Docs Home
avi 31.1.1 published on Monday, Apr 14, 2025 by vmware
avi.Wafpolicy
Explore with Pulumi AI
<!–
Copyright 2021 VMware, Inc.
SPDX-License-Identifier: Mozilla Public License 2.0
–>
layout: “avi”
page_title: “Avi: avi.Wafpolicy” sidebar_current: “docs-avi-resource-wafpolicy” description: |- Creates and manages Avi WafPolicy.
avi.Wafpolicy
The WafPolicy resource allows the creation and management of Avi WafPolicy
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as avi from "@pulumi/avi";
const foo = new avi.Wafpolicy("foo", {tenantRef: "/api/tenant/?name=admin"});
import pulumi
import pulumi_avi as avi
foo = avi.Wafpolicy("foo", tenant_ref="/api/tenant/?name=admin")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/avi/v31/avi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := avi.NewWafpolicy(ctx, "foo", &avi.WafpolicyArgs{
TenantRef: pulumi.String("/api/tenant/?name=admin"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Avi = Pulumi.Avi;
return await Deployment.RunAsync(() =>
{
var foo = new Avi.Wafpolicy("foo", new()
{
TenantRef = "/api/tenant/?name=admin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.avi.Wafpolicy;
import com.pulumi.avi.WafpolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var foo = new Wafpolicy("foo", WafpolicyArgs.builder()
.tenantRef("/api/tenant/?name=admin")
.build());
}
}
resources:
foo:
type: avi:Wafpolicy
properties:
tenantRef: /api/tenant/?name=admin
Create Wafpolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Wafpolicy(name: string, args: WafpolicyArgs, opts?: CustomResourceOptions);@overload
def Wafpolicy(resource_name: str,
args: WafpolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Wafpolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
waf_profile_ref: Optional[str] = None,
geo_db_ref: Optional[str] = None,
positive_security_models: Optional[Sequence[WafpolicyPositiveSecurityModelArgs]] = None,
auto_update_crs: Optional[str] = None,
bypass_static_extensions: Optional[str] = None,
confidence_overrides: Optional[Sequence[WafpolicyConfidenceOverrideArgs]] = None,
configpb_attributes: Optional[Sequence[WafpolicyConfigpbAttributeArgs]] = None,
created_by: Optional[str] = None,
crs_overrides: Optional[Sequence[WafpolicyCrsOverrideArgs]] = None,
description: Optional[str] = None,
enable_app_learning: Optional[str] = None,
enable_auto_rule_updates: Optional[str] = None,
enable_regex_learning: Optional[str] = None,
failure_mode: Optional[str] = None,
allow_mode_delegation: Optional[str] = None,
application_signatures: Optional[Sequence[WafpolicyApplicationSignatureArgs]] = None,
learning_params: Optional[Sequence[WafpolicyLearningParamArgs]] = None,
pre_crs_groups: Optional[Sequence[WafpolicyPreCrsGroupArgs]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
paranoia_level: Optional[str] = None,
markers: Optional[Sequence[WafpolicyMarkerArgs]] = None,
post_crs_groups: Optional[Sequence[WafpolicyPostCrsGroupArgs]] = None,
min_confidence: Optional[str] = None,
required_data_files: Optional[Sequence[WafpolicyRequiredDataFileArgs]] = None,
tenant_ref: Optional[str] = None,
updated_crs_rules_in_detection_mode: Optional[str] = None,
uuid: Optional[str] = None,
waf_crs_ref: Optional[str] = None,
allowlists: Optional[Sequence[WafpolicyAllowlistArgs]] = None,
wafpolicy_id: Optional[str] = None)func NewWafpolicy(ctx *Context, name string, args WafpolicyArgs, opts ...ResourceOption) (*Wafpolicy, error)public Wafpolicy(string name, WafpolicyArgs args, CustomResourceOptions? opts = null)
public Wafpolicy(String name, WafpolicyArgs args)
public Wafpolicy(String name, WafpolicyArgs args, CustomResourceOptions options)
type: avi:Wafpolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WafpolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WafpolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WafpolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WafpolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WafpolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var wafpolicyResource = new Avi.Wafpolicy("wafpolicyResource", new()
{
WafProfileRef = "string",
GeoDbRef = "string",
PositiveSecurityModels = new[]
{
new Avi.Inputs.WafpolicyPositiveSecurityModelArgs
{
GroupRefs = new[]
{
"string",
},
},
},
AutoUpdateCrs = "string",
BypassStaticExtensions = "string",
ConfidenceOverrides = new[]
{
new Avi.Inputs.WafpolicyConfidenceOverrideArgs
{
ConfidHighValue = "string",
ConfidLowValue = "string",
ConfidProbableValue = "string",
ConfidVeryHighValue = "string",
},
},
ConfigpbAttributes = new[]
{
new Avi.Inputs.WafpolicyConfigpbAttributeArgs
{
Version = "string",
},
},
CreatedBy = "string",
CrsOverrides = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideArgs
{
Name = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
Mode = "string",
RuleOverrides = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideRuleOverrideArgs
{
RuleId = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideRuleOverrideExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideRuleOverrideExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyCrsOverrideRuleOverrideExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
Mode = "string",
},
},
},
},
Description = "string",
EnableAppLearning = "string",
EnableAutoRuleUpdates = "string",
EnableRegexLearning = "string",
FailureMode = "string",
AllowModeDelegation = "string",
ApplicationSignatures = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureArgs
{
ProviderRef = "string",
ResolvedRules = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureResolvedRuleArgs
{
Index = "string",
Rule = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureResolvedRuleExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureResolvedRuleExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureResolvedRuleExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
IsSensitive = "string",
Mode = "string",
Name = "string",
ParanoiaLevel = "string",
Phase = "string",
RuleId = "string",
Tags = new[]
{
"string",
},
},
},
RuleOverrides = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureRuleOverrideArgs
{
RuleId = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureRuleOverrideExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureRuleOverrideExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyApplicationSignatureRuleOverrideExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
Mode = "string",
},
},
RulesetVersion = "string",
SelectedApplications = new[]
{
"string",
},
},
},
LearningParams = new[]
{
new Avi.Inputs.WafpolicyLearningParamArgs
{
EnableLearnFromBots = "string",
EnablePerUriLearning = "string",
LearnFromAuthenticatedClientsOnly = "string",
LearnFromBots = new[]
{
new Avi.Inputs.WafpolicyLearningParamLearnFromBotArgs
{
MatchOperation = "string",
Classifications = new[]
{
new Avi.Inputs.WafpolicyLearningParamLearnFromBotClassificationArgs
{
Type = "string",
UserDefinedType = "string",
},
},
},
},
MaxParams = "string",
MaxUris = "string",
MinHitsToLearn = "string",
SamplingPercent = "string",
TrustedIpgroupRef = "string",
UpdateInterval = "string",
},
},
PreCrsGroups = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupArgs
{
Index = "string",
Name = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
Rules = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupRuleArgs
{
Index = "string",
Rule = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupRuleExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupRuleExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupRuleExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupRuleExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyPreCrsGroupRuleExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
IsSensitive = "string",
Mode = "string",
Name = "string",
ParanoiaLevel = "string",
Phase = "string",
RuleId = "string",
Tags = new[]
{
"string",
},
},
},
},
},
Mode = "string",
Name = "string",
ParanoiaLevel = "string",
Markers = new[]
{
new Avi.Inputs.WafpolicyMarkerArgs
{
Key = "string",
Values = new[]
{
"string",
},
},
},
PostCrsGroups = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupArgs
{
Index = "string",
Name = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
Rules = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupRuleArgs
{
Index = "string",
Rule = "string",
Enable = "string",
ExcludeLists = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupRuleExcludeListArgs
{
ClientSubnets = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupRuleExcludeListClientSubnetArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupRuleExcludeListClientSubnetIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Description = "string",
MatchElement = "string",
MatchElementCriterias = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupRuleExcludeListMatchElementCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriMatchCriterias = new[]
{
new Avi.Inputs.WafpolicyPostCrsGroupRuleExcludeListUriMatchCriteriaArgs
{
MatchCase = "string",
MatchOp = "string",
},
},
UriPath = "string",
},
},
IsSensitive = "string",
Mode = "string",
Name = "string",
ParanoiaLevel = "string",
Phase = "string",
RuleId = "string",
Tags = new[]
{
"string",
},
},
},
},
},
MinConfidence = "string",
RequiredDataFiles = new[]
{
new Avi.Inputs.WafpolicyRequiredDataFileArgs
{
Name = "string",
Type = "string",
},
},
TenantRef = "string",
UpdatedCrsRulesInDetectionMode = "string",
Uuid = "string",
WafCrsRef = "string",
Allowlists = new[]
{
new Avi.Inputs.WafpolicyAllowlistArgs
{
Rules = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleArgs
{
Actions = new[]
{
"string",
},
Index = "string",
Matches = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchArgs
{
BotDetectionResults = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchBotDetectionResultArgs
{
MatchOperation = "string",
Classifications = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchBotDetectionResultClassificationArgs
{
Type = "string",
UserDefinedType = "string",
},
},
},
},
ClientIps = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpArgs
{
MatchCriteria = "string",
Addrs = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
GroupRefs = new[]
{
"string",
},
Prefixes = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpPrefixArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpPrefixIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Ranges = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpRangeArgs
{
Begins = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpRangeBeginArgs
{
Addr = "string",
Type = "string",
},
},
Ends = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchClientIpRangeEndArgs
{
Addr = "string",
Type = "string",
},
},
},
},
},
},
Cookies = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchCookieArgs
{
MatchCriteria = "string",
Name = "string",
MatchCase = "string",
Value = "string",
},
},
GeoMatches = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchGeoMatchArgs
{
Attribute = "string",
MatchOperation = "string",
Values = new[]
{
"string",
},
},
},
Hdrs = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchHdrArgs
{
Hdr = "string",
MatchCriteria = "string",
MatchCase = "string",
StringGroupRefs = new[]
{
"string",
},
Values = new[]
{
"string",
},
},
},
HostHdrs = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchHostHdrArgs
{
MatchCriteria = "string",
MatchCase = "string",
Values = new[]
{
"string",
},
},
},
IpReputationTypes = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchIpReputationTypeArgs
{
MatchOperation = "string",
ReputationTypes = new[]
{
"string",
},
},
},
Methods = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchMethodArgs
{
MatchCriteria = "string",
Methods = new[]
{
"string",
},
},
},
Paths = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchPathArgs
{
MatchCriteria = "string",
MatchCase = "string",
MatchDecodedString = "string",
MatchStrs = new[]
{
"string",
},
StringGroupRefs = new[]
{
"string",
},
},
},
Protocols = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchProtocolArgs
{
MatchCriteria = "string",
Protocols = "string",
},
},
Queries = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchQueryArgs
{
MatchCriteria = "string",
MatchCase = "string",
MatchDecodedString = "string",
MatchStrs = new[]
{
"string",
},
StringGroupRefs = new[]
{
"string",
},
},
},
SourceIps = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpArgs
{
MatchCriteria = "string",
Addrs = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
GroupRefs = new[]
{
"string",
},
Prefixes = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpPrefixArgs
{
IpAddrs = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpPrefixIpAddrArgs
{
Addr = "string",
Type = "string",
},
},
Mask = "string",
},
},
Ranges = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpRangeArgs
{
Begins = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpRangeBeginArgs
{
Addr = "string",
Type = "string",
},
},
Ends = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchSourceIpRangeEndArgs
{
Addr = "string",
Type = "string",
},
},
},
},
},
},
TlsFingerprintMatches = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchTlsFingerprintMatchArgs
{
MatchOperation = "string",
Fingerprints = new[]
{
"string",
},
StringGroupRefs = new[]
{
"string",
},
},
},
Versions = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchVersionArgs
{
MatchCriteria = "string",
Versions = new[]
{
"string",
},
},
},
VsPorts = new[]
{
new Avi.Inputs.WafpolicyAllowlistRuleMatchVsPortArgs
{
MatchCriteria = "string",
Ports = new[]
{
0,
},
},
},
},
},
Name = "string",
Description = "string",
Enable = "string",
SamplingPercent = "string",
},
},
},
},
WafpolicyId = "string",
});
example, err := avi.NewWafpolicy(ctx, "wafpolicyResource", &avi.WafpolicyArgs{
WafProfileRef: pulumi.String("string"),
GeoDbRef: pulumi.String("string"),
PositiveSecurityModels: avi.WafpolicyPositiveSecurityModelArray{
&avi.WafpolicyPositiveSecurityModelArgs{
GroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
},
},
AutoUpdateCrs: pulumi.String("string"),
BypassStaticExtensions: pulumi.String("string"),
ConfidenceOverrides: avi.WafpolicyConfidenceOverrideArray{
&avi.WafpolicyConfidenceOverrideArgs{
ConfidHighValue: pulumi.String("string"),
ConfidLowValue: pulumi.String("string"),
ConfidProbableValue: pulumi.String("string"),
ConfidVeryHighValue: pulumi.String("string"),
},
},
ConfigpbAttributes: avi.WafpolicyConfigpbAttributeArray{
&avi.WafpolicyConfigpbAttributeArgs{
Version: pulumi.String("string"),
},
},
CreatedBy: pulumi.String("string"),
CrsOverrides: avi.WafpolicyCrsOverrideArray{
&avi.WafpolicyCrsOverrideArgs{
Name: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyCrsOverrideExcludeListArray{
&avi.WafpolicyCrsOverrideExcludeListArgs{
ClientSubnets: avi.WafpolicyCrsOverrideExcludeListClientSubnetArray{
&avi.WafpolicyCrsOverrideExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyCrsOverrideExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyCrsOverrideExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyCrsOverrideExcludeListMatchElementCriteriaArray{
&avi.WafpolicyCrsOverrideExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyCrsOverrideExcludeListUriMatchCriteriaArray{
&avi.WafpolicyCrsOverrideExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
Mode: pulumi.String("string"),
RuleOverrides: avi.WafpolicyCrsOverrideRuleOverrideArray{
&avi.WafpolicyCrsOverrideRuleOverrideArgs{
RuleId: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyCrsOverrideRuleOverrideExcludeListArray{
&avi.WafpolicyCrsOverrideRuleOverrideExcludeListArgs{
ClientSubnets: avi.WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetArray{
&avi.WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyCrsOverrideRuleOverrideExcludeListMatchElementCriteriaArray{
&avi.WafpolicyCrsOverrideRuleOverrideExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyCrsOverrideRuleOverrideExcludeListUriMatchCriteriaArray{
&avi.WafpolicyCrsOverrideRuleOverrideExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
Mode: pulumi.String("string"),
},
},
},
},
Description: pulumi.String("string"),
EnableAppLearning: pulumi.String("string"),
EnableAutoRuleUpdates: pulumi.String("string"),
EnableRegexLearning: pulumi.String("string"),
FailureMode: pulumi.String("string"),
AllowModeDelegation: pulumi.String("string"),
ApplicationSignatures: avi.WafpolicyApplicationSignatureArray{
&avi.WafpolicyApplicationSignatureArgs{
ProviderRef: pulumi.String("string"),
ResolvedRules: avi.WafpolicyApplicationSignatureResolvedRuleArray{
&avi.WafpolicyApplicationSignatureResolvedRuleArgs{
Index: pulumi.String("string"),
Rule: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyApplicationSignatureResolvedRuleExcludeListArray{
&avi.WafpolicyApplicationSignatureResolvedRuleExcludeListArgs{
ClientSubnets: avi.WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetArray{
&avi.WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyApplicationSignatureResolvedRuleExcludeListMatchElementCriteriaArray{
&avi.WafpolicyApplicationSignatureResolvedRuleExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyApplicationSignatureResolvedRuleExcludeListUriMatchCriteriaArray{
&avi.WafpolicyApplicationSignatureResolvedRuleExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
IsSensitive: pulumi.String("string"),
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
ParanoiaLevel: pulumi.String("string"),
Phase: pulumi.String("string"),
RuleId: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
},
RuleOverrides: avi.WafpolicyApplicationSignatureRuleOverrideArray{
&avi.WafpolicyApplicationSignatureRuleOverrideArgs{
RuleId: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyApplicationSignatureRuleOverrideExcludeListArray{
&avi.WafpolicyApplicationSignatureRuleOverrideExcludeListArgs{
ClientSubnets: avi.WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetArray{
&avi.WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyApplicationSignatureRuleOverrideExcludeListMatchElementCriteriaArray{
&avi.WafpolicyApplicationSignatureRuleOverrideExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyApplicationSignatureRuleOverrideExcludeListUriMatchCriteriaArray{
&avi.WafpolicyApplicationSignatureRuleOverrideExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
Mode: pulumi.String("string"),
},
},
RulesetVersion: pulumi.String("string"),
SelectedApplications: pulumi.StringArray{
pulumi.String("string"),
},
},
},
LearningParams: avi.WafpolicyLearningParamArray{
&avi.WafpolicyLearningParamArgs{
EnableLearnFromBots: pulumi.String("string"),
EnablePerUriLearning: pulumi.String("string"),
LearnFromAuthenticatedClientsOnly: pulumi.String("string"),
LearnFromBots: avi.WafpolicyLearningParamLearnFromBotArray{
&avi.WafpolicyLearningParamLearnFromBotArgs{
MatchOperation: pulumi.String("string"),
Classifications: avi.WafpolicyLearningParamLearnFromBotClassificationArray{
&avi.WafpolicyLearningParamLearnFromBotClassificationArgs{
Type: pulumi.String("string"),
UserDefinedType: pulumi.String("string"),
},
},
},
},
MaxParams: pulumi.String("string"),
MaxUris: pulumi.String("string"),
MinHitsToLearn: pulumi.String("string"),
SamplingPercent: pulumi.String("string"),
TrustedIpgroupRef: pulumi.String("string"),
UpdateInterval: pulumi.String("string"),
},
},
PreCrsGroups: avi.WafpolicyPreCrsGroupArray{
&avi.WafpolicyPreCrsGroupArgs{
Index: pulumi.String("string"),
Name: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyPreCrsGroupExcludeListArray{
&avi.WafpolicyPreCrsGroupExcludeListArgs{
ClientSubnets: avi.WafpolicyPreCrsGroupExcludeListClientSubnetArray{
&avi.WafpolicyPreCrsGroupExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyPreCrsGroupExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyPreCrsGroupExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyPreCrsGroupExcludeListMatchElementCriteriaArray{
&avi.WafpolicyPreCrsGroupExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyPreCrsGroupExcludeListUriMatchCriteriaArray{
&avi.WafpolicyPreCrsGroupExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
Rules: avi.WafpolicyPreCrsGroupRuleArray{
&avi.WafpolicyPreCrsGroupRuleArgs{
Index: pulumi.String("string"),
Rule: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyPreCrsGroupRuleExcludeListArray{
&avi.WafpolicyPreCrsGroupRuleExcludeListArgs{
ClientSubnets: avi.WafpolicyPreCrsGroupRuleExcludeListClientSubnetArray{
&avi.WafpolicyPreCrsGroupRuleExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyPreCrsGroupRuleExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyPreCrsGroupRuleExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyPreCrsGroupRuleExcludeListMatchElementCriteriaArray{
&avi.WafpolicyPreCrsGroupRuleExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyPreCrsGroupRuleExcludeListUriMatchCriteriaArray{
&avi.WafpolicyPreCrsGroupRuleExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
IsSensitive: pulumi.String("string"),
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
ParanoiaLevel: pulumi.String("string"),
Phase: pulumi.String("string"),
RuleId: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
ParanoiaLevel: pulumi.String("string"),
Markers: avi.WafpolicyMarkerArray{
&avi.WafpolicyMarkerArgs{
Key: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
PostCrsGroups: avi.WafpolicyPostCrsGroupArray{
&avi.WafpolicyPostCrsGroupArgs{
Index: pulumi.String("string"),
Name: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyPostCrsGroupExcludeListArray{
&avi.WafpolicyPostCrsGroupExcludeListArgs{
ClientSubnets: avi.WafpolicyPostCrsGroupExcludeListClientSubnetArray{
&avi.WafpolicyPostCrsGroupExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyPostCrsGroupExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyPostCrsGroupExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyPostCrsGroupExcludeListMatchElementCriteriaArray{
&avi.WafpolicyPostCrsGroupExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyPostCrsGroupExcludeListUriMatchCriteriaArray{
&avi.WafpolicyPostCrsGroupExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
Rules: avi.WafpolicyPostCrsGroupRuleArray{
&avi.WafpolicyPostCrsGroupRuleArgs{
Index: pulumi.String("string"),
Rule: pulumi.String("string"),
Enable: pulumi.String("string"),
ExcludeLists: avi.WafpolicyPostCrsGroupRuleExcludeListArray{
&avi.WafpolicyPostCrsGroupRuleExcludeListArgs{
ClientSubnets: avi.WafpolicyPostCrsGroupRuleExcludeListClientSubnetArray{
&avi.WafpolicyPostCrsGroupRuleExcludeListClientSubnetArgs{
IpAddrs: avi.WafpolicyPostCrsGroupRuleExcludeListClientSubnetIpAddrArray{
&avi.WafpolicyPostCrsGroupRuleExcludeListClientSubnetIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MatchElement: pulumi.String("string"),
MatchElementCriterias: avi.WafpolicyPostCrsGroupRuleExcludeListMatchElementCriteriaArray{
&avi.WafpolicyPostCrsGroupRuleExcludeListMatchElementCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriMatchCriterias: avi.WafpolicyPostCrsGroupRuleExcludeListUriMatchCriteriaArray{
&avi.WafpolicyPostCrsGroupRuleExcludeListUriMatchCriteriaArgs{
MatchCase: pulumi.String("string"),
MatchOp: pulumi.String("string"),
},
},
UriPath: pulumi.String("string"),
},
},
IsSensitive: pulumi.String("string"),
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
ParanoiaLevel: pulumi.String("string"),
Phase: pulumi.String("string"),
RuleId: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
MinConfidence: pulumi.String("string"),
RequiredDataFiles: avi.WafpolicyRequiredDataFileArray{
&avi.WafpolicyRequiredDataFileArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
TenantRef: pulumi.String("string"),
UpdatedCrsRulesInDetectionMode: pulumi.String("string"),
Uuid: pulumi.String("string"),
WafCrsRef: pulumi.String("string"),
Allowlists: avi.WafpolicyAllowlistArray{
&avi.WafpolicyAllowlistArgs{
Rules: avi.WafpolicyAllowlistRuleArray{
&avi.WafpolicyAllowlistRuleArgs{
Actions: pulumi.StringArray{
pulumi.String("string"),
},
Index: pulumi.String("string"),
Matches: avi.WafpolicyAllowlistRuleMatchArray{
&avi.WafpolicyAllowlistRuleMatchArgs{
BotDetectionResults: avi.WafpolicyAllowlistRuleMatchBotDetectionResultArray{
&avi.WafpolicyAllowlistRuleMatchBotDetectionResultArgs{
MatchOperation: pulumi.String("string"),
Classifications: avi.WafpolicyAllowlistRuleMatchBotDetectionResultClassificationArray{
&avi.WafpolicyAllowlistRuleMatchBotDetectionResultClassificationArgs{
Type: pulumi.String("string"),
UserDefinedType: pulumi.String("string"),
},
},
},
},
ClientIps: avi.WafpolicyAllowlistRuleMatchClientIpArray{
&avi.WafpolicyAllowlistRuleMatchClientIpArgs{
MatchCriteria: pulumi.String("string"),
Addrs: avi.WafpolicyAllowlistRuleMatchClientIpAddrArray{
&avi.WafpolicyAllowlistRuleMatchClientIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
GroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
Prefixes: avi.WafpolicyAllowlistRuleMatchClientIpPrefixArray{
&avi.WafpolicyAllowlistRuleMatchClientIpPrefixArgs{
IpAddrs: avi.WafpolicyAllowlistRuleMatchClientIpPrefixIpAddrArray{
&avi.WafpolicyAllowlistRuleMatchClientIpPrefixIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Ranges: avi.WafpolicyAllowlistRuleMatchClientIpRangeArray{
&avi.WafpolicyAllowlistRuleMatchClientIpRangeArgs{
Begins: avi.WafpolicyAllowlistRuleMatchClientIpRangeBeginArray{
&avi.WafpolicyAllowlistRuleMatchClientIpRangeBeginArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Ends: avi.WafpolicyAllowlistRuleMatchClientIpRangeEndArray{
&avi.WafpolicyAllowlistRuleMatchClientIpRangeEndArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
},
},
},
},
Cookies: avi.WafpolicyAllowlistRuleMatchCookieArray{
&avi.WafpolicyAllowlistRuleMatchCookieArgs{
MatchCriteria: pulumi.String("string"),
Name: pulumi.String("string"),
MatchCase: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
GeoMatches: avi.WafpolicyAllowlistRuleMatchGeoMatchArray{
&avi.WafpolicyAllowlistRuleMatchGeoMatchArgs{
Attribute: pulumi.String("string"),
MatchOperation: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Hdrs: avi.WafpolicyAllowlistRuleMatchHdrArray{
&avi.WafpolicyAllowlistRuleMatchHdrArgs{
Hdr: pulumi.String("string"),
MatchCriteria: pulumi.String("string"),
MatchCase: pulumi.String("string"),
StringGroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
HostHdrs: avi.WafpolicyAllowlistRuleMatchHostHdrArray{
&avi.WafpolicyAllowlistRuleMatchHostHdrArgs{
MatchCriteria: pulumi.String("string"),
MatchCase: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
IpReputationTypes: avi.WafpolicyAllowlistRuleMatchIpReputationTypeArray{
&avi.WafpolicyAllowlistRuleMatchIpReputationTypeArgs{
MatchOperation: pulumi.String("string"),
ReputationTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Methods: avi.WafpolicyAllowlistRuleMatchMethodArray{
&avi.WafpolicyAllowlistRuleMatchMethodArgs{
MatchCriteria: pulumi.String("string"),
Methods: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Paths: avi.WafpolicyAllowlistRuleMatchPathArray{
&avi.WafpolicyAllowlistRuleMatchPathArgs{
MatchCriteria: pulumi.String("string"),
MatchCase: pulumi.String("string"),
MatchDecodedString: pulumi.String("string"),
MatchStrs: pulumi.StringArray{
pulumi.String("string"),
},
StringGroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: avi.WafpolicyAllowlistRuleMatchProtocolArray{
&avi.WafpolicyAllowlistRuleMatchProtocolArgs{
MatchCriteria: pulumi.String("string"),
Protocols: pulumi.String("string"),
},
},
Queries: avi.WafpolicyAllowlistRuleMatchQueryArray{
&avi.WafpolicyAllowlistRuleMatchQueryArgs{
MatchCriteria: pulumi.String("string"),
MatchCase: pulumi.String("string"),
MatchDecodedString: pulumi.String("string"),
MatchStrs: pulumi.StringArray{
pulumi.String("string"),
},
StringGroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SourceIps: avi.WafpolicyAllowlistRuleMatchSourceIpArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpArgs{
MatchCriteria: pulumi.String("string"),
Addrs: avi.WafpolicyAllowlistRuleMatchSourceIpAddrArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
GroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
Prefixes: avi.WafpolicyAllowlistRuleMatchSourceIpPrefixArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpPrefixArgs{
IpAddrs: avi.WafpolicyAllowlistRuleMatchSourceIpPrefixIpAddrArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpPrefixIpAddrArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Mask: pulumi.String("string"),
},
},
Ranges: avi.WafpolicyAllowlistRuleMatchSourceIpRangeArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpRangeArgs{
Begins: avi.WafpolicyAllowlistRuleMatchSourceIpRangeBeginArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpRangeBeginArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Ends: avi.WafpolicyAllowlistRuleMatchSourceIpRangeEndArray{
&avi.WafpolicyAllowlistRuleMatchSourceIpRangeEndArgs{
Addr: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
},
},
},
},
TlsFingerprintMatches: avi.WafpolicyAllowlistRuleMatchTlsFingerprintMatchArray{
&avi.WafpolicyAllowlistRuleMatchTlsFingerprintMatchArgs{
MatchOperation: pulumi.String("string"),
Fingerprints: pulumi.StringArray{
pulumi.String("string"),
},
StringGroupRefs: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Versions: avi.WafpolicyAllowlistRuleMatchVersionArray{
&avi.WafpolicyAllowlistRuleMatchVersionArgs{
MatchCriteria: pulumi.String("string"),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
VsPorts: avi.WafpolicyAllowlistRuleMatchVsPortArray{
&avi.WafpolicyAllowlistRuleMatchVsPortArgs{
MatchCriteria: pulumi.String("string"),
Ports: pulumi.Float64Array{
pulumi.Float64(0),
},
},
},
},
},
Name: pulumi.String("string"),
Description: pulumi.String("string"),
Enable: pulumi.String("string"),
SamplingPercent: pulumi.String("string"),
},
},
},
},
WafpolicyId: pulumi.String("string"),
})
var wafpolicyResource = new Wafpolicy("wafpolicyResource", WafpolicyArgs.builder()
.wafProfileRef("string")
.geoDbRef("string")
.positiveSecurityModels(WafpolicyPositiveSecurityModelArgs.builder()
.groupRefs("string")
.build())
.autoUpdateCrs("string")
.bypassStaticExtensions("string")
.confidenceOverrides(WafpolicyConfidenceOverrideArgs.builder()
.confidHighValue("string")
.confidLowValue("string")
.confidProbableValue("string")
.confidVeryHighValue("string")
.build())
.configpbAttributes(WafpolicyConfigpbAttributeArgs.builder()
.version("string")
.build())
.createdBy("string")
.crsOverrides(WafpolicyCrsOverrideArgs.builder()
.name("string")
.enable("string")
.excludeLists(WafpolicyCrsOverrideExcludeListArgs.builder()
.clientSubnets(WafpolicyCrsOverrideExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyCrsOverrideExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyCrsOverrideExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyCrsOverrideExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.mode("string")
.ruleOverrides(WafpolicyCrsOverrideRuleOverrideArgs.builder()
.ruleId("string")
.enable("string")
.excludeLists(WafpolicyCrsOverrideRuleOverrideExcludeListArgs.builder()
.clientSubnets(WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyCrsOverrideRuleOverrideExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyCrsOverrideRuleOverrideExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.mode("string")
.build())
.build())
.description("string")
.enableAppLearning("string")
.enableAutoRuleUpdates("string")
.enableRegexLearning("string")
.failureMode("string")
.allowModeDelegation("string")
.applicationSignatures(WafpolicyApplicationSignatureArgs.builder()
.providerRef("string")
.resolvedRules(WafpolicyApplicationSignatureResolvedRuleArgs.builder()
.index("string")
.rule("string")
.enable("string")
.excludeLists(WafpolicyApplicationSignatureResolvedRuleExcludeListArgs.builder()
.clientSubnets(WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyApplicationSignatureResolvedRuleExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyApplicationSignatureResolvedRuleExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.isSensitive("string")
.mode("string")
.name("string")
.paranoiaLevel("string")
.phase("string")
.ruleId("string")
.tags("string")
.build())
.ruleOverrides(WafpolicyApplicationSignatureRuleOverrideArgs.builder()
.ruleId("string")
.enable("string")
.excludeLists(WafpolicyApplicationSignatureRuleOverrideExcludeListArgs.builder()
.clientSubnets(WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyApplicationSignatureRuleOverrideExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyApplicationSignatureRuleOverrideExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.mode("string")
.build())
.rulesetVersion("string")
.selectedApplications("string")
.build())
.learningParams(WafpolicyLearningParamArgs.builder()
.enableLearnFromBots("string")
.enablePerUriLearning("string")
.learnFromAuthenticatedClientsOnly("string")
.learnFromBots(WafpolicyLearningParamLearnFromBotArgs.builder()
.matchOperation("string")
.classifications(WafpolicyLearningParamLearnFromBotClassificationArgs.builder()
.type("string")
.userDefinedType("string")
.build())
.build())
.maxParams("string")
.maxUris("string")
.minHitsToLearn("string")
.samplingPercent("string")
.trustedIpgroupRef("string")
.updateInterval("string")
.build())
.preCrsGroups(WafpolicyPreCrsGroupArgs.builder()
.index("string")
.name("string")
.enable("string")
.excludeLists(WafpolicyPreCrsGroupExcludeListArgs.builder()
.clientSubnets(WafpolicyPreCrsGroupExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyPreCrsGroupExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyPreCrsGroupExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyPreCrsGroupExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.rules(WafpolicyPreCrsGroupRuleArgs.builder()
.index("string")
.rule("string")
.enable("string")
.excludeLists(WafpolicyPreCrsGroupRuleExcludeListArgs.builder()
.clientSubnets(WafpolicyPreCrsGroupRuleExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyPreCrsGroupRuleExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyPreCrsGroupRuleExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyPreCrsGroupRuleExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.isSensitive("string")
.mode("string")
.name("string")
.paranoiaLevel("string")
.phase("string")
.ruleId("string")
.tags("string")
.build())
.build())
.mode("string")
.name("string")
.paranoiaLevel("string")
.markers(WafpolicyMarkerArgs.builder()
.key("string")
.values("string")
.build())
.postCrsGroups(WafpolicyPostCrsGroupArgs.builder()
.index("string")
.name("string")
.enable("string")
.excludeLists(WafpolicyPostCrsGroupExcludeListArgs.builder()
.clientSubnets(WafpolicyPostCrsGroupExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyPostCrsGroupExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyPostCrsGroupExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyPostCrsGroupExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.rules(WafpolicyPostCrsGroupRuleArgs.builder()
.index("string")
.rule("string")
.enable("string")
.excludeLists(WafpolicyPostCrsGroupRuleExcludeListArgs.builder()
.clientSubnets(WafpolicyPostCrsGroupRuleExcludeListClientSubnetArgs.builder()
.ipAddrs(WafpolicyPostCrsGroupRuleExcludeListClientSubnetIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.description("string")
.matchElement("string")
.matchElementCriterias(WafpolicyPostCrsGroupRuleExcludeListMatchElementCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriMatchCriterias(WafpolicyPostCrsGroupRuleExcludeListUriMatchCriteriaArgs.builder()
.matchCase("string")
.matchOp("string")
.build())
.uriPath("string")
.build())
.isSensitive("string")
.mode("string")
.name("string")
.paranoiaLevel("string")
.phase("string")
.ruleId("string")
.tags("string")
.build())
.build())
.minConfidence("string")
.requiredDataFiles(WafpolicyRequiredDataFileArgs.builder()
.name("string")
.type("string")
.build())
.tenantRef("string")
.updatedCrsRulesInDetectionMode("string")
.uuid("string")
.wafCrsRef("string")
.allowlists(WafpolicyAllowlistArgs.builder()
.rules(WafpolicyAllowlistRuleArgs.builder()
.actions("string")
.index("string")
.matches(WafpolicyAllowlistRuleMatchArgs.builder()
.botDetectionResults(WafpolicyAllowlistRuleMatchBotDetectionResultArgs.builder()
.matchOperation("string")
.classifications(WafpolicyAllowlistRuleMatchBotDetectionResultClassificationArgs.builder()
.type("string")
.userDefinedType("string")
.build())
.build())
.clientIps(WafpolicyAllowlistRuleMatchClientIpArgs.builder()
.matchCriteria("string")
.addrs(WafpolicyAllowlistRuleMatchClientIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.groupRefs("string")
.prefixes(WafpolicyAllowlistRuleMatchClientIpPrefixArgs.builder()
.ipAddrs(WafpolicyAllowlistRuleMatchClientIpPrefixIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.ranges(WafpolicyAllowlistRuleMatchClientIpRangeArgs.builder()
.begins(WafpolicyAllowlistRuleMatchClientIpRangeBeginArgs.builder()
.addr("string")
.type("string")
.build())
.ends(WafpolicyAllowlistRuleMatchClientIpRangeEndArgs.builder()
.addr("string")
.type("string")
.build())
.build())
.build())
.cookies(WafpolicyAllowlistRuleMatchCookieArgs.builder()
.matchCriteria("string")
.name("string")
.matchCase("string")
.value("string")
.build())
.geoMatches(WafpolicyAllowlistRuleMatchGeoMatchArgs.builder()
.attribute("string")
.matchOperation("string")
.values("string")
.build())
.hdrs(WafpolicyAllowlistRuleMatchHdrArgs.builder()
.hdr("string")
.matchCriteria("string")
.matchCase("string")
.stringGroupRefs("string")
.values("string")
.build())
.hostHdrs(WafpolicyAllowlistRuleMatchHostHdrArgs.builder()
.matchCriteria("string")
.matchCase("string")
.values("string")
.build())
.ipReputationTypes(WafpolicyAllowlistRuleMatchIpReputationTypeArgs.builder()
.matchOperation("string")
.reputationTypes("string")
.build())
.methods(WafpolicyAllowlistRuleMatchMethodArgs.builder()
.matchCriteria("string")
.methods("string")
.build())
.paths(WafpolicyAllowlistRuleMatchPathArgs.builder()
.matchCriteria("string")
.matchCase("string")
.matchDecodedString("string")
.matchStrs("string")
.stringGroupRefs("string")
.build())
.protocols(WafpolicyAllowlistRuleMatchProtocolArgs.builder()
.matchCriteria("string")
.protocols("string")
.build())
.queries(WafpolicyAllowlistRuleMatchQueryArgs.builder()
.matchCriteria("string")
.matchCase("string")
.matchDecodedString("string")
.matchStrs("string")
.stringGroupRefs("string")
.build())
.sourceIps(WafpolicyAllowlistRuleMatchSourceIpArgs.builder()
.matchCriteria("string")
.addrs(WafpolicyAllowlistRuleMatchSourceIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.groupRefs("string")
.prefixes(WafpolicyAllowlistRuleMatchSourceIpPrefixArgs.builder()
.ipAddrs(WafpolicyAllowlistRuleMatchSourceIpPrefixIpAddrArgs.builder()
.addr("string")
.type("string")
.build())
.mask("string")
.build())
.ranges(WafpolicyAllowlistRuleMatchSourceIpRangeArgs.builder()
.begins(WafpolicyAllowlistRuleMatchSourceIpRangeBeginArgs.builder()
.addr("string")
.type("string")
.build())
.ends(WafpolicyAllowlistRuleMatchSourceIpRangeEndArgs.builder()
.addr("string")
.type("string")
.build())
.build())
.build())
.tlsFingerprintMatches(WafpolicyAllowlistRuleMatchTlsFingerprintMatchArgs.builder()
.matchOperation("string")
.fingerprints("string")
.stringGroupRefs("string")
.build())
.versions(WafpolicyAllowlistRuleMatchVersionArgs.builder()
.matchCriteria("string")
.versions("string")
.build())
.vsPorts(WafpolicyAllowlistRuleMatchVsPortArgs.builder()
.matchCriteria("string")
.ports(0)
.build())
.build())
.name("string")
.description("string")
.enable("string")
.samplingPercent("string")
.build())
.build())
.wafpolicyId("string")
.build());
wafpolicy_resource = avi.Wafpolicy("wafpolicyResource",
waf_profile_ref="string",
geo_db_ref="string",
positive_security_models=[{
"group_refs": ["string"],
}],
auto_update_crs="string",
bypass_static_extensions="string",
confidence_overrides=[{
"confid_high_value": "string",
"confid_low_value": "string",
"confid_probable_value": "string",
"confid_very_high_value": "string",
}],
configpb_attributes=[{
"version": "string",
}],
created_by="string",
crs_overrides=[{
"name": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"mode": "string",
"rule_overrides": [{
"rule_id": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"mode": "string",
}],
}],
description="string",
enable_app_learning="string",
enable_auto_rule_updates="string",
enable_regex_learning="string",
failure_mode="string",
allow_mode_delegation="string",
application_signatures=[{
"provider_ref": "string",
"resolved_rules": [{
"index": "string",
"rule": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"is_sensitive": "string",
"mode": "string",
"name": "string",
"paranoia_level": "string",
"phase": "string",
"rule_id": "string",
"tags": ["string"],
}],
"rule_overrides": [{
"rule_id": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"mode": "string",
}],
"ruleset_version": "string",
"selected_applications": ["string"],
}],
learning_params=[{
"enable_learn_from_bots": "string",
"enable_per_uri_learning": "string",
"learn_from_authenticated_clients_only": "string",
"learn_from_bots": [{
"match_operation": "string",
"classifications": [{
"type": "string",
"user_defined_type": "string",
}],
}],
"max_params": "string",
"max_uris": "string",
"min_hits_to_learn": "string",
"sampling_percent": "string",
"trusted_ipgroup_ref": "string",
"update_interval": "string",
}],
pre_crs_groups=[{
"index": "string",
"name": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"rules": [{
"index": "string",
"rule": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"is_sensitive": "string",
"mode": "string",
"name": "string",
"paranoia_level": "string",
"phase": "string",
"rule_id": "string",
"tags": ["string"],
}],
}],
mode="string",
name="string",
paranoia_level="string",
markers=[{
"key": "string",
"values": ["string"],
}],
post_crs_groups=[{
"index": "string",
"name": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"rules": [{
"index": "string",
"rule": "string",
"enable": "string",
"exclude_lists": [{
"client_subnets": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"description": "string",
"match_element": "string",
"match_element_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_match_criterias": [{
"match_case": "string",
"match_op": "string",
}],
"uri_path": "string",
}],
"is_sensitive": "string",
"mode": "string",
"name": "string",
"paranoia_level": "string",
"phase": "string",
"rule_id": "string",
"tags": ["string"],
}],
}],
min_confidence="string",
required_data_files=[{
"name": "string",
"type": "string",
}],
tenant_ref="string",
updated_crs_rules_in_detection_mode="string",
uuid="string",
waf_crs_ref="string",
allowlists=[{
"rules": [{
"actions": ["string"],
"index": "string",
"matches": [{
"bot_detection_results": [{
"match_operation": "string",
"classifications": [{
"type": "string",
"user_defined_type": "string",
}],
}],
"client_ips": [{
"match_criteria": "string",
"addrs": [{
"addr": "string",
"type": "string",
}],
"group_refs": ["string"],
"prefixes": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"ranges": [{
"begins": [{
"addr": "string",
"type": "string",
}],
"ends": [{
"addr": "string",
"type": "string",
}],
}],
}],
"cookies": [{
"match_criteria": "string",
"name": "string",
"match_case": "string",
"value": "string",
}],
"geo_matches": [{
"attribute": "string",
"match_operation": "string",
"values": ["string"],
}],
"hdrs": [{
"hdr": "string",
"match_criteria": "string",
"match_case": "string",
"string_group_refs": ["string"],
"values": ["string"],
}],
"host_hdrs": [{
"match_criteria": "string",
"match_case": "string",
"values": ["string"],
}],
"ip_reputation_types": [{
"match_operation": "string",
"reputation_types": ["string"],
}],
"methods": [{
"match_criteria": "string",
"methods": ["string"],
}],
"paths": [{
"match_criteria": "string",
"match_case": "string",
"match_decoded_string": "string",
"match_strs": ["string"],
"string_group_refs": ["string"],
}],
"protocols": [{
"match_criteria": "string",
"protocols": "string",
}],
"queries": [{
"match_criteria": "string",
"match_case": "string",
"match_decoded_string": "string",
"match_strs": ["string"],
"string_group_refs": ["string"],
}],
"source_ips": [{
"match_criteria": "string",
"addrs": [{
"addr": "string",
"type": "string",
}],
"group_refs": ["string"],
"prefixes": [{
"ip_addrs": [{
"addr": "string",
"type": "string",
}],
"mask": "string",
}],
"ranges": [{
"begins": [{
"addr": "string",
"type": "string",
}],
"ends": [{
"addr": "string",
"type": "string",
}],
}],
}],
"tls_fingerprint_matches": [{
"match_operation": "string",
"fingerprints": ["string"],
"string_group_refs": ["string"],
}],
"versions": [{
"match_criteria": "string",
"versions": ["string"],
}],
"vs_ports": [{
"match_criteria": "string",
"ports": [0],
}],
}],
"name": "string",
"description": "string",
"enable": "string",
"sampling_percent": "string",
}],
}],
wafpolicy_id="string")
const wafpolicyResource = new avi.Wafpolicy("wafpolicyResource", {
wafProfileRef: "string",
geoDbRef: "string",
positiveSecurityModels: [{
groupRefs: ["string"],
}],
autoUpdateCrs: "string",
bypassStaticExtensions: "string",
confidenceOverrides: [{
confidHighValue: "string",
confidLowValue: "string",
confidProbableValue: "string",
confidVeryHighValue: "string",
}],
configpbAttributes: [{
version: "string",
}],
createdBy: "string",
crsOverrides: [{
name: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
mode: "string",
ruleOverrides: [{
ruleId: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
mode: "string",
}],
}],
description: "string",
enableAppLearning: "string",
enableAutoRuleUpdates: "string",
enableRegexLearning: "string",
failureMode: "string",
allowModeDelegation: "string",
applicationSignatures: [{
providerRef: "string",
resolvedRules: [{
index: "string",
rule: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
isSensitive: "string",
mode: "string",
name: "string",
paranoiaLevel: "string",
phase: "string",
ruleId: "string",
tags: ["string"],
}],
ruleOverrides: [{
ruleId: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
mode: "string",
}],
rulesetVersion: "string",
selectedApplications: ["string"],
}],
learningParams: [{
enableLearnFromBots: "string",
enablePerUriLearning: "string",
learnFromAuthenticatedClientsOnly: "string",
learnFromBots: [{
matchOperation: "string",
classifications: [{
type: "string",
userDefinedType: "string",
}],
}],
maxParams: "string",
maxUris: "string",
minHitsToLearn: "string",
samplingPercent: "string",
trustedIpgroupRef: "string",
updateInterval: "string",
}],
preCrsGroups: [{
index: "string",
name: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
rules: [{
index: "string",
rule: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
isSensitive: "string",
mode: "string",
name: "string",
paranoiaLevel: "string",
phase: "string",
ruleId: "string",
tags: ["string"],
}],
}],
mode: "string",
name: "string",
paranoiaLevel: "string",
markers: [{
key: "string",
values: ["string"],
}],
postCrsGroups: [{
index: "string",
name: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
rules: [{
index: "string",
rule: "string",
enable: "string",
excludeLists: [{
clientSubnets: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
description: "string",
matchElement: "string",
matchElementCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriMatchCriterias: [{
matchCase: "string",
matchOp: "string",
}],
uriPath: "string",
}],
isSensitive: "string",
mode: "string",
name: "string",
paranoiaLevel: "string",
phase: "string",
ruleId: "string",
tags: ["string"],
}],
}],
minConfidence: "string",
requiredDataFiles: [{
name: "string",
type: "string",
}],
tenantRef: "string",
updatedCrsRulesInDetectionMode: "string",
uuid: "string",
wafCrsRef: "string",
allowlists: [{
rules: [{
actions: ["string"],
index: "string",
matches: [{
botDetectionResults: [{
matchOperation: "string",
classifications: [{
type: "string",
userDefinedType: "string",
}],
}],
clientIps: [{
matchCriteria: "string",
addrs: [{
addr: "string",
type: "string",
}],
groupRefs: ["string"],
prefixes: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
ranges: [{
begins: [{
addr: "string",
type: "string",
}],
ends: [{
addr: "string",
type: "string",
}],
}],
}],
cookies: [{
matchCriteria: "string",
name: "string",
matchCase: "string",
value: "string",
}],
geoMatches: [{
attribute: "string",
matchOperation: "string",
values: ["string"],
}],
hdrs: [{
hdr: "string",
matchCriteria: "string",
matchCase: "string",
stringGroupRefs: ["string"],
values: ["string"],
}],
hostHdrs: [{
matchCriteria: "string",
matchCase: "string",
values: ["string"],
}],
ipReputationTypes: [{
matchOperation: "string",
reputationTypes: ["string"],
}],
methods: [{
matchCriteria: "string",
methods: ["string"],
}],
paths: [{
matchCriteria: "string",
matchCase: "string",
matchDecodedString: "string",
matchStrs: ["string"],
stringGroupRefs: ["string"],
}],
protocols: [{
matchCriteria: "string",
protocols: "string",
}],
queries: [{
matchCriteria: "string",
matchCase: "string",
matchDecodedString: "string",
matchStrs: ["string"],
stringGroupRefs: ["string"],
}],
sourceIps: [{
matchCriteria: "string",
addrs: [{
addr: "string",
type: "string",
}],
groupRefs: ["string"],
prefixes: [{
ipAddrs: [{
addr: "string",
type: "string",
}],
mask: "string",
}],
ranges: [{
begins: [{
addr: "string",
type: "string",
}],
ends: [{
addr: "string",
type: "string",
}],
}],
}],
tlsFingerprintMatches: [{
matchOperation: "string",
fingerprints: ["string"],
stringGroupRefs: ["string"],
}],
versions: [{
matchCriteria: "string",
versions: ["string"],
}],
vsPorts: [{
matchCriteria: "string",
ports: [0],
}],
}],
name: "string",
description: "string",
enable: "string",
samplingPercent: "string",
}],
}],
wafpolicyId: "string",
});
type: avi:Wafpolicy
properties:
allowModeDelegation: string
allowlists:
- rules:
- actions:
- string
description: string
enable: string
index: string
matches:
- botDetectionResults:
- classifications:
- type: string
userDefinedType: string
matchOperation: string
clientIps:
- addrs:
- addr: string
type: string
groupRefs:
- string
matchCriteria: string
prefixes:
- ipAddrs:
- addr: string
type: string
mask: string
ranges:
- begins:
- addr: string
type: string
ends:
- addr: string
type: string
cookies:
- matchCase: string
matchCriteria: string
name: string
value: string
geoMatches:
- attribute: string
matchOperation: string
values:
- string
hdrs:
- hdr: string
matchCase: string
matchCriteria: string
stringGroupRefs:
- string
values:
- string
hostHdrs:
- matchCase: string
matchCriteria: string
values:
- string
ipReputationTypes:
- matchOperation: string
reputationTypes:
- string
methods:
- matchCriteria: string
methods:
- string
paths:
- matchCase: string
matchCriteria: string
matchDecodedString: string
matchStrs:
- string
stringGroupRefs:
- string
protocols:
- matchCriteria: string
protocols: string
queries:
- matchCase: string
matchCriteria: string
matchDecodedString: string
matchStrs:
- string
stringGroupRefs:
- string
sourceIps:
- addrs:
- addr: string
type: string
groupRefs:
- string
matchCriteria: string
prefixes:
- ipAddrs:
- addr: string
type: string
mask: string
ranges:
- begins:
- addr: string
type: string
ends:
- addr: string
type: string
tlsFingerprintMatches:
- fingerprints:
- string
matchOperation: string
stringGroupRefs:
- string
versions:
- matchCriteria: string
versions:
- string
vsPorts:
- matchCriteria: string
ports:
- 0
name: string
samplingPercent: string
applicationSignatures:
- providerRef: string
resolvedRules:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
index: string
isSensitive: string
mode: string
name: string
paranoiaLevel: string
phase: string
rule: string
ruleId: string
tags:
- string
ruleOverrides:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
mode: string
ruleId: string
rulesetVersion: string
selectedApplications:
- string
autoUpdateCrs: string
bypassStaticExtensions: string
confidenceOverrides:
- confidHighValue: string
confidLowValue: string
confidProbableValue: string
confidVeryHighValue: string
configpbAttributes:
- version: string
createdBy: string
crsOverrides:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
mode: string
name: string
ruleOverrides:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
mode: string
ruleId: string
description: string
enableAppLearning: string
enableAutoRuleUpdates: string
enableRegexLearning: string
failureMode: string
geoDbRef: string
learningParams:
- enableLearnFromBots: string
enablePerUriLearning: string
learnFromAuthenticatedClientsOnly: string
learnFromBots:
- classifications:
- type: string
userDefinedType: string
matchOperation: string
maxParams: string
maxUris: string
minHitsToLearn: string
samplingPercent: string
trustedIpgroupRef: string
updateInterval: string
markers:
- key: string
values:
- string
minConfidence: string
mode: string
name: string
paranoiaLevel: string
positiveSecurityModels:
- groupRefs:
- string
postCrsGroups:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
index: string
name: string
rules:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
index: string
isSensitive: string
mode: string
name: string
paranoiaLevel: string
phase: string
rule: string
ruleId: string
tags:
- string
preCrsGroups:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
index: string
name: string
rules:
- enable: string
excludeLists:
- clientSubnets:
- ipAddrs:
- addr: string
type: string
mask: string
description: string
matchElement: string
matchElementCriterias:
- matchCase: string
matchOp: string
uriMatchCriterias:
- matchCase: string
matchOp: string
uriPath: string
index: string
isSensitive: string
mode: string
name: string
paranoiaLevel: string
phase: string
rule: string
ruleId: string
tags:
- string
requiredDataFiles:
- name: string
type: string
tenantRef: string
updatedCrsRulesInDetectionMode: string
uuid: string
wafCrsRef: string
wafProfileRef: string
wafpolicyId: string
Wafpolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Wafpolicy resource accepts the following input properties:
- Waf
Profile stringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Allow
Mode stringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Allowlists
List<Wafpolicy
Allowlist> - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Application
Signatures List<WafpolicyApplication Signature> - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Auto
Update stringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Bypass
Static stringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Confidence
Overrides List<WafpolicyConfidence Override> - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Configpb
Attributes List<WafpolicyConfigpb Attribute> - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Created
By string - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Crs
Overrides List<WafpolicyCrs Override> - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
App stringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Auto stringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Regex stringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Failure
Mode string - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Geo
Db stringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Learning
Params List<WafpolicyLearning Param> - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Markers
List<Wafpolicy
Marker> - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Min
Confidence string - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Positive
Security List<WafpolicyModels Positive Security Model> - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Post
Crs List<WafpolicyGroups Post Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Pre
Crs List<WafpolicyGroups Pre Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Required
Data List<WafpolicyFiles Required Data File> - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Tenant
Ref string - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Updated
Crs stringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Uuid string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Waf
Crs stringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Wafpolicy
Id string
- Waf
Profile stringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Allow
Mode stringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Allowlists
[]Wafpolicy
Allowlist Args - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Application
Signatures []WafpolicyApplication Signature Args - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Auto
Update stringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Bypass
Static stringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Confidence
Overrides []WafpolicyConfidence Override Args - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Configpb
Attributes []WafpolicyConfigpb Attribute Args - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Created
By string - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Crs
Overrides []WafpolicyCrs Override Args - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
App stringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Auto stringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Regex stringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Failure
Mode string - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Geo
Db stringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Learning
Params []WafpolicyLearning Param Args - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Markers
[]Wafpolicy
Marker Args - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Min
Confidence string - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Positive
Security []WafpolicyModels Positive Security Model Args - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Post
Crs []WafpolicyGroups Post Crs Group Args - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Pre
Crs []WafpolicyGroups Pre Crs Group Args - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Required
Data []WafpolicyFiles Required Data File Args - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Tenant
Ref string - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Updated
Crs stringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Uuid string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Waf
Crs stringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Wafpolicy
Id string
- waf
Profile StringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allow
Mode StringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists
List<Wafpolicy
Allowlist> - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application
Signatures List<WafpolicyApplication Signature> - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto
Update StringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass
Static StringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence
Overrides List<WafpolicyConfidence Override> - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb
Attributes List<WafpolicyConfigpb Attribute> - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created
By String - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs
Overrides List<WafpolicyCrs Override> - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
App StringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Auto StringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Regex StringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure
Mode String - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo
Db StringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning
Params List<WafpolicyLearning Param> - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers
List<Wafpolicy
Marker> - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min
Confidence String - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive
Security List<WafpolicyModels Positive Security Model> - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post
Crs List<WafpolicyGroups Post Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre
Crs List<WafpolicyGroups Pre Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required
Data List<WafpolicyFiles Required Data File> - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant
Ref String - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated
Crs StringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Crs StringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy
Id String
- waf
Profile stringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allow
Mode stringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists
Wafpolicy
Allowlist[] - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application
Signatures WafpolicyApplication Signature[] - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto
Update stringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass
Static stringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence
Overrides WafpolicyConfidence Override[] - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb
Attributes WafpolicyConfigpb Attribute[] - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created
By string - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs
Overrides WafpolicyCrs Override[] - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
App stringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Auto stringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Regex stringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure
Mode string - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo
Db stringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning
Params WafpolicyLearning Param[] - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers
Wafpolicy
Marker[] - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min
Confidence string - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive
Security WafpolicyModels Positive Security Model[] - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post
Crs WafpolicyGroups Post Crs Group[] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre
Crs WafpolicyGroups Pre Crs Group[] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required
Data WafpolicyFiles Required Data File[] - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant
Ref string - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated
Crs stringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Crs stringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy
Id string
- waf_
profile_ strref - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allow_
mode_ strdelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists
Sequence[Wafpolicy
Allowlist Args] - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application_
signatures Sequence[WafpolicyApplication Signature Args] - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto_
update_ strcrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass_
static_ strextensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence_
overrides Sequence[WafpolicyConfidence Override Args] - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb_
attributes Sequence[WafpolicyConfigpb Attribute Args] - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created_
by str - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs_
overrides Sequence[WafpolicyCrs Override Args] - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable_
app_ strlearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable_
auto_ strrule_ updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable_
regex_ strlearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure_
mode str - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo_
db_ strref - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning_
params Sequence[WafpolicyLearning Param Args] - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers
Sequence[Wafpolicy
Marker Args] - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min_
confidence str - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia_
level str - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive_
security_ Sequence[Wafpolicymodels Positive Security Model Args] - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post_
crs_ Sequence[Wafpolicygroups Post Crs Group Args] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre_
crs_ Sequence[Wafpolicygroups Pre Crs Group Args] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required_
data_ Sequence[Wafpolicyfiles Required Data File Args] - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant_
ref str - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated_
crs_ strrules_ in_ detection_ mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf_
crs_ strref - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy_
id str
- waf
Profile StringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allow
Mode StringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists List<Property Map>
- A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application
Signatures List<Property Map> - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto
Update StringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass
Static StringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence
Overrides List<Property Map> - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb
Attributes List<Property Map> - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created
By String - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs
Overrides List<Property Map> - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
App StringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Auto StringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Regex StringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure
Mode String - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo
Db StringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning
Params List<Property Map> - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers List<Property Map>
- List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min
Confidence String - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive
Security List<Property Map>Models - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post
Crs List<Property Map>Groups - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre
Crs List<Property Map>Groups - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required
Data List<Property Map>Files - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant
Ref String - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated
Crs StringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Crs StringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy
Id String
Outputs
All input properties are implicitly available as output properties. Additionally, the Wafpolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Wafpolicy Resource
Get an existing Wafpolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WafpolicyState, opts?: CustomResourceOptions): Wafpolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_mode_delegation: Optional[str] = None,
allowlists: Optional[Sequence[WafpolicyAllowlistArgs]] = None,
application_signatures: Optional[Sequence[WafpolicyApplicationSignatureArgs]] = None,
auto_update_crs: Optional[str] = None,
bypass_static_extensions: Optional[str] = None,
confidence_overrides: Optional[Sequence[WafpolicyConfidenceOverrideArgs]] = None,
configpb_attributes: Optional[Sequence[WafpolicyConfigpbAttributeArgs]] = None,
created_by: Optional[str] = None,
crs_overrides: Optional[Sequence[WafpolicyCrsOverrideArgs]] = None,
description: Optional[str] = None,
enable_app_learning: Optional[str] = None,
enable_auto_rule_updates: Optional[str] = None,
enable_regex_learning: Optional[str] = None,
failure_mode: Optional[str] = None,
geo_db_ref: Optional[str] = None,
learning_params: Optional[Sequence[WafpolicyLearningParamArgs]] = None,
markers: Optional[Sequence[WafpolicyMarkerArgs]] = None,
min_confidence: Optional[str] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
paranoia_level: Optional[str] = None,
positive_security_models: Optional[Sequence[WafpolicyPositiveSecurityModelArgs]] = None,
post_crs_groups: Optional[Sequence[WafpolicyPostCrsGroupArgs]] = None,
pre_crs_groups: Optional[Sequence[WafpolicyPreCrsGroupArgs]] = None,
required_data_files: Optional[Sequence[WafpolicyRequiredDataFileArgs]] = None,
tenant_ref: Optional[str] = None,
updated_crs_rules_in_detection_mode: Optional[str] = None,
uuid: Optional[str] = None,
waf_crs_ref: Optional[str] = None,
waf_profile_ref: Optional[str] = None,
wafpolicy_id: Optional[str] = None) -> Wafpolicyfunc GetWafpolicy(ctx *Context, name string, id IDInput, state *WafpolicyState, opts ...ResourceOption) (*Wafpolicy, error)public static Wafpolicy Get(string name, Input<string> id, WafpolicyState? state, CustomResourceOptions? opts = null)public static Wafpolicy get(String name, Output<String> id, WafpolicyState state, CustomResourceOptions options)resources: _: type: avi:Wafpolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Mode stringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Allowlists
List<Wafpolicy
Allowlist> - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Application
Signatures List<WafpolicyApplication Signature> - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Auto
Update stringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Bypass
Static stringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Confidence
Overrides List<WafpolicyConfidence Override> - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Configpb
Attributes List<WafpolicyConfigpb Attribute> - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Created
By string - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Crs
Overrides List<WafpolicyCrs Override> - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
App stringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Auto stringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Regex stringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Failure
Mode string - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Geo
Db stringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Learning
Params List<WafpolicyLearning Param> - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Markers
List<Wafpolicy
Marker> - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Min
Confidence string - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Positive
Security List<WafpolicyModels Positive Security Model> - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Post
Crs List<WafpolicyGroups Post Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Pre
Crs List<WafpolicyGroups Pre Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Required
Data List<WafpolicyFiles Required Data File> - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Tenant
Ref string - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Updated
Crs stringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Uuid string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Waf
Crs stringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Waf
Profile stringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Wafpolicy
Id string
- Allow
Mode stringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Allowlists
[]Wafpolicy
Allowlist Args - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Application
Signatures []WafpolicyApplication Signature Args - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Auto
Update stringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Bypass
Static stringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Confidence
Overrides []WafpolicyConfidence Override Args - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Configpb
Attributes []WafpolicyConfigpb Attribute Args - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Created
By string - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Crs
Overrides []WafpolicyCrs Override Args - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
App stringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Auto stringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable
Regex stringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Failure
Mode string - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Geo
Db stringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- Learning
Params []WafpolicyLearning Param Args - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Markers
[]Wafpolicy
Marker Args - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Min
Confidence string - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Positive
Security []WafpolicyModels Positive Security Model Args - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Post
Crs []WafpolicyGroups Post Crs Group Args - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Pre
Crs []WafpolicyGroups Pre Crs Group Args - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Required
Data []WafpolicyFiles Required Data File Args - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Tenant
Ref string - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Updated
Crs stringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- Uuid string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Waf
Crs stringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Waf
Profile stringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Wafpolicy
Id string
- allow
Mode StringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists
List<Wafpolicy
Allowlist> - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application
Signatures List<WafpolicyApplication Signature> - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto
Update StringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass
Static StringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence
Overrides List<WafpolicyConfidence Override> - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb
Attributes List<WafpolicyConfigpb Attribute> - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created
By String - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs
Overrides List<WafpolicyCrs Override> - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
App StringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Auto StringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Regex StringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure
Mode String - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo
Db StringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning
Params List<WafpolicyLearning Param> - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers
List<Wafpolicy
Marker> - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min
Confidence String - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive
Security List<WafpolicyModels Positive Security Model> - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post
Crs List<WafpolicyGroups Post Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre
Crs List<WafpolicyGroups Pre Crs Group> - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required
Data List<WafpolicyFiles Required Data File> - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant
Ref String - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated
Crs StringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Crs StringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Profile StringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy
Id String
- allow
Mode stringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists
Wafpolicy
Allowlist[] - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application
Signatures WafpolicyApplication Signature[] - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto
Update stringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass
Static stringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence
Overrides WafpolicyConfidence Override[] - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb
Attributes WafpolicyConfigpb Attribute[] - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created
By string - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs
Overrides WafpolicyCrs Override[] - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
App stringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Auto stringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Regex stringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure
Mode string - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo
Db stringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning
Params WafpolicyLearning Param[] - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers
Wafpolicy
Marker[] - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min
Confidence string - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive
Security WafpolicyModels Positive Security Model[] - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post
Crs WafpolicyGroups Post Crs Group[] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre
Crs WafpolicyGroups Pre Crs Group[] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required
Data WafpolicyFiles Required Data File[] - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant
Ref string - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated
Crs stringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Crs stringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Profile stringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy
Id string
- allow_
mode_ strdelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists
Sequence[Wafpolicy
Allowlist Args] - A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application_
signatures Sequence[WafpolicyApplication Signature Args] - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto_
update_ strcrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass_
static_ strextensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence_
overrides Sequence[WafpolicyConfidence Override Args] - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb_
attributes Sequence[WafpolicyConfigpb Attribute Args] - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created_
by str - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs_
overrides Sequence[WafpolicyCrs Override Args] - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable_
app_ strlearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable_
auto_ strrule_ updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable_
regex_ strlearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure_
mode str - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo_
db_ strref - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning_
params Sequence[WafpolicyLearning Param Args] - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers
Sequence[Wafpolicy
Marker Args] - List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min_
confidence str - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia_
level str - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive_
security_ Sequence[Wafpolicymodels Positive Security Model Args] - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post_
crs_ Sequence[Wafpolicygroups Post Crs Group Args] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre_
crs_ Sequence[Wafpolicygroups Pre Crs Group Args] - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required_
data_ Sequence[Wafpolicyfiles Required Data File Args] - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant_
ref str - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated_
crs_ strrules_ in_ detection_ mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf_
crs_ strref - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf_
profile_ strref - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy_
id str
- allow
Mode StringDelegation - Allow rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Field introduced in 18.1.5, 18.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- allowlists List<Property Map>
- A set of rules which describe conditions under which the request will bypass the waf. This will be processed in the request header phase before any other waf related code. Field introduced in 20.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- application
Signatures List<Property Map> - Application specific signatures. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- auto
Update StringCrs - If this flag is set, the system will try to keep the crs version used in this policy up-to-date. If a newer crs object is available on this controller, the system will issue the crs upgrade process for this waf policy. It will not update polices if the current crs version is crs-version-not-applicable. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- bypass
Static StringExtensions - Enable the functionality to bypass waf for static file extensions. Field introduced in 22.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- confidence
Overrides List<Property Map> - Configure thresholds for confidence labels. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- configpb
Attributes List<Property Map> - Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- created
By String - Creator name. Field introduced in 17.2.4. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- crs
Overrides List<Property Map> - Override attributes for crs rules. Field introduced in 20.1.6. Allowed with any value in enterprise, enterprise with cloud services edition.
- description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
App StringLearning - Enable application learning for this waf policy. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Auto StringRule Updates - Enable application learning based rule updates on the waf profile. Rules will be programmed in dedicated waf learning group. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable
Regex StringLearning - Enable dynamic regex generation for positive security model rules. This is an experimental feature and shouldn't be used in production. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- failure
Mode String - Waf policy failure mode. This can be 'open' or 'closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Field introduced in 18.1.2. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- geo
Db StringRef - Geo location mapping database used by this wafpolicy. It is a reference to an object of type geodb. Field introduced in 21.1.1. Allowed with any value in enterprise, enterprise with cloud services edition.
- learning
Params List<Property Map> - Parameters for tuning application learning. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- markers List<Property Map>
- List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- min
Confidence String - Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Field introduced in 20.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- positive
Security List<Property Map>Models - The positive security model. This is used to describe how the request or parts of the request should look like. It is executed in the request body phase of avi waf. Field introduced in 18.2.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- post
Crs List<Property Map>Groups - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- pre
Crs List<Property Map>Groups - Waf rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the crs groups. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- required
Data List<Property Map>Files - The data files and types referred in this waf policy. Field introduced in 22.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- tenant
Ref String - It is a reference to an object of type tenant. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- updated
Crs StringRules In Detection Mode - While updating crs, the system will make sure that new rules are added in detection mode. It only has an effect if the policy is in enforcement mode. In this case, the update will set new rules into detection mode by adding crs_overrides for the new rules. If this flag is not set or if the policy mode is detection, rules will be added without new crs_overrides. This option is used for the auto_update_crs workflow as well as for the ui based crs update workflow. Field introduced in 22.1.3. Allowed with any value in enterprise, enterprise with cloud services edition.
- uuid String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Crs StringRef - Waf core ruleset used for the crs part of this policy. It is a reference to an object of type wafcrs. Field introduced in 18.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- waf
Profile StringRef - Waf profile for waf policy. It is a reference to an object of type wafprofile. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- wafpolicy
Id String
Supporting Types
WafpolicyAllowlist, WafpolicyAllowlistArgs
WafpolicyAllowlistRule, WafpolicyAllowlistRuleArgs
- Actions List<string>
- Index string
- Matches
List<Wafpolicy
Allowlist Rule Match> - Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Sampling
Percent string
- Actions []string
- Index string
- Matches
[]Wafpolicy
Allowlist Rule Match - Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Sampling
Percent string
- actions List<String>
- index String
- matches
List<Wafpolicy
Allowlist Rule Match> - name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- sampling
Percent String
- actions string[]
- index string
- matches
Wafpolicy
Allowlist Rule Match[] - name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable string
- sampling
Percent string
- actions Sequence[str]
- index str
- matches
Sequence[Wafpolicy
Allowlist Rule Match] - name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable str
- sampling_
percent str
- actions List<String>
- index String
- matches List<Property Map>
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- sampling
Percent String
WafpolicyAllowlistRuleMatch, WafpolicyAllowlistRuleMatchArgs
- Bot
Detection List<WafpolicyResults Allowlist Rule Match Bot Detection Result> - Client
Ips List<WafpolicyAllowlist Rule Match Client Ip> -
List<Wafpolicy
Allowlist Rule Match Cookie> - Geo
Matches List<WafpolicyAllowlist Rule Match Geo Match> - Hdrs
List<Wafpolicy
Allowlist Rule Match Hdr> - Host
Hdrs List<WafpolicyAllowlist Rule Match Host Hdr> - Ip
Reputation List<WafpolicyTypes Allowlist Rule Match Ip Reputation Type> - Methods
List<Wafpolicy
Allowlist Rule Match Method> - Paths
List<Wafpolicy
Allowlist Rule Match Path> - Protocols
List<Wafpolicy
Allowlist Rule Match Protocol> - Queries
List<Wafpolicy
Allowlist Rule Match Query> - Source
Ips List<WafpolicyAllowlist Rule Match Source Ip> - Tls
Fingerprint List<WafpolicyMatches Allowlist Rule Match Tls Fingerprint Match> - Versions
List<Wafpolicy
Allowlist Rule Match Version> - Vs
Ports List<WafpolicyAllowlist Rule Match Vs Port>
- Bot
Detection []WafpolicyResults Allowlist Rule Match Bot Detection Result - Client
Ips []WafpolicyAllowlist Rule Match Client Ip -
[]Wafpolicy
Allowlist Rule Match Cookie - Geo
Matches []WafpolicyAllowlist Rule Match Geo Match - Hdrs
[]Wafpolicy
Allowlist Rule Match Hdr - Host
Hdrs []WafpolicyAllowlist Rule Match Host Hdr - Ip
Reputation []WafpolicyTypes Allowlist Rule Match Ip Reputation Type - Methods
[]Wafpolicy
Allowlist Rule Match Method - Paths
[]Wafpolicy
Allowlist Rule Match Path - Protocols
[]Wafpolicy
Allowlist Rule Match Protocol - Queries
[]Wafpolicy
Allowlist Rule Match Query - Source
Ips []WafpolicyAllowlist Rule Match Source Ip - Tls
Fingerprint []WafpolicyMatches Allowlist Rule Match Tls Fingerprint Match - Versions
[]Wafpolicy
Allowlist Rule Match Version - Vs
Ports []WafpolicyAllowlist Rule Match Vs Port
- bot
Detection List<WafpolicyResults Allowlist Rule Match Bot Detection Result> - client
Ips List<WafpolicyAllowlist Rule Match Client Ip> -
List<Wafpolicy
Allowlist Rule Match Cookie> - geo
Matches List<WafpolicyAllowlist Rule Match Geo Match> - hdrs
List<Wafpolicy
Allowlist Rule Match Hdr> - host
Hdrs List<WafpolicyAllowlist Rule Match Host Hdr> - ip
Reputation List<WafpolicyTypes Allowlist Rule Match Ip Reputation Type> - methods
List<Wafpolicy
Allowlist Rule Match Method> - paths
List<Wafpolicy
Allowlist Rule Match Path> - protocols
List<Wafpolicy
Allowlist Rule Match Protocol> - queries
List<Wafpolicy
Allowlist Rule Match Query> - source
Ips List<WafpolicyAllowlist Rule Match Source Ip> - tls
Fingerprint List<WafpolicyMatches Allowlist Rule Match Tls Fingerprint Match> - versions
List<Wafpolicy
Allowlist Rule Match Version> - vs
Ports List<WafpolicyAllowlist Rule Match Vs Port>
- bot
Detection WafpolicyResults Allowlist Rule Match Bot Detection Result[] - client
Ips WafpolicyAllowlist Rule Match Client Ip[] -
Wafpolicy
Allowlist Rule Match Cookie[] - geo
Matches WafpolicyAllowlist Rule Match Geo Match[] - hdrs
Wafpolicy
Allowlist Rule Match Hdr[] - host
Hdrs WafpolicyAllowlist Rule Match Host Hdr[] - ip
Reputation WafpolicyTypes Allowlist Rule Match Ip Reputation Type[] - methods
Wafpolicy
Allowlist Rule Match Method[] - paths
Wafpolicy
Allowlist Rule Match Path[] - protocols
Wafpolicy
Allowlist Rule Match Protocol[] - queries
Wafpolicy
Allowlist Rule Match Query[] - source
Ips WafpolicyAllowlist Rule Match Source Ip[] - tls
Fingerprint WafpolicyMatches Allowlist Rule Match Tls Fingerprint Match[] - versions
Wafpolicy
Allowlist Rule Match Version[] - vs
Ports WafpolicyAllowlist Rule Match Vs Port[]
- bot_
detection_ Sequence[Wafpolicyresults Allowlist Rule Match Bot Detection Result] - client_
ips Sequence[WafpolicyAllowlist Rule Match Client Ip] -
Sequence[Wafpolicy
Allowlist Rule Match Cookie] - geo_
matches Sequence[WafpolicyAllowlist Rule Match Geo Match] - hdrs
Sequence[Wafpolicy
Allowlist Rule Match Hdr] - host_
hdrs Sequence[WafpolicyAllowlist Rule Match Host Hdr] - ip_
reputation_ Sequence[Wafpolicytypes Allowlