked regions in the Chinese mainland, separated by commas (,).
conditions List<WafRuleCondition>: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
defenseScene String: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
effect String: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
gmtModified String: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
otherRegionList String: Blocked regions outside the Chinese mainland, separated by commas (,).
policyId String: The protection policy ID.
rateLimit WafRuleRateLimit: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regularRules List<String>: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regularTypes List<String>: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remoteAddrs List<String>: Filter by IP address.
ruleName String: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
scenes List<String>: The types of the protection policies.
status String: The status of the waf rule. Valid values: on and off. Default value: on.
wafGroupIds String: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

action string: Specifies the action of the rule. Valid values: block, monitor, js.
ccStatus string: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cnRegionList string: The blocked regions in the Chinese mainland, separated by commas (,).
conditions WafRuleCondition[]: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
defenseScene string: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
effect string: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
gmtModified string: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
otherRegionList string: Blocked regions outside the Chinese mainland, separated by commas (,).
policyId string: The protection policy ID.
rateLimit WafRuleRateLimit: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regularRules string[]: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regularTypes string[]: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remoteAddrs string[]: Filter by IP address.
ruleName string: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
scenes string[]: The types of the protection policies.
status string: The status of the waf rule. Valid values: on and off. Default value: on.
wafGroupIds string: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

action str: Specifies the action of the rule. Valid values: block, monitor, js.
cc_status str: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cn_region_list str: The blocked regions in the Chinese mainland, separated by commas (,).
conditions Sequence[WafRuleConditionArgs]: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
defense_scene str: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
effect str: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
gmt_modified str: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
other_region_list str: Blocked regions outside the Chinese mainland, separated by commas (,).
policy_id str: The protection policy ID.
rate_limit WafRuleRateLimitArgs: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regular_rules Sequence[str]: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regular_types Sequence[str]: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remote_addrs Sequence[str]: Filter by IP address.
rule_name str: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
scenes Sequence[str]: The types of the protection policies.
status str: The status of the waf rule. Valid values: on and off. Default value: on.
waf_group_ids str: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

action String: Specifies the action of the rule. Valid values: block, monitor, js.
ccStatus String: Specifies whether to enable rate limiting. Valid values: on and off. NOTE: This parameter is required when policy is of type custom_acl.
cnRegionList String: The blocked regions in the Chinese mainland, separated by commas (,).
conditions List<Property Map>: Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
defenseScene String: The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelist
effect String: The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values: rule (takes effect for the current rule) and service (takes effect globally).
gmtModified String: Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
otherRegionList String: Blocked regions outside the Chinese mainland, separated by commas (,).
policyId String: The protection policy ID.
rateLimit Property Map: The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
regularRules List<String>: The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
regularTypes List<String>: Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]
remoteAddrs List<String>: Filter by IP address.
ruleName String: The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of type region_block.
scenes List<String>: The types of the protection policies.
status String: The status of the waf rule. Valid values: on and off. Default value: on.
wafGroupIds String: The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.

Supporting Types

WafRuleCondition, WafRuleConditionArgs

Key string: The match field.
OpValue string: The logical symbol.
SubKey string: The match subfield.
Values string: The match content. Separate multiple values with commas (,).

Key string: The match field.
OpValue string: The logical symbol.
SubKey string: The match subfield.
Values string: The match content. Separate multiple values with commas (,).

key String: The match field.
opValue String: The logical symbol.
subKey String: The match subfield.
values String: The match content. Separate multiple values with commas (,).

key string: The match field.
opValue string: The logical symbol.
subKey string: The match subfield.
values string: The match content. Separate multiple values with commas (,).

key str: The match field.
op_value str: The logical symbol.
sub_key str: The match subfield.
values str: The match content. Separate multiple values with commas (,).

key String: The match field.
opValue String: The logical symbol.
subKey String: The match subfield.
values String: The match content. Separate multiple values with commas (,).

WafRuleRateLimit, WafRuleRateLimitArgs

Interval int: Statistical duration, 5-1800.
Status Pulumi.AliCloud.Dcdn.Inputs.WafRuleRateLimitStatus: Response code statistics. See status below.
SubKey string: The subfield of the target field. If you set target to Header, Query String Parameter, or Cookie Name, you must configure sub_key.
Target string: The statistical field for frequency control. Currently, IP, Header, Query String Parameter, Cookie Name, Session is supported.
Threshold int: The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.
Ttl int: The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.

Interval int: Statistical duration, 5-1800.
Status WafRuleRateLimitStatus: Response code statistics. See status below.
SubKey string: The subfield of the target field. If you set target to Header, Query String Parameter, or Cookie Name, you must configure sub_key.
Target string: The statistical field for frequency control. Currently, IP, Header, Query String Parameter, Cookie Name, Session is supported.
Threshold int: The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.
Ttl int: The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.

interval Integer: Statistical duration, 5-1800.
status WafRuleRateLimitStatus: Response code statistics. See status below.
subKey String: The subfield of the target field. If you set target to Header, Query String Parameter, or Cookie Name, you must configure sub_key.
target String: The statistical field for frequency control. Currently, IP, Header, Query String Parameter, Cookie Name, Session is supported.
threshold Integer: The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.
ttl Integer: The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.

interval number: Statistical duration, 5-1800.
status WafRuleRateLimitStatus: Response code statistics. See status below.
subKey string: The subfield of the target field. If you set target to Header, Query String Parameter, or Cookie Name, you must configure sub_key.
target string: The statistical field for frequency control. Currently, IP, Header, Query String Parameter, Cookie Name, Session is supported.
threshold number: The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.
ttl number: The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.

interval int: Statistical duration, 5-1800.
status WafRuleRateLimitStatus: Response code statistics. See status below.
sub_key str: The subfield of the target field. If you set target to Header, Query String Parameter, or Cookie Name, you must configure sub_key.
target str: The statistical field for frequency control. Currently, IP, Header, Query String Parameter, Cookie Name, Session is supported.
threshold int: The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.
ttl int: The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.

interval Number: Statistical duration, 5-1800.
status Property Map: Response code statistics. See status below.
subKey String: The subfield of the target field. If you set target to Header, Query String Parameter, or Cookie Name, you must configure sub_key.
target String: The statistical field for frequency control. Currently, IP, Header, Query String Parameter, Cookie Name, Session is supported.
threshold Number: The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.
ttl Number: The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.

WafRuleRateLimitStatus, WafRuleRateLimitStatusArgs

Code string
Count int
Ratio int

Code string
Count int
Ratio int

code String
count Integer
ratio Integer

code string
count number
ratio number

code str
count int
ratio int

code String
count Number
ratio Number

Import

Dcdn Waf Rule can be imported using the id, e.g.

$ pulumi import alicloud:dcdn/wafRule:WafRule example <id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.55.0 published on Tuesday, Apr 30, 2024 by Pulumi

pulumi/pulumi-alicloud

alicloud.dcdn.WafRule

On this page

On this page

Example Usage

Create WafRule Resource

Constructor syntax

Parameters

Example

WafRule Resource Properties

Inputs

Outputs

Look up Existing WafRule Resource

Supporting Types

WafRuleCondition, WafRuleConditionArgs

WafRuleRateLimit, WafRuleRateLimitArgs

WafRuleRateLimitStatus, WafRuleRateLimitStatusArgs

Import

Package Details

On this page

On this page