Docs Home
Alibaba Cloud v3.85.0 published on Tuesday, Sep 9, 2025 by Pulumi
alicloud.wafv3.DefenseRule
Explore with Pulumi AI
Provides a WAFV3 Defense Rule resource.
For information about WAFV3 Defense Rule and how to use it, see What is Defense Rule.
NOTE: Available since v1.257.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "tfaccwafv310619";
const regionId = config.get("regionId") || "cn-hangzhou";
const _default = alicloud.wafv3.getInstances({});
const defaultDomain = new alicloud.wafv3.Domain("default", {
instanceId: _default.then(_default => _default.ids?.[0]),
listen: {
protectionResource: "share",
httpPorts: [
81,
82,
83,
],
httpsPorts: [],
xffHeaderMode: 2,
xffHeaders: [
"examplea",
"exampleb",
"examplec",
],
customCiphers: [],
ipv6Enabled: true,
},
redirect: {
keepaliveTimeout: 15,
backends: [
"1.1.1.1",
"3.3.3.3",
"2.2.2.2",
],
writeTimeout: 5,
keepaliveRequests: 1000,
requestHeaders: [
{
key: "examplekey1",
value: "exampleValue1",
},
{
key: "key1",
value: "value1",
},
{
key: "key22",
value: "value22",
},
],
loadbalance: "iphash",
focusHttpBackend: false,
sniEnabled: false,
connectTimeout: 5,
readTimeout: 5,
keepalive: true,
retry: true,
},
domain: "zcexample_250746.wafqax.top",
accessType: "share",
});
const defaultDefenseRule = new alicloud.wafv3.DefenseRule("default", {
defenseOrigin: "custom",
config: {
accountIdentifiers: [{
priority: 2,
decodeType: "jwt",
key: "Query-Arg",
subKey: "adb",
position: "jwt",
}],
},
instanceId: _default.then(_default => _default.ids?.[0]),
defenseType: "resource",
defenseScene: "account_identifier",
ruleStatus: 1,
resource: defaultDomain.domainId,
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "tfaccwafv310619"
region_id = config.get("regionId")
if region_id is None:
region_id = "cn-hangzhou"
default = alicloud.wafv3.get_instances()
default_domain = alicloud.wafv3.Domain("default",
instance_id=default.ids[0],
listen={
"protection_resource": "share",
"http_ports": [
81,
82,
83,
],
"https_ports": [],
"xff_header_mode": 2,
"xff_headers": [
"examplea",
"exampleb",
"examplec",
],
"custom_ciphers": [],
"ipv6_enabled": True,
},
redirect={
"keepalive_timeout": 15,
"backends": [
"1.1.1.1",
"3.3.3.3",
"2.2.2.2",
],
"write_timeout": 5,
"keepalive_requests": 1000,
"request_headers": [
{
"key": "examplekey1",
"value": "exampleValue1",
},
{
"key": "key1",
"value": "value1",
},
{
"key": "key22",
"value": "value22",
},
],
"loadbalance": "iphash",
"focus_http_backend": False,
"sni_enabled": False,
"connect_timeout": 5,
"read_timeout": 5,
"keepalive": True,
"retry": True,
},
domain="zcexample_250746.wafqax.top",
access_type="share")
default_defense_rule = alicloud.wafv3.DefenseRule("default",
defense_origin="custom",
config={
"account_identifiers": [{
"priority": 2,
"decode_type": "jwt",
"key": "Query-Arg",
"sub_key": "adb",
"position": "jwt",
}],
},
instance_id=default.ids[0],
defense_type="resource",
defense_scene="account_identifier",
rule_status=1,
resource=default_domain.domain_id)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/wafv3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "tfaccwafv310619"
if param := cfg.Get("name"); param != "" {
name = param
}
regionId := "cn-hangzhou"
if param := cfg.Get("regionId"); param != "" {
regionId = param
}
_default, err := wafv3.GetInstances(ctx, &wafv3.GetInstancesArgs{}, nil)
if err != nil {
return err
}
defaultDomain, err := wafv3.NewDomain(ctx, "default", &wafv3.DomainArgs{
InstanceId: pulumi.String(_default.Ids[0]),
Listen: &wafv3.DomainListenArgs{
ProtectionResource: pulumi.String("share"),
HttpPorts: pulumi.IntArray{
pulumi.Int(81),
pulumi.Int(82),
pulumi.Int(83),
},
HttpsPorts: pulumi.IntArray{},
XffHeaderMode: pulumi.Int(2),
XffHeaders: pulumi.StringArray{
pulumi.String("examplea"),
pulumi.String("exampleb"),
pulumi.String("examplec"),
},
CustomCiphers: pulumi.StringArray{},
Ipv6Enabled: pulumi.Bool(true),
},
Redirect: &wafv3.DomainRedirectArgs{
KeepaliveTimeout: pulumi.Int(15),
Backends: pulumi.StringArray{
pulumi.String("1.1.1.1"),
pulumi.String("3.3.3.3"),
pulumi.String("2.2.2.2"),
},
WriteTimeout: pulumi.Int(5),
KeepaliveRequests: pulumi.Int(1000),
RequestHeaders: wafv3.DomainRedirectRequestHeaderArray{
&wafv3.DomainRedirectRequestHeaderArgs{
Key: pulumi.String("examplekey1"),
Value: pulumi.String("exampleValue1"),
},
&wafv3.DomainRedirectRequestHeaderArgs{
Key: pulumi.String("key1"),
Value: pulumi.String("value1"),
},
&wafv3.DomainRedirectRequestHeaderArgs{
Key: pulumi.String("key22"),
Value: pulumi.String("value22"),
},
},
Loadbalance: pulumi.String("iphash"),
FocusHttpBackend: pulumi.Bool(false),
SniEnabled: pulumi.Bool(false),
ConnectTimeout: pulumi.Int(5),
ReadTimeout: pulumi.Int(5),
Keepalive: pulumi.Bool(true),
Retry: pulumi.Bool(true),
},
Domain: pulumi.String("zcexample_250746.wafqax.top"),
AccessType: pulumi.String("share"),
})
if err != nil {
return err
}
_, err = wafv3.NewDefenseRule(ctx, "default", &wafv3.DefenseRuleArgs{
DefenseOrigin: pulumi.String("custom"),
Config: &wafv3.DefenseRuleConfigArgs{
AccountIdentifiers: wafv3.DefenseRuleConfigAccountIdentifierArray{
&wafv3.DefenseRuleConfigAccountIdentifierArgs{
Priority: pulumi.Int(2),
DecodeType: pulumi.String("jwt"),
Key: pulumi.String("Query-Arg"),
SubKey: pulumi.String("adb"),
Position: pulumi.String("jwt"),
},
},
},
InstanceId: pulumi.String(_default.Ids[0]),
DefenseType: pulumi.String("resource"),
DefenseScene: pulumi.String("account_identifier"),
RuleStatus: pulumi.Int(1),
Resource: defaultDomain.DomainId,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "tfaccwafv310619";
var regionId = config.Get("regionId") ?? "cn-hangzhou";
var @default = AliCloud.Wafv3.GetInstances.Invoke();
var defaultDomain = new AliCloud.Wafv3.Domain("default", new()
{
InstanceId = @default.Apply(@default => @default.Apply(getInstancesResult => getInstancesResult.Ids[0])),
Listen = new AliCloud.Wafv3.Inputs.DomainListenArgs
{
ProtectionResource = "share",
HttpPorts = new[]
{
81,
82,
83,
},
HttpsPorts = new() { },
XffHeaderMode = 2,
XffHeaders = new[]
{
"examplea",
"exampleb",
"examplec",
},
CustomCiphers = new() { },
Ipv6Enabled = true,
},
Redirect = new AliCloud.Wafv3.Inputs.DomainRedirectArgs
{
KeepaliveTimeout = 15,
Backends = new[]
{
"1.1.1.1",
"3.3.3.3",
"2.2.2.2",
},
WriteTimeout = 5,
KeepaliveRequests = 1000,
RequestHeaders = new[]
{
new AliCloud.Wafv3.Inputs.DomainRedirectRequestHeaderArgs
{
Key = "examplekey1",
Value = "exampleValue1",
},
new AliCloud.Wafv3.Inputs.DomainRedirectRequestHeaderArgs
{
Key = "key1",
Value = "value1",
},
new AliCloud.Wafv3.Inputs.DomainRedirectRequestHeaderArgs
{
Key = "key22",
Value = "value22",
},
},
Loadbalance = "iphash",
FocusHttpBackend = false,
SniEnabled = false,
ConnectTimeout = 5,
ReadTimeout = 5,
Keepalive = true,
Retry = true,
},
DomainName = "zcexample_250746.wafqax.top",
AccessType = "share",
});
var defaultDefenseRule = new AliCloud.Wafv3.DefenseRule("default", new()
{
DefenseOrigin = "custom",
Config = new AliCloud.Wafv3.Inputs.DefenseRuleConfigArgs
{
AccountIdentifiers = new[]
{
new AliCloud.Wafv3.Inputs.DefenseRuleConfigAccountIdentifierArgs
{
Priority = 2,
DecodeType = "jwt",
Key = "Query-Arg",
SubKey = "adb",
Position = "jwt",
},
},
},
InstanceId = @default.Apply(@default => @default.Apply(getInstancesResult => getInstancesResult.Ids[0])),
DefenseType = "resource",
DefenseScene = "account_identifier",
RuleStatus = 1,
Resource = defaultDomain.DomainId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.wafv3.Wafv3Functions;
import com.pulumi.alicloud.wafv3.inputs.GetInstancesArgs;
import com.pulumi.alicloud.wafv3.Domain;
import com.pulumi.alicloud.wafv3.DomainArgs;
import com.pulumi.alicloud.wafv3.inputs.DomainListenArgs;
import com.pulumi.alicloud.wafv3.inputs.DomainRedirectArgs;
import com.pulumi.alicloud.wafv3.DefenseRule;
import com.pulumi.alicloud.wafv3.DefenseRuleArgs;
import com.pulumi.alicloud.wafv3.inputs.DefenseRuleConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tfaccwafv310619");
final var regionId = config.get("regionId").orElse("cn-hangzhou");
final var default = Wafv3Functions.getInstances(GetInstancesArgs.builder()
.build());
var defaultDomain = new Domain("defaultDomain", DomainArgs.builder()
.instanceId(default_.ids()[0])
.listen(DomainListenArgs.builder()
.protectionResource("share")
.httpPorts(
81,
82,
83)
.httpsPorts()
.xffHeaderMode(2)
.xffHeaders(
"examplea",
"exampleb",
"examplec")
.customCiphers()
.ipv6Enabled(true)
.build())
.redirect(DomainRedirectArgs.builder()
.keepaliveTimeout(15)
.backends(
"1.1.1.1",
"3.3.3.3",
"2.2.2.2")
.writeTimeout(5)
.keepaliveRequests(1000)
.requestHeaders(
DomainRedirectRequestHeaderArgs.builder()
.key("examplekey1")
.value("exampleValue1")
.build(),
DomainRedirectRequestHeaderArgs.builder()
.key("key1")
.value("value1")
.build(),
DomainRedirectRequestHeaderArgs.builder()
.key("key22")
.value("value22")
.build())
.loadbalance("iphash")
.focusHttpBackend(false)
.sniEnabled(false)
.connectTimeout(5)
.readTimeout(5)
.keepalive(true)
.retry(true)
.build())
.domain("zcexample_250746.wafqax.top")
.accessType("share")
.build());
var defaultDefenseRule = new DefenseRule("defaultDefenseRule", DefenseRuleArgs.builder()
.defenseOrigin("custom")
.config(DefenseRuleConfigArgs.builder()
.accountIdentifiers(DefenseRuleConfigAccountIdentifierArgs.builder()
.priority(2)
.decodeType("jwt")
.key("Query-Arg")
.subKey("adb")
.position("jwt")
.build())
.build())
.instanceId(default_.ids()[0])
.defenseType("resource")
.defenseScene("account_identifier")
.ruleStatus(1)
.resource(defaultDomain.domainId())
.build());
}
}
configuration:
name:
type: string
default: tfaccwafv310619
regionId:
type: string
default: cn-hangzhou
resources:
defaultDomain:
type: alicloud:wafv3:Domain
name: default
properties:
instanceId: ${default.ids[0]}
listen:
protectionResource: share
httpPorts:
- '81'
- '82'
- '83'
httpsPorts: []
xffHeaderMode: '2'
xffHeaders:
- examplea
- exampleb
- examplec
customCiphers: []
ipv6Enabled: 'true'
redirect:
keepaliveTimeout: '15'
backends:
- 1.1.1.1
- 3.3.3.3
- 2.2.2.2
writeTimeout: '5'
keepaliveRequests: '1000'
requestHeaders:
- key: examplekey1
value: exampleValue1
- key: key1
value: value1
- key: key22
value: value22
loadbalance: iphash
focusHttpBackend: 'false'
sniEnabled: 'false'
connectTimeout: '5'
readTimeout: '5'
keepalive: 'true'
retry: 'true'
domain: zcexample_250746.wafqax.top
accessType: share
defaultDefenseRule:
type: alicloud:wafv3:DefenseRule
name: default
properties:
defenseOrigin: custom
config:
accountIdentifiers:
- priority: '2'
decodeType: jwt
key: Query-Arg
subKey: adb
position: jwt
instanceId: ${default.ids[0]}
defenseType: resource
defenseScene: account_identifier
ruleStatus: '1'
resource: ${defaultDomain.domainId}
variables:
default:
fn::invoke:
function: alicloud:wafv3:getInstances
arguments: {}
Create DefenseRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DefenseRule(name: string, args: DefenseRuleArgs, opts?: CustomResourceOptions);@overload
def DefenseRule(resource_name: str,
args: DefenseRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DefenseRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[DefenseRuleConfigArgs] = None,
defense_scene: Optional[str] = None,
defense_type: Optional[str] = None,
instance_id: Optional[str] = None,
defense_origin: Optional[str] = None,
resource: Optional[str] = None,
rule_name: Optional[str] = None,
rule_status: Optional[int] = None,
template_id: Optional[int] = None)func NewDefenseRule(ctx *Context, name string, args DefenseRuleArgs, opts ...ResourceOption) (*DefenseRule, error)public DefenseRule(string name, DefenseRuleArgs args, CustomResourceOptions? opts = null)
public DefenseRule(String name, DefenseRuleArgs args)
public DefenseRule(String name, DefenseRuleArgs args, CustomResourceOptions options)
type: alicloud:wafv3:DefenseRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DefenseRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DefenseRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DefenseRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefenseRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DefenseRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var defenseRuleResource = new AliCloud.Wafv3.DefenseRule("defenseRuleResource", new()
{
Config = new AliCloud.Wafv3.Inputs.DefenseRuleConfigArgs
{
AbroadRegions = "string",
AccountIdentifiers = new[]
{
new AliCloud.Wafv3.Inputs.DefenseRuleConfigAccountIdentifierArgs
{
DecodeType = "string",
Key = "string",
Position = "string",
Priority = 0,
SubKey = "string",
},
},
BypassRegularRules = new[]
{
"string",
},
BypassRegularTypes = new[]
{
"string",
},
BypassTags = new[]
{
"string",
},
CcEffect = "string",
CcStatus = 0,
CnRegions = "string",
Conditions = new[]
{
new AliCloud.Wafv3.Inputs.DefenseRuleConfigConditionArgs
{
Key = "string",
OpValue = "string",
SubKey = "string",
Values = "string",
},
},
Mode = 0,
Protocol = "string",
RateLimit = new AliCloud.Wafv3.Inputs.DefenseRuleConfigRateLimitArgs
{
Interval = 0,
Status = new AliCloud.Wafv3.Inputs.DefenseRuleConfigRateLimitStatusArgs
{
Code = 0,
Count = 0,
Ratio = 0,
},
SubKey = "string",
Target = "string",
Threshold = 0,
Ttl = 0,
},
RemoteAddrs = new[]
{
"string",
},
RuleAction = "string",
ThrottleThrehold = 0,
ThrottleType = "string",
Ua = "string",
Url = "string",
},
DefenseScene = "string",
DefenseType = "string",
InstanceId = "string",
DefenseOrigin = "string",
Resource = "string",
RuleName = "string",
RuleStatus = 0,
TemplateId = 0,
});
example, err := wafv3.NewDefenseRule(ctx, "defenseRuleResource", &wafv3.DefenseRuleArgs{
Config: &wafv3.DefenseRuleConfigArgs{
AbroadRegions: pulumi.String("string"),
AccountIdentifiers: wafv3.DefenseRuleConfigAccountIdentifierArray{
&wafv3.DefenseRuleConfigAccountIdentifierArgs{
DecodeType: pulumi.String("string"),
Key: pulumi.String("string"),
Position: pulumi.String("string"),
Priority: pulumi.Int(0),
SubKey: pulumi.String("string"),
},
},
BypassRegularRules: pulumi.StringArray{
pulumi.String("string"),
},
BypassRegularTypes: pulumi.StringArray{
pulumi.String("string"),
},
BypassTags: pulumi.StringArray{
pulumi.String("string"),
},
CcEffect: pulumi.String("string"),
CcStatus: pulumi.Int(0),
CnRegions: pulumi.String("string"),
Conditions: wafv3.DefenseRuleConfigConditionArray{
&wafv3.DefenseRuleConfigConditionArgs{
Key: pulumi.String("string"),
OpValue: pulumi.String("string"),
SubKey: pulumi.String("string"),
Values: pulumi.String("string"),
},
},
Mode: pulumi.Int(0),
Protocol: pulumi.String("string"),
RateLimit: &wafv3.DefenseRuleConfigRateLimitArgs{
Interval: pulumi.Int(0),
Status: &wafv3.DefenseRuleConfigRateLimitStatusArgs{
Code: pulumi.Int(0),
Count: pulumi.Int(0),
Ratio: pulumi.Int(0),
},
SubKey: pulumi.String("string"),
Target: pulumi.String("string"),
Threshold: pulumi.Int(0),
Ttl: pulumi.Int(0),
},
RemoteAddrs: pulumi.StringArray{
pulumi.String("string"),
},
RuleAction: pulumi.String("string"),
ThrottleThrehold: pulumi.Int(0),
ThrottleType: pulumi.String("string"),
Ua: pulumi.String("string"),
Url: pulumi.String("string"),
},
DefenseScene: pulumi.String("string"),
DefenseType: pulumi.String("string"),
InstanceId: pulumi.String("string"),
DefenseOrigin: pulumi.String("string"),
Resource: pulumi.String("string"),
RuleName: pulumi.String("string"),
RuleStatus: pulumi.Int(0),
TemplateId: pulumi.Int(0),
})
var defenseRuleResource = new DefenseRule("defenseRuleResource", DefenseRuleArgs.builder()
.config(DefenseRuleConfigArgs.builder()
.abroadRegions("string")
.accountIdentifiers(DefenseRuleConfigAccountIdentifierArgs.builder()
.decodeType("string")
.key("string")
.position("string")
.priority(0)
.subKey("string")
.build())
.bypassRegularRules("string")
.bypassRegularTypes("string")
.bypassTags("string")
.ccEffect("string")
.ccStatus(0)
.cnRegions("string")
.conditions(DefenseRuleConfigConditionArgs.builder()
.key("string")
.opValue("string")
.subKey("string")
.values("string")
.build())
.mode(0)
.protocol("string")
.rateLimit(DefenseRuleConfigRateLimitArgs.builder()
.interval(0)
.status(DefenseRuleConfigRateLimitStatusArgs.builder()
.code(0)
.count(0)
.ratio(0)
.build())
.subKey("string")
.target("string")
.threshold(0)
.ttl(0)
.build())
.remoteAddrs("string")
.ruleAction("string")
.throttleThrehold(0)
.throttleType("string")
.ua("string")
.url("string")
.build())
.defenseScene("string")
.defenseType("string")
.instanceId("string")
.defenseOrigin("string")
.resource("string")
.ruleName("string")
.ruleStatus(0)
.templateId(0)
.build());
defense_rule_resource = alicloud.wafv3.DefenseRule("defenseRuleResource",
config={
"abroad_regions": "string",
"account_identifiers": [{
"decode_type": "string",
"key": "string",
"position": "string",
"priority": 0,
"sub_key": "string",
}],
"bypass_regular_rules": ["string"],
"bypass_regular_types": ["string"],
"bypass_tags": ["string"],
"cc_effect": "string",
"cc_status": 0,
"cn_regions": "string",
"conditions": [{
"key": "string",
"op_value": "string",
"sub_key": "string",
"values": "string",
}],
"mode": 0,
"protocol": "string",
"rate_limit": {
"interval": 0,
"status": {
"code": 0,
"count": 0,
"ratio": 0,
},
"sub_key": "string",
"target": "string",
"threshold": 0,
"ttl": 0,
},
"remote_addrs": ["string"],
"rule_action": "string",
"throttle_threhold": 0,
"throttle_type": "string",
"ua": "string",
"url": "string",
},
defense_scene="string",
defense_type="string",
instance_id="string",
defense_origin="string",
resource="string",
rule_name="string",
rule_status=0,
template_id=0)
const defenseRuleResource = new alicloud.wafv3.DefenseRule("defenseRuleResource", {
config: {
abroadRegions: "string",
accountIdentifiers: [{
decodeType: "string",
key: "string",
position: "string",
priority: 0,
subKey: "string",
}],
bypassRegularRules: ["string"],
bypassRegularTypes: ["string"],
bypassTags: ["string"],
ccEffect: "string",
ccStatus: 0,
cnRegions: "string",
conditions: [{
key: "string",
opValue: "string",
subKey: "string",
values: "string",
}],
mode: 0,
protocol: "string",
rateLimit: {
interval: 0,
status: {
code: 0,
count: 0,
ratio: 0,
},
subKey: "string",
target: "string",
threshold: 0,
ttl: 0,
},
remoteAddrs: ["string"],
ruleAction: "string",
throttleThrehold: 0,
throttleType: "string",
ua: "string",
url: "string",
},
defenseScene: "string",
defenseType: "string",
instanceId: "string",
defenseOrigin: "string",
resource: "string",
ruleName: "string",
ruleStatus: 0,
templateId: 0,
});
type: alicloud:wafv3:DefenseRule
properties:
config:
abroadRegions: string
accountIdentifiers:
- decodeType: string
key: string
position: string
priority: 0
subKey: string
bypassRegularRules:
- string
bypassRegularTypes:
- string
bypassTags:
- string
ccEffect: string
ccStatus: 0
cnRegions: string
conditions:
- key: string
opValue: string
subKey: string
values: string
mode: 0
protocol: string
rateLimit:
interval: 0
status:
code: 0
count: 0
ratio: 0
subKey: string
target: string
threshold: 0
ttl: 0
remoteAddrs:
- string
ruleAction: string
throttleThrehold: 0
throttleType: string
ua: string
url: string
defenseOrigin: string
defenseScene: string
defenseType: string
instanceId: string
resource: string
ruleName: string
ruleStatus: 0
templateId: 0
DefenseRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DefenseRule resource accepts the following input properties:
- Config
Pulumi.
Ali Cloud. Wafv3. Inputs. Defense Rule Config Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- Defense
Scene string The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- Defense
Type string - The protection rule type. Value:
- Instance
Id string - The ID of the Web Application Firewall (WAF) instance.
- Defense
Origin string - Sources of protection. Value:
- Resource string
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- Rule
Name string - The rule name.
- Rule
Status int - Protection rule status.
- Template
Id int - The protection template ID of the protection rule to be created.
- Config
Defense
Rule Config Args Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- Defense
Scene string The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- Defense
Type string - The protection rule type. Value:
- Instance
Id string - The ID of the Web Application Firewall (WAF) instance.
- Defense
Origin string - Sources of protection. Value:
- Resource string
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- Rule
Name string - The rule name.
- Rule
Status int - Protection rule status.
- Template
Id int - The protection template ID of the protection rule to be created.
- config
Defense
Rule Config Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense
Scene String The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense
Type String - The protection rule type. Value:
- instance
Id String - The ID of the Web Application Firewall (WAF) instance.
- defense
Origin String - Sources of protection. Value:
- resource String
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule
Name String - The rule name.
- rule
Status Integer - Protection rule status.
- template
Id Integer - The protection template ID of the protection rule to be created.
- config
Defense
Rule Config Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense
Scene string The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense
Type string - The protection rule type. Value:
- instance
Id string - The ID of the Web Application Firewall (WAF) instance.
- defense
Origin string - Sources of protection. Value:
- resource string
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule
Name string - The rule name.
- rule
Status number - Protection rule status.
- template
Id number - The protection template ID of the protection rule to be created.
- config
Defense
Rule Config Args Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense_
scene str The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense_
type str - The protection rule type. Value:
- instance_
id str - The ID of the Web Application Firewall (WAF) instance.
- defense_
origin str - Sources of protection. Value:
- resource str
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule_
name str - The rule name.
- rule_
status int - Protection rule status.
- template_
id int - The protection template ID of the protection rule to be created.
- config Property Map
Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense
Scene String The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense
Type String - The protection rule type. Value:
- instance
Id String - The ID of the Web Application Firewall (WAF) instance.
- defense
Origin String - Sources of protection. Value:
- resource String
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule
Name String - The rule name.
- rule
Status Number - Protection rule status.
- template
Id Number - The protection template ID of the protection rule to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the DefenseRule resource produces the following output properties:
Look up Existing DefenseRule Resource
Get an existing DefenseRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DefenseRuleState, opts?: CustomResourceOptions): DefenseRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[DefenseRuleConfigArgs] = None,
defense_origin: Optional[str] = None,
defense_scene: Optional[str] = None,
defense_type: Optional[str] = None,
instance_id: Optional[str] = None,
resource: Optional[str] = None,
rule_id: Optional[int] = None,
rule_name: Optional[str] = None,
rule_status: Optional[int] = None,
template_id: Optional[int] = None) -> DefenseRulefunc GetDefenseRule(ctx *Context, name string, id IDInput, state *DefenseRuleState, opts ...ResourceOption) (*DefenseRule, error)public static DefenseRule Get(string name, Input<string> id, DefenseRuleState? state, CustomResourceOptions? opts = null)public static DefenseRule get(String name, Output<String> id, DefenseRuleState state, CustomResourceOptions options)resources: _: type: alicloud:wafv3:DefenseRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Pulumi.
Ali Cloud. Wafv3. Inputs. Defense Rule Config Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- Defense
Origin string - Sources of protection. Value:
- Defense
Scene string The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- Defense
Type string - The protection rule type. Value:
- Instance
Id string - The ID of the Web Application Firewall (WAF) instance.
- Resource string
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- Rule
Id int - The protection rule ID.
- Rule
Name string - The rule name.
- Rule
Status int - Protection rule status.
- Template
Id int - The protection template ID of the protection rule to be created.
- Config
Defense
Rule Config Args Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- Defense
Origin string - Sources of protection. Value:
- Defense
Scene string The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- Defense
Type string - The protection rule type. Value:
- Instance
Id string - The ID of the Web Application Firewall (WAF) instance.
- Resource string
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- Rule
Id int - The protection rule ID.
- Rule
Name string - The rule name.
- Rule
Status int - Protection rule status.
- Template
Id int - The protection template ID of the protection rule to be created.
- config
Defense
Rule Config Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense
Origin String - Sources of protection. Value:
- defense
Scene String The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense
Type String - The protection rule type. Value:
- instance
Id String - The ID of the Web Application Firewall (WAF) instance.
- resource String
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule
Id Integer - The protection rule ID.
- rule
Name String - The rule name.
- rule
Status Integer - Protection rule status.
- template
Id Integer - The protection template ID of the protection rule to be created.
- config
Defense
Rule Config Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense
Origin string - Sources of protection. Value:
- defense
Scene string The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense
Type string - The protection rule type. Value:
- instance
Id string - The ID of the Web Application Firewall (WAF) instance.
- resource string
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule
Id number - The protection rule ID.
- rule
Name string - The rule name.
- rule
Status number - Protection rule status.
- template
Id number - The protection template ID of the protection rule to be created.
- config
Defense
Rule Config Args Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense_
origin str - Sources of protection. Value:
- defense_
scene str The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense_
type str - The protection rule type. Value:
- instance_
id str - The ID of the Web Application Firewall (WAF) instance.
- resource str
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule_
id int - The protection rule ID.
- rule_
name str - The rule name.
- rule_
status int - Protection rule status.
- template_
id int - The protection template ID of the protection rule to be created.
- config Property Map
Rule configuration content, in JSON format, constructed with a series of parameters.
NOTE: Depending on the specified protection rule type(
DefenseScene), the specific parameters vary. For more information, see Protection Rule Parameter Description. Seeconfigbelow.- defense
Origin String - Sources of protection. Value:
- defense
Scene String The WAF protection scenario to be created.
When the protection rule type
DefenseTypeis set totemplate, the value is as follows:- defense
Type String - The protection rule type. Value:
- instance
Id String - The ID of the Web Application Firewall (WAF) instance.
- resource String
The protection object corresponding to the rule to be queried.
NOTE: This parameter is required only when
DefenseTypeis set toresource.- rule
Id Number - The protection rule ID.
- rule
Name String - The rule name.
- rule
Status Number - Protection rule status.
- template
Id Number - The protection template ID of the protection rule to be created.
Supporting Types
DefenseRuleConfig, DefenseRuleConfigArgs
- Abroad
Regions string - The regions outside China from which you want to block requests. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the countries and regions outside China that can be blocked.
- Account
Identifiers List<Pulumi.Ali Cloud. Wafv3. Inputs. Defense Rule Config Account Identifier> - The policies for account extraction. Up to five policies are supported. Each policy is a JSON string. For more information, see accountIdentifiers description. See
account_identifiersbelow. - Bypass
Regular List<string>Rules - The list of regular rule IDs that are not detected. The value is in the ["XX1", "XX2",...] format. This parameter is required only when the module to which the whitelist applies is set to specific regular rules in basic protection (BypassTags is set to regular_rule).
- Bypass
Regular List<string>Types - The regular rule type is not detected. This parameter is configured only when the whitelist module is configured as the Web application regular type (the value of the BypassTags parameter is regular_type). Value:
- sqli: Indicates SQL injection.
- xss: Indicates cross-site scripting (XSS).
- cmdi: Indicates OS command injection.
- expression_injection: Indicates expression injection.
- java_deserialization: indicates Java deserialization.
- dot_net_deserialization: Represents. net deserialization.
- php_deserialization: indicates PHP deserialization.
- code_exec: Indicates code execution.
- ssrf: indicates SSRF (server-side request forgery).
- path_traversal: indicates a Path Traversal.
- arbitrary_file_uploading: Indicates to upload any file.
- webshell: Represents a webshell.
- rfilei: Indicates the remote file contains (RFI).
- lfilei: Indicates that the local file contains (LFI).
- protocol_violation: indicates a protocol violation.
- scanner_behavior: Indicates scanner behavior.
- logic_flaw: Indicates a business logic defect.
- arbitrary_file_reading: Indicates arbitrary file reading.
- arbitrary_file_download: Indicates an arbitrary file download.
- xxe: Indicates external entity injection.
- csrf: indicates cross-site request forgery.
- crlf: indicates CRLF.
- other: indicates other.
- List<string>
- The modules to which the whitelist applies. The value is in the ["XX1", "XX2",...] format. Valid values:
- waf: indicates all modules.
- customrule: indicates custom rules.
- blacklist: indicates IP blacklist.
- antiscan: indicates scan protection.
- regular: indicates basic protection rules.
- regular_rule: indicates specific regular rules in basic protection.
- regular_type: indicates specific regular rule types in basic protection.
- major_protection: indicates major event support protection.
- cc: indicates CC protection.
- region_block: indicates Location Blacklist.
- antibot_scene: indicates BOT scenario protection.
- dlp: indicates information leakage prevention.
- tamperproof: indicates web tamper-proofing.
- spike_throttle: indicates peak traffic throttling.
- Cc
Effect string - Set the effective range of the speed limit. This information is configured only when ccStatus is set to 1. Value:
- service: indicates that the effective object is a protected object.
- rule: indicates that the effective object is a single rule.
- Cc
Status int - Whether to open the speed limit. Value:
- 0: indicates that the speed limit is off.
- 1: Indicates that the speed limit is on.
- Cn
Regions string - The regions in China from which you want to block requests. If you specify "CN", requests from the Chinese mainland (excluding Hong Kong, Macao, and Taiwan) are blocked. Separate multiple regions with commas (,). For more information about region codes, see Description of region codes in China.
- Conditions
List<Pulumi.
Ali Cloud. Wafv3. Inputs. Defense Rule Config Condition> - The traffic characteristics of ACL, which are described in JSON format. You can enter up to five matching conditions. For specific configuration information, see detailed configuration of conditions. See
conditionsbelow. - Mode int
- The HTTP flood protection mode. Valid values:
- 0 (default): indicates normal protection.
- 1: indicates emergency protection.
- Protocol string
- The protocol type of the cached page address. Valid values: http, https.
- Rate
Limit Pulumi.Ali Cloud. Wafv3. Inputs. Defense Rule Config Rate Limit - The detailed speed limit configuration, which is described in the JSON string format. This information is configured only when CcStatus is set to 1. For specific configuration information, see detailed configuration of Ratelimit. See
rate_limitbelow. - Remote
Addrs List<string> - The IP addresses that you want to add to the blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.
- Rule
Action string Protection rule action. Value:
- block: Indicates an intercept.
- monitor: indicates observation.
- js: indicates JS validation.
- captcha: Indicates a slider.
- captcha_strict: indicates a strict slider.
- filter: filters sensitive information. This action applies only to scenarios that the Information leakage prevention rule include sensitive information match conditions.
NOTE: For the supported protection rule actions, follow the rule actions displayed in the WAF console.
- Throttle
Threhold int - The throttling threshold. Valid values:
- The QPS throttling threshold ranges from 1 to 5000000. If you select QPS throttling (such as 500 QPS), traffic that meets the throttling conditions and exceeds 500 QPS will be blocked.
- The percentage throttling threshold ranges from 1 to 99. If you select percentage throttling (such as 80%), only 80% of the traffic that meets the throttling conditions will be allowed.
- Throttle
Type string - The throttling method. Valid values:
- qps: indicates throttling based on queries per second (QPS).
- ratio (default): indicates throttling based on percentage.
- Ua string
- The User-Agent string that is allowed for access to the address.
- Url string
- The address of the cached page.
- Abroad
Regions string - The regions outside China from which you want to block requests. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the countries and regions outside China that can be blocked.
- Account
Identifiers []DefenseRule Config Account Identifier - The policies for account extraction. Up to five policies are supported. Each policy is a JSON string. For more information, see accountIdentifiers description. See
account_identifiersbelow. - Bypass
Regular []stringRules - The list of regular rule IDs that are not detected. The value is in the ["XX1", "XX2",...] format. This parameter is required only when the module to which the whitelist applies is set to specific regular rules in basic protection (BypassTags is set to regular_rule).
- Bypass
Regular []stringTypes - The regular rule type is not detected. This parameter is configured only when the whitelist module is configured as the Web application regular type (the value of the BypassTags parameter is regular_type). Value:
- sqli: Indicates SQL injection.
- xss: Indicates cross-site scripting (XSS).
- cmdi: Indicates OS command injection.
- expression_injection: Indicates expression injection.
- java_deserialization: indicates Java deserialization.
- dot_net_deserialization: Represents. net deserialization.
- php_deserialization: indicates PHP deserialization.
- code_exec: Indicates code execution.
- ssrf: indicates SSRF (server-side request forgery).
- path_traversal: indicates a Path Traversal.
- arbitrary_file_uploading: Indicates to upload any file.
- webshell: Represents a webshell.
- rfilei: Indicates the remote file contains (RFI).
- lfilei: Indicates that the local file contains (LFI).
- protocol_violation: indicates a protocol violation.
- scanner_behavior: Indicates scanner behavior.
- logic_flaw: Indicates a business logic defect.
- arbitrary_file_reading: Indicates arbitrary file reading.
- arbitrary_file_download: Indicates an arbitrary file download.
- xxe: Indicates external entity injection.
- csrf: indicates cross-site request forgery.
- crlf: indicates CRLF.
- other: indicates other.
- []string
- The modules to which the whitelist applies. The value is in the ["XX1", "XX2",...] format. Valid values:
- waf: indicates all modules.
- customrule: indicates custom rules.
- blacklist: indicates IP blacklist.
- antiscan: indicates scan protection.
- regular: indicates basic protection rules.
- regular_rule: indicates specific regular rules in basic protection.
- regular_type: indicates specific regular rule types in basic protection.
- major_protection: indicates major event support protection.
- cc: indicates CC protection.
- region_block: indicates Location Blacklist.
- antibot_scene: indicates BOT scenario protection.
- dlp: indicates information leakage prevention.
- tamperproof: indicates web tamper-proofing.
- spike_throttle: indicates peak traffic throttling.
- Cc
Effect string - Set the effective range of the speed limit. This information is configured only when ccStatus is set to 1. Value:
- service: indicates that the effective object is a protected object.
- rule: indicates that the effective object is a single rule.
- Cc
Status int - Whether to open the speed limit. Value:
- 0: indicates that the speed limit is off.
- 1: Indicates that the speed limit is on.
- Cn
Regions string - The regions in China from which you want to block requests. If you specify "CN", requests from the Chinese mainland (excluding Hong Kong, Macao, and Taiwan) are blocked. Separate multiple regions with commas (,). For more information about region codes, see Description of region codes in China.
- Conditions
[]Defense
Rule Config Condition - The traffic characteristics of ACL, which are described in JSON format. You can enter up to five matching conditions. For specific configuration information, see detailed configuration of conditions. See
conditionsbelow. - Mode int
- The HTTP flood protection mode. Valid values:
- 0 (default): indicates normal protection.
- 1: indicates emergency protection.
- Protocol string
- The protocol type of the cached page address. Valid values: http, https.
- Rate
Limit DefenseRule Config Rate Limit - The detailed speed limit configuration, which is described in the JSON string format. This information is configured only when CcStatus is set to 1. For specific configuration information, see detailed configuration of Ratelimit. See
rate_limitbelow. - Remote
Addrs []string - The IP addresses that you want to add to the blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.
- Rule
Action string Protection rule action. Value:
- block: Indicates an intercept.
- monitor: indicates observation.
- js: indicates JS validation.
- captcha: Indicates a slider.
- captcha_strict: indicates a strict slider.
- filter: filters sensitive information. This action applies only to scenarios that the Information leakage prevention rule include sensitive information match conditions.
NOTE: For the supported protection rule actions, follow the rule actions displayed in the WAF console.
- Throttle
Threhold int - The throttling threshold. Valid values:
- The QPS throttling threshold ranges from 1 to 5000000. If you select QPS throttling (such as 500 QPS), traffic that meets the throttling conditions and exceeds 500 QPS will be blocked.
- The percentage throttling threshold ranges from 1 to 99. If you select percentage throttling (such as 80%), only 80% of the traffic that meets the throttling conditions will be allowed.
- Throttle
Type string - The throttling method. Valid values:
- qps: indicates throttling based on queries per second (QPS).
- ratio (default): indicates throttling based on percentage.
- Ua string
- The User-Agent string that is allowed for access to the address.
- Url string
- The address of the cached page.
- abroad
Regions String - The regions outside China from which you want to block requests. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the countries and regions outside China that can be blocked.
- account
Identifiers List<DefenseRule Config Account Identifier> - The policies for account extraction. Up to five policies are supported. Each policy is a JSON string. For more information, see accountIdentifiers description. See
account_identifiersbelow. - bypass
Regular List<String>Rules - The list of regular rule IDs that are not detected. The value is in the ["XX1", "XX2",...] format. This parameter is required only when the module to which the whitelist applies is set to specific regular rules in basic protection (BypassTags is set to regular_rule).
- bypass
Regular List<String>Types - The regular rule type is not detected. This parameter is configured only when the whitelist module is configured as the Web application regular type (the value of the BypassTags parameter is regular_type). Value:
- sqli: Indicates SQL injection.
- xss: Indicates cross-site scripting (XSS).
- cmdi: Indicates OS command injection.
- expression_injection: Indicates expression injection.
- java_deserialization: indicates Java deserialization.
- dot_net_deserialization: Represents. net deserialization.
- php_deserialization: indicates PHP deserialization.
- code_exec: Indicates code execution.
- ssrf: indicates SSRF (server-side request forgery).
- path_traversal: indicates a Path Traversal.
- arbitrary_file_uploading: Indicates to upload any file.
- webshell: Represents a webshell.
- rfilei: Indicates the remote file contains (RFI).
- lfilei: Indicates that the local file contains (LFI).
- protocol_violation: indicates a protocol violation.
- scanner_behavior: Indicates scanner behavior.
- logic_flaw: Indicates a business logic defect.
- arbitrary_file_reading: Indicates arbitrary file reading.
- arbitrary_file_download: Indicates an arbitrary file download.
- xxe: Indicates external entity injection.
- csrf: indicates cross-site request forgery.
- crlf: indicates CRLF.
- other: indicates other.
- List<String>
- The modules to which the whitelist applies. The value is in the ["XX1", "XX2",...] format. Valid values:
- waf: indicates all modules.
- customrule: indicates custom rules.
- blacklist: indicates IP blacklist.
- antiscan: indicates scan protection.
- regular: indicates basic protection rules.
- regular_rule: indicates specific regular rules in basic protection.
- regular_type: indicates specific regular rule types in basic protection.
- major_protection: indicates major event support protection.
- cc: indicates CC protection.
- region_block: indicates Location Blacklist.
- antibot_scene: indicates BOT scenario protection.
- dlp: indicates information leakage prevention.
- tamperproof: indicates web tamper-proofing.
- spike_throttle: indicates peak traffic throttling.
- cc
Effect String - Set the effective range of the speed limit. This information is configured only when ccStatus is set to 1. Value:
- service: indicates that the effective object is a protected object.
- rule: indicates that the effective object is a single rule.
- cc
Status Integer - Whether to open the speed limit. Value:
- 0: indicates that the speed limit is off.
- 1: Indicates that the speed limit is on.
- cn
Regions String - The regions in China from which you want to block requests. If you specify "CN", requests from the Chinese mainland (excluding Hong Kong, Macao, and Taiwan) are blocked. Separate multiple regions with commas (,). For more information about region codes, see Description of region codes in China.
- conditions
List<Defense
Rule Config Condition> - The traffic characteristics of ACL, which are described in JSON format. You can enter up to five matching conditions. For specific configuration information, see detailed configuration of conditions. See
conditionsbelow. - mode Integer
- The HTTP flood protection mode. Valid values:
- 0 (default): indicates normal protection.
- 1: indicates emergency protection.
- protocol String
- The protocol type of the cached page address. Valid values: http, https.
- rate
Limit DefenseRule Config Rate Limit - The detailed speed limit configuration, which is described in the JSON string format. This information is configured only when CcStatus is set to 1. For specific configuration information, see detailed configuration of Ratelimit. See
rate_limitbelow. - remote
Addrs List<String> - The IP addresses that you want to add to the blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.
- rule
Action String Protection rule action. Value:
- block: Indicates an intercept.
- monitor: indicates observation.
- js: indicates JS validation.
- captcha: Indicates a slider.
- captcha_strict: indicates a strict slider.
- filter: filters sensitive information. This action applies only to scenarios that the Information leakage prevention rule include sensitive information match conditions.
NOTE: For the supported protection rule actions, follow the rule actions displayed in the WAF console.
- throttle
Threhold Integer - The throttling threshold. Valid values:
- The QPS throttling threshold ranges from 1 to 5000000. If you select QPS throttling (such as 500 QPS), traffic that meets the throttling conditions and exceeds 500 QPS will be blocked.
- The percentage throttling threshold ranges from 1 to 99. If you select percentage throttling (such as 80%), only 80% of the traffic that meets the throttling conditions will be allowed.
- throttle
Type String - The throttling method. Valid values:
- qps: indicates throttling based on queries per second (QPS).
- ratio (default): indicates throttling based on percentage.
- ua String
- The User-Agent string that is allowed for access to the address.
- url String
- The address of the cached page.
- abroad
Regions string - The regions outside China from which you want to block requests. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the countries and regions outside China that can be blocked.
- account
Identifiers DefenseRule Config Account Identifier[] - The policies for account extraction. Up to five policies are supported. Each policy is a JSON string. For more information, see accountIdentifiers description. See
account_identifiersbelow. - bypass
Regular string[]Rules - The list of regular rule IDs that are not detected. The value is in the ["XX1", "XX2",...] format. This parameter is required only when the module to which the whitelist applies is set to specific regular rules in basic protection (BypassTags is set to regular_rule).
- bypass
Regular string[]Types - The regular rule type is not detected. This parameter is configured only when the whitelist module is configured as the Web application regular type (the value of the BypassTags parameter is regular_type). Value:
- sqli: Indicates SQL injection.
- xss: Indicates cross-site scripting (XSS).
- cmdi: Indicates OS command injection.
- expression_injection: Indicates expression injection.
- java_deserialization: indicates Java deserialization.
- dot_net_deserialization: Represents. net deserialization.
- php_deserialization: indicates PHP deserialization.
- code_exec: Indicates code execution.
- ssrf: indicates SSRF (server-side request forgery).
- path_traversal: indicates a Path Traversal.
- arbitrary_file_uploading: Indicates to upload any file.
- webshell: Represents a webshell.
- rfilei: Indicates the remote file contains (RFI).
- lfilei: Indicates that the local file contains (LFI).
- protocol_violation: indicates a protocol violation.
- scanner_behavior: Indicates scanner behavior.
- logic_flaw: Indicates a business logic defect.
- arbitrary_file_reading: Indicates arbitrary file reading.
- arbitrary_file_download: Indicates an arbitrary file download.
- xxe: Indicates external entity injection.
- csrf: indicates cross-site request forgery.
- crlf: indicates CRLF.
- other: indicates other.
- string[]
- The modules to which the whitelist applies. The value is in the ["XX1", "XX2",...] format. Valid values:
- waf: indicates all modules.
- customrule: indicates custom rules.
- blacklist: indicates IP blacklist.
- antiscan: indicates scan protection.
- regular: indicates basic protection rules.
- regular_rule: indicates specific regular rules in basic protection.
- regular_type: indicates specific regular rule types in basic protection.
- major_protection: indicates major event support protection.
- cc: indicates CC protection.
- region_block: indicates Location Blacklist.
- antibot_scene: indicates BOT scenario protection.
- dlp: indicates information leakage prevention.
- tamperproof: indicates web tamper-proofing.
- spike_throttle: indicates peak traffic throttling.
- cc
Effect string - Set the effective range of the speed limit. This information is configured only when ccStatus is set to 1. Value:
- service: indicates that the effective object is a protected object.
- rule: indicates that the effective object is a single rule.
- cc
Status number - Whether to open the speed limit. Value:
- 0: indicates that the speed limit is off.
- 1: Indicates that the speed limit is on.
- cn
Regions string - The regions in China from which you want to block requests. If you specify "CN", requests from the Chinese mainland (excluding Hong Kong, Macao, and Taiwan) are blocked. Separate multiple regions with commas (,). For more information about region codes, see Description of region codes in China.
- conditions
Defense
Rule Config Condition[] - The traffic characteristics of ACL, which are described in JSON format. You can enter up to five matching conditions. For specific configuration information, see detailed configuration of conditions. See
conditionsbelow. - mode number
- The HTTP flood protection mode. Valid values:
- 0 (default): indicates normal protection.
- 1: indicates emergency protection.
- protocol string
- The protocol type of the cached page address. Valid values: http, https.
- rate
Limit DefenseRule Config Rate Limit - The detailed speed limit configuration, which is described in the JSON string format. This information is configured only when CcStatus is set to 1. For specific configuration information, see detailed configuration of Ratelimit. See
rate_limitbelow. - remote
Addrs string[] - The IP addresses that you want to add to the blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.
- rule
Action string Protection rule action. Value:
- block: Indicates an intercept.
- monitor: indicates observation.
- js: indicates JS validation.
- captcha: Indicates a slider.
- captcha_strict: indicates a strict slider.
- filter: filters sensitive information. This action applies only to scenarios that the Information leakage prevention rule include sensitive information match conditions.
NOTE: For the supported protection rule actions, follow the rule actions displayed in the WAF console.
- throttle
Threhold number - The throttling threshold. Valid values:
- The QPS throttling threshold ranges from 1 to 5000000. If you select QPS throttling (such as 500 QPS), traffic that meets the throttling conditions and exceeds 500 QPS will be blocked.
- The percentage throttling threshold ranges from 1 to 99. If you select percentage throttling (such as 80%), only 80% of the traffic that meets the throttling conditions will be allowed.
- throttle
Type string - The throttling method. Valid values:
- qps: indicates throttling based on queries per second (QPS).
- ratio (default): indicates throttling based on percentage.
- ua string
- The User-Agent string that is allowed for access to the address.
- url string
- The address of the cached page.
- abroad_
regions str - The regions outside China from which you want to block requests. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the countries and regions outside China that can be blocked.
- account_
identifiers Sequence[DefenseRule Config Account Identifier] - The policies for account extraction. Up to five policies are supported. Each policy is a JSON string. For more information, see accountIdentifiers description. See
account_identifiersbelow. - bypass_
regular_ Sequence[str]rules - The list of regular rule IDs that are not detected. The value is in the ["XX1", "XX2",...] format. This parameter is required only when the module to which the whitelist applies is set to specific regular rules in basic protection (BypassTags is set to regular_rule).
- bypass_
regular_ Sequence[str]types - The regular rule type is not detected. This parameter is configured only when the whitelist module is configured as the Web application regular type (the value of the BypassTags parameter is regular_type). Value:
- sqli: Indicates SQL injection.
- xss: Indicates cross-site scripting (XSS).
- cmdi: Indicates OS command injection.
- expression_injection: Indicates expression injection.
- java_deserialization: indicates Java deserialization.
- dot_net_deserialization: Represents. net deserialization.
- php_deserialization: indicates PHP deserialization.
- code_exec: Indicates code execution.
- ssrf: indicates SSRF (server-side request forgery).
- path_traversal: indicates a Path Traversal.
- arbitrary_file_uploading: Indicates to upload any file.
- webshell: Represents a webshell.
- rfilei: Indicates the remote file contains (RFI).
- lfilei: Indicates that the local file contains (LFI).
- protocol_violation: indicates a protocol violation.
- scanner_behavior: Indicates scanner behavior.
- logic_flaw: Indicates a business logic defect.
- arbitrary_file_reading: Indicates arbitrary file reading.
- arbitrary_file_download: Indicates an arbitrary file download.
- xxe: Indicates external entity injection.
- csrf: indicates cross-site request forgery.
- crlf: indicates CRLF.
- other: indicates other.
- Sequence[str]
- The modules to which the whitelist applies. The value is in the ["XX1", "XX2",...] format. Valid values:
- waf: indicates all modules.
- customrule: indicates custom rules.
- blacklist: indicates IP blacklist.
- antiscan: indicates scan protection.
- regular: indicates basic protection rules.
- regular_rule: indicates specific regular rules in basic protection.
- regular_type: indicates specific regular rule types in basic protection.
- major_protection: indicates major event support protection.
- cc: indicates CC protection.
- region_block: indicates Location Blacklist.
- antibot_scene: indicates BOT scenario protection.
- dlp: indicates information leakage prevention.
- tamperproof: indicates web tamper-proofing.
- spike_throttle: indicates peak traffic throttling.
- cc_
effect str - Set the effective range of the speed limit. This information is configured only when ccStatus is set to 1. Value:
- service: indicates that the effective object is a protected object.
- rule: indicates that the effective object is a single rule.
- cc_
status int - Whether to open the speed limit. Value:
- 0: indicates that the speed limit is off.
- 1: Indicates that the speed limit is on.
- cn_
regions str - The regions in China from which you want to block requests. If you specify "CN", requests from the Chinese mainland (excluding Hong Kong, Macao, and Taiwan) are blocked. Separate multiple regions with commas (,). For more information about region codes, see Description of region codes in China.
- conditions
Sequence[Defense
Rule Config Condition] - The traffic characteristics of ACL, which are described in JSON format. You can enter up to five matching conditions. For specific configuration information, see detailed configuration of conditions. See
conditionsbelow. - mode int
- The HTTP flood protection mode. Valid values:
- 0 (default): indicates normal protection.
- 1: indicates emergency protection.
- protocol str
- The protocol type of the cached page address. Valid values: http, https.
- rate_
limit DefenseRule Config Rate Limit - The detailed speed limit configuration, which is described in the JSON string format. This information is configured only when CcStatus is set to 1. For specific configuration information, see detailed configuration of Ratelimit. See
rate_limitbelow. - remote_
addrs Sequence[str] - The IP addresses that you want to add to the blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.
- rule_
action str Protection rule action. Value:
- block: Indicates an intercept.
- monitor: indicates observation.
- js: indicates JS validation.
- captcha: Indicates a slider.
- captcha_strict: indicates a strict slider.
- filter: filters sensitive information. This action applies only to scenarios that the Information leakage prevention rule include sensitive information match conditions.
NOTE: For the supported protection rule actions, follow the rule actions displayed in the WAF console.
- throttle_
threhold int - The throttling threshold. Valid values:
- The QPS throttling threshold ranges from 1 to 5000000. If you select QPS throttling (such as 500 QPS), traffic that meets the throttling conditions and exceeds 500 QPS will be blocked.
- The percentage throttling threshold ranges from 1 to 99. If you select percentage throttling (such as 80%), only 80% of the traffic that meets the throttling conditions will be allowed.
- throttle_
type str - The throttling method. Valid values:
- qps: indicates throttling based on queries per second (QPS).
- ratio (default): indicates throttling based on percentage.
- ua str
- The User-Agent string that is allowed for access to the address.
- url str
- The address of the cached page.
- abroad
Regions String - The regions outside China from which you want to block requests. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the countries and regions outside China that can be blocked.
- account
Identifiers List<Property Map> - The policies for account extraction. Up to five policies are supported. Each policy is a JSON string. For more information, see accountIdentifiers description. See
account_identifiersbelow. - bypass
Regular List<String>Rules - The list of regular rule IDs that are not detected. The value is in the ["XX1", "XX2",...] format. This parameter is required only when the module to which the whitelist applies is set to specific regular rules in basic protection (BypassTags is set to regular_rule).
- bypass
Regular List<String>Types - The regular rule type is not detected. This parameter is configured only when the whitelist module is configured as the Web application regular type (the value of the BypassTags parameter is regular_type). Value:
- sqli: Indicates SQL injection.
- xss: Indicates cross-site scripting (XSS).
- cmdi: Indicates OS command injection.
- expression_injection: Indicates expression injection.
- java_deserialization: indicates Java deserialization.
- dot_net_deserialization: Represents. net deserialization.
- php_deserialization: indicates PHP deserialization.
- code_exec: Indicates code execution.
- ssrf: indicates SSRF (server-side request forgery).
- path_traversal: indicates a Path Traversal.
- arbitrary_file_uploading: Indicates to upload any file.
- webshell: Represents a webshell.
- rfilei: Indicates the remote file contains (RFI).
- lfilei: Indicates that the local file contains (LFI).
- protocol_violation: indicates a protocol violation.
- scanner_behavior: Indicates scanner behavior.
- logic_flaw: Indicates a business logic defect.
- arbitrary_file_reading: Indicates arbitrary file reading.
- arbitrary_file_download: Indicates an arbitrary file download.
- xxe: Indicates external entity injection.
- csrf: indicates cross-site request forgery.
- crlf: indicates CRLF.
- other: indicates other.
- List<String>
- The modules to which the whitelist applies. The value is in the ["XX1", "XX2",...] format. Valid values:
- waf: indicates all modules.
- customrule: indicates custom rules.
- blacklist: indicates IP blacklist.
- antiscan: indicates scan protection.
- regular: indicates basic protection rules.
- regular_rule: indicates specific regular rules in basic protection.
- regular_type: indicates specific regular rule types in basic protection.
- major_protection: indicates major event support protection.
- cc: indicates CC protection.
- region_block: indicates Location Blacklist.
- antibot_scene: indicates BOT scenario protection.
- dlp: indicates information leakage prevention.
- tamperproof: indicates web tamper-proofing.
- spike_throttle: indicates peak traffic throttling.
- cc
Effect String - Set the effective range of the speed limit. This information is configured only when ccStatus is set to 1. Value:
- service: indicates that the effective object is a protected object.
- rule: indicates that the effective object is a single rule.
- cc
Status Number - Whether to open the speed limit. Value:
- 0: indicates that the speed limit is off.
- 1: Indicates that the speed limit is on.
- cn
Regions String - The regions in China from which you want to block requests. If you specify "CN", requests from the Chinese mainland (excluding Hong Kong, Macao, and Taiwan) are blocked. Separate multiple regions with commas (,). For more information about region codes, see Description of region codes in China.
- conditions List<Property Map>
- The traffic characteristics of ACL, which are described in JSON format. You can enter up to five matching conditions. For specific configuration information, see detailed configuration of conditions. See
conditionsbelow. - mode Number
- The HTTP flood protection mode. Valid values:
- 0 (default): indicates normal protection.
- 1: indicates emergency protection.
- protocol String
- The protocol type of the cached page address. Valid values: http, https.
- rate
Limit Property Map - The detailed speed limit configuration, which is described in the JSON string format. This information is configured only when CcStatus is set to 1. For specific configuration information, see detailed configuration of Ratelimit. See
rate_limitbelow. - remote
Addrs List<String> - The IP addresses that you want to add to the blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.
- rule
Action String Protection rule action. Value:
- block: Indicates an intercept.
- monitor: indicates observation.
- js: indicates JS validation.
- captcha: Indicates a slider.
- captcha_strict: indicates a strict slider.
- filter: filters sensitive information. This action applies only to scenarios that the Information leakage prevention rule include sensitive information match conditions.
NOTE: For the supported protection rule actions, follow the rule actions displayed in the WAF console.
- throttle
Threhold Number - The throttling threshold. Valid values:
- The QPS throttling threshold ranges from 1 to 5000000. If you select QPS throttling (such as 500 QPS), traffic that meets the throttling conditions and exceeds 500 QPS will be blocked.
- The percentage throttling threshold ranges from 1 to 99. If you select percentage throttling (such as 80%), only 80% of the traffic that meets the throttling conditions will be allowed.
- throttle
Type String - The throttling method. Valid values:
- qps: indicates throttling based on queries per second (QPS).
- ratio (default): indicates throttling based on percentage.
- ua String
- The User-Agent string that is allowed for access to the address.
- url String
- The address of the cached page.
DefenseRuleConfigAccountIdentifier, DefenseRuleConfigAccountIdentifierArgs
- Decode
Type string - The authentication mode. Valid values:
- plain: indicates plaintext.
- basic: indicates Basic authentication.
- jwt: indicates JWT authentication. For JWT authentication, you must specify the field that stores the decoded account information (position).
- Key string
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- Position string
- The field that stores the decoded account information.
- Priority int
- The priority of the current extraction configuration. Each traffic can match at most one extraction policy. Valid values: [0,20]. A smaller value indicates a higher priority. The priority value must be unique.
- Sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- Decode
Type string - The authentication mode. Valid values:
- plain: indicates plaintext.
- basic: indicates Basic authentication.
- jwt: indicates JWT authentication. For JWT authentication, you must specify the field that stores the decoded account information (position).
- Key string
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- Position string
- The field that stores the decoded account information.
- Priority int
- The priority of the current extraction configuration. Each traffic can match at most one extraction policy. Valid values: [0,20]. A smaller value indicates a higher priority. The priority value must be unique.
- Sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- decode
Type String - The authentication mode. Valid values:
- plain: indicates plaintext.
- basic: indicates Basic authentication.
- jwt: indicates JWT authentication. For JWT authentication, you must specify the field that stores the decoded account information (position).
- key String
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- position String
- The field that stores the decoded account information.
- priority Integer
- The priority of the current extraction configuration. Each traffic can match at most one extraction policy. Valid values: [0,20]. A smaller value indicates a higher priority. The priority value must be unique.
- sub
Key String - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- decode
Type string - The authentication mode. Valid values:
- plain: indicates plaintext.
- basic: indicates Basic authentication.
- jwt: indicates JWT authentication. For JWT authentication, you must specify the field that stores the decoded account information (position).
- key string
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- position string
- The field that stores the decoded account information.
- priority number
- The priority of the current extraction configuration. Each traffic can match at most one extraction policy. Valid values: [0,20]. A smaller value indicates a higher priority. The priority value must be unique.
- sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- decode_
type str - The authentication mode. Valid values:
- plain: indicates plaintext.
- basic: indicates Basic authentication.
- jwt: indicates JWT authentication. For JWT authentication, you must specify the field that stores the decoded account information (position).
- key str
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- position str
- The field that stores the decoded account information.
- priority int
- The priority of the current extraction configuration. Each traffic can match at most one extraction policy. Valid values: [0,20]. A smaller value indicates a higher priority. The priority value must be unique.
- sub_
key str - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- decode
Type String - The authentication mode. Valid values:
- plain: indicates plaintext.
- basic: indicates Basic authentication.
- jwt: indicates JWT authentication. For JWT authentication, you must specify the field that stores the decoded account information (position).
- key String
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- position String
- The field that stores the decoded account information.
- priority Number
- The priority of the current extraction configuration. Each traffic can match at most one extraction policy. Valid values: [0,20]. A smaller value indicates a higher priority. The priority value must be unique.
- sub
Key String - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
DefenseRuleConfigCondition, DefenseRuleConfigConditionArgs
- Key string
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- Op
Value string Logical character. Value:
- not-contain: does not contain.
- contain: Indicates to contain.
- none: It does not exist.
- ne: means not equal.
- eq: means equal.
- lt: indicates that the value is less.
- gt: indicates that the value is greater.
- len-lt: indicates that the length is less.
- len-eq: indicates that the length is equal.
- len-gt: indicates that the length is greater.
- not-match: indicates a mismatch.
- match-one: means equal to one of the multiple values.
- all-not-match: means not equal to any value.
- all-not-contain: does not contain any value.
- contain-one: Indicates that one of the multiple values is contained.
- not-regex: Indicates a regular mismatch.
- regex: Indicates a regular match.
- all-not-regex: indicates that the regular expressions do not match.
- regex-one: Represents a regular match for one of them.
- prefix-match: Indicates a prefix match.
- suffix-match: indicates a suffix match.
- mpty: Indicates that the content is empty.
- exists: Indicates that the field exists.
- inl: indicates in the list.
NOTE: Not all logical characters (opvalues) can be configured for the match field (key) of each custom rule. For the logical characters supported by different matching fields, please refer to the association relationship between the matching fields and the logical characters in the custom rules of the WAF console.
- Sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- Values string
Match the content and fill in the corresponding content as needed.
NOTE: The value range of the logical (opValue) and matching content (values) parameters in the matching condition parameter is related to the specified matching field (key).
- Key string
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- Op
Value string Logical character. Value:
- not-contain: does not contain.
- contain: Indicates to contain.
- none: It does not exist.
- ne: means not equal.
- eq: means equal.
- lt: indicates that the value is less.
- gt: indicates that the value is greater.
- len-lt: indicates that the length is less.
- len-eq: indicates that the length is equal.
- len-gt: indicates that the length is greater.
- not-match: indicates a mismatch.
- match-one: means equal to one of the multiple values.
- all-not-match: means not equal to any value.
- all-not-contain: does not contain any value.
- contain-one: Indicates that one of the multiple values is contained.
- not-regex: Indicates a regular mismatch.
- regex: Indicates a regular match.
- all-not-regex: indicates that the regular expressions do not match.
- regex-one: Represents a regular match for one of them.
- prefix-match: Indicates a prefix match.
- suffix-match: indicates a suffix match.
- mpty: Indicates that the content is empty.
- exists: Indicates that the field exists.
- inl: indicates in the list.
NOTE: Not all logical characters (opvalues) can be configured for the match field (key) of each custom rule. For the logical characters supported by different matching fields, please refer to the association relationship between the matching fields and the logical characters in the custom rules of the WAF console.
- Sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- Values string
Match the content and fill in the corresponding content as needed.
NOTE: The value range of the logical (opValue) and matching content (values) parameters in the matching condition parameter is related to the specified matching field (key).
- key String
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- op
Value String Logical character. Value:
- not-contain: does not contain.
- contain: Indicates to contain.
- none: It does not exist.
- ne: means not equal.
- eq: means equal.
- lt: indicates that the value is less.
- gt: indicates that the value is greater.
- len-lt: indicates that the length is less.
- len-eq: indicates that the length is equal.
- len-gt: indicates that the length is greater.
- not-match: indicates a mismatch.
- match-one: means equal to one of the multiple values.
- all-not-match: means not equal to any value.
- all-not-contain: does not contain any value.
- contain-one: Indicates that one of the multiple values is contained.
- not-regex: Indicates a regular mismatch.
- regex: Indicates a regular match.
- all-not-regex: indicates that the regular expressions do not match.
- regex-one: Represents a regular match for one of them.
- prefix-match: Indicates a prefix match.
- suffix-match: indicates a suffix match.
- mpty: Indicates that the content is empty.
- exists: Indicates that the field exists.
- inl: indicates in the list.
NOTE: Not all logical characters (opvalues) can be configured for the match field (key) of each custom rule. For the logical characters supported by different matching fields, please refer to the association relationship between the matching fields and the logical characters in the custom rules of the WAF console.
- sub
Key String - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- values String
Match the content and fill in the corresponding content as needed.
NOTE: The value range of the logical (opValue) and matching content (values) parameters in the matching condition parameter is related to the specified matching field (key).
- key string
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- op
Value string Logical character. Value:
- not-contain: does not contain.
- contain: Indicates to contain.
- none: It does not exist.
- ne: means not equal.
- eq: means equal.
- lt: indicates that the value is less.
- gt: indicates that the value is greater.
- len-lt: indicates that the length is less.
- len-eq: indicates that the length is equal.
- len-gt: indicates that the length is greater.
- not-match: indicates a mismatch.
- match-one: means equal to one of the multiple values.
- all-not-match: means not equal to any value.
- all-not-contain: does not contain any value.
- contain-one: Indicates that one of the multiple values is contained.
- not-regex: Indicates a regular mismatch.
- regex: Indicates a regular match.
- all-not-regex: indicates that the regular expressions do not match.
- regex-one: Represents a regular match for one of them.
- prefix-match: Indicates a prefix match.
- suffix-match: indicates a suffix match.
- mpty: Indicates that the content is empty.
- exists: Indicates that the field exists.
- inl: indicates in the list.
NOTE: Not all logical characters (opvalues) can be configured for the match field (key) of each custom rule. For the logical characters supported by different matching fields, please refer to the association relationship between the matching fields and the logical characters in the custom rules of the WAF console.
- sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- values string
Match the content and fill in the corresponding content as needed.
NOTE: The value range of the logical (opValue) and matching content (values) parameters in the matching condition parameter is related to the specified matching field (key).
- key str
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- op_
value str Logical character. Value:
- not-contain: does not contain.
- contain: Indicates to contain.
- none: It does not exist.
- ne: means not equal.
- eq: means equal.
- lt: indicates that the value is less.
- gt: indicates that the value is greater.
- len-lt: indicates that the length is less.
- len-eq: indicates that the length is equal.
- len-gt: indicates that the length is greater.
- not-match: indicates a mismatch.
- match-one: means equal to one of the multiple values.
- all-not-match: means not equal to any value.
- all-not-contain: does not contain any value.
- contain-one: Indicates that one of the multiple values is contained.
- not-regex: Indicates a regular mismatch.
- regex: Indicates a regular match.
- all-not-regex: indicates that the regular expressions do not match.
- regex-one: Represents a regular match for one of them.
- prefix-match: Indicates a prefix match.
- suffix-match: indicates a suffix match.
- mpty: Indicates that the content is empty.
- exists: Indicates that the field exists.
- inl: indicates in the list.
NOTE: Not all logical characters (opvalues) can be configured for the match field (key) of each custom rule. For the logical characters supported by different matching fields, please refer to the association relationship between the matching fields and the logical characters in the custom rules of the WAF console.
- sub_
key str - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- values str
Match the content and fill in the corresponding content as needed.
NOTE: The value range of the logical (opValue) and matching content (values) parameters in the matching condition parameter is related to the specified matching field (key).
- key String
Match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, Header, Host, HttpCode, and SensitiveInfo.
NOTE: Support for matching fields is based on the display in the WAF console. HttpCode and SensitiveInfo are the matching fields supported by the information leakage prevention rule (dlp).
- op
Value String Logical character. Value:
- not-contain: does not contain.
- contain: Indicates to contain.
- none: It does not exist.
- ne: means not equal.
- eq: means equal.
- lt: indicates that the value is less.
- gt: indicates that the value is greater.
- len-lt: indicates that the length is less.
- len-eq: indicates that the length is equal.
- len-gt: indicates that the length is greater.
- not-match: indicates a mismatch.
- match-one: means equal to one of the multiple values.
- all-not-match: means not equal to any value.
- all-not-contain: does not contain any value.
- contain-one: Indicates that one of the multiple values is contained.
- not-regex: Indicates a regular mismatch.
- regex: Indicates a regular match.
- all-not-regex: indicates that the regular expressions do not match.
- regex-one: Represents a regular match for one of them.
- prefix-match: Indicates a prefix match.
- suffix-match: indicates a suffix match.
- mpty: Indicates that the content is empty.
- exists: Indicates that the field exists.
- inl: indicates in the list.
NOTE: Not all logical characters (opvalues) can be configured for the match field (key) of each custom rule. For the logical characters supported by different matching fields, please refer to the association relationship between the matching fields and the logical characters in the custom rules of the WAF console.
- sub
Key String - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- values String
Match the content and fill in the corresponding content as needed.
NOTE: The value range of the logical (opValue) and matching content (values) parameters in the matching condition parameter is related to the specified matching field (key).
DefenseRuleConfigRateLimit, DefenseRuleConfigRateLimitArgs
- Interval int
- The statistical period, in seconds. This parameter specifies the period during which access counts are collected, and works with the Threshold parameter. Valid values: 1 to 1800 seconds.
- Status
Pulumi.
Ali Cloud. Wafv3. Inputs. Defense Rule Config Rate Limit Status - Response code frequency setting. The description is in the JSON string format. See
statusbelow. - Sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- Target string
- The type of the statistical object. Valid values:
- remote_addr (default): indicates IP.
- cookie.acw_tc: indicates session.
- header: indicates custom header. If you use custom headers, you must specify the headers in subkey.
- queryarg: indicates custom parameters. If you use custom parameters, you must specify the parameters in subkey.
- cookie: indicates custom cookies. If you use custom cookies, you must specify the cookies in subkey.
- Threshold int
- The maximum number of requests that can be sent from a statistical object.
- Ttl int
- The period of time during which you want the specified action to be valid. Unit: seconds. Valid values: 60 to 86400.
- Interval int
- The statistical period, in seconds. This parameter specifies the period during which access counts are collected, and works with the Threshold parameter. Valid values: 1 to 1800 seconds.
- Status
Defense
Rule Config Rate Limit Status - Response code frequency setting. The description is in the JSON string format. See
statusbelow. - Sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- Target string
- The type of the statistical object. Valid values:
- remote_addr (default): indicates IP.
- cookie.acw_tc: indicates session.
- header: indicates custom header. If you use custom headers, you must specify the headers in subkey.
- queryarg: indicates custom parameters. If you use custom parameters, you must specify the parameters in subkey.
- cookie: indicates custom cookies. If you use custom cookies, you must specify the cookies in subkey.
- Threshold int
- The maximum number of requests that can be sent from a statistical object.
- Ttl int
- The period of time during which you want the specified action to be valid. Unit: seconds. Valid values: 60 to 86400.
- interval Integer
- The statistical period, in seconds. This parameter specifies the period during which access counts are collected, and works with the Threshold parameter. Valid values: 1 to 1800 seconds.
- status
Defense
Rule Config Rate Limit Status - Response code frequency setting. The description is in the JSON string format. See
statusbelow. - sub
Key String - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- target String
- The type of the statistical object. Valid values:
- remote_addr (default): indicates IP.
- cookie.acw_tc: indicates session.
- header: indicates custom header. If you use custom headers, you must specify the headers in subkey.
- queryarg: indicates custom parameters. If you use custom parameters, you must specify the parameters in subkey.
- cookie: indicates custom cookies. If you use custom cookies, you must specify the cookies in subkey.
- threshold Integer
- The maximum number of requests that can be sent from a statistical object.
- ttl Integer
- The period of time during which you want the specified action to be valid. Unit: seconds. Valid values: 60 to 86400.
- interval number
- The statistical period, in seconds. This parameter specifies the period during which access counts are collected, and works with the Threshold parameter. Valid values: 1 to 1800 seconds.
- status
Defense
Rule Config Rate Limit Status - Response code frequency setting. The description is in the JSON string format. See
statusbelow. - sub
Key string - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- target string
- The type of the statistical object. Valid values:
- remote_addr (default): indicates IP.
- cookie.acw_tc: indicates session.
- header: indicates custom header. If you use custom headers, you must specify the headers in subkey.
- queryarg: indicates custom parameters. If you use custom parameters, you must specify the parameters in subkey.
- cookie: indicates custom cookies. If you use custom cookies, you must specify the cookies in subkey.
- threshold number
- The maximum number of requests that can be sent from a statistical object.
- ttl number
- The period of time during which you want the specified action to be valid. Unit: seconds. Valid values: 60 to 86400.
- interval int
- The statistical period, in seconds. This parameter specifies the period during which access counts are collected, and works with the Threshold parameter. Valid values: 1 to 1800 seconds.
- status
Defense
Rule Config Rate Limit Status - Response code frequency setting. The description is in the JSON string format. See
statusbelow. - sub_
key str - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- target str
- The type of the statistical object. Valid values:
- remote_addr (default): indicates IP.
- cookie.acw_tc: indicates session.
- header: indicates custom header. If you use custom headers, you must specify the headers in subkey.
- queryarg: indicates custom parameters. If you use custom parameters, you must specify the parameters in subkey.
- cookie: indicates custom cookies. If you use custom cookies, you must specify the cookies in subkey.
- threshold int
- The maximum number of requests that can be sent from a statistical object.
- ttl int
- The period of time during which you want the specified action to be valid. Unit: seconds. Valid values: 60 to 86400.
- interval Number
- The statistical period, in seconds. This parameter specifies the period during which access counts are collected, and works with the Threshold parameter. Valid values: 1 to 1800 seconds.
- status Property Map
- Response code frequency setting. The description is in the JSON string format. See
statusbelow. - sub
Key String - The characteristics of the statistical object. When the Target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the Subkey parameter.
- target String
- The type of the statistical object. Valid values:
- remote_addr (default): indicates IP.
- cookie.acw_tc: indicates session.
- header: indicates custom header. If you use custom headers, you must specify the headers in subkey.
- queryarg: indicates custom parameters. If you use custom parameters, you must specify the parameters in subkey.
- cookie: indicates custom cookies. If you use custom cookies, you must specify the cookies in subkey.
- threshold Number
- The maximum number of requests that can be sent from a statistical object.
- ttl Number
- The period of time during which you want the specified action to be valid. Unit: seconds. Valid values: 60 to 86400.
DefenseRuleConfigRateLimitStatus, DefenseRuleConfigRateLimitStatusArgs
- Code int
- Required. Specifies the response code.
- Count int
- The threshold for the number of occurrences. When the number of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 2 to 50000. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- Ratio int
- The threshold for the proportion of occurrences (percentage). When the proportion of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 1 to 100. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- Code int
- Required. Specifies the response code.
- Count int
- The threshold for the number of occurrences. When the number of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 2 to 50000. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- Ratio int
- The threshold for the proportion of occurrences (percentage). When the proportion of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 1 to 100. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- code Integer
- Required. Specifies the response code.
- count Integer
- The threshold for the number of occurrences. When the number of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 2 to 50000. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- ratio Integer
- The threshold for the proportion of occurrences (percentage). When the proportion of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 1 to 100. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- code number
- Required. Specifies the response code.
- count number
- The threshold for the number of occurrences. When the number of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 2 to 50000. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- ratio number
- The threshold for the proportion of occurrences (percentage). When the proportion of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 1 to 100. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- code int
- Required. Specifies the response code.
- count int
- The threshold for the number of occurrences. When the number of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 2 to 50000. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- ratio int
- The threshold for the proportion of occurrences (percentage). When the proportion of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 1 to 100. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- code Number
- Required. Specifies the response code.
- count Number
- The threshold for the number of occurrences. When the number of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 2 to 50000. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
- ratio Number
- The threshold for the proportion of occurrences (percentage). When the proportion of occurrences of the specified HTTP status code exceeds this threshold, the protection rule is triggered. Valid values: 1 to 100. You can specify Count or Ratio. You cannot specify the two parameters at the same time.
Import
WAFV3 Defense Rule can be imported using the id, e.g.
$ pulumi import alicloud:wafv3/defenseRule:DefenseRule example <instance_id>:<defense_type>:<rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.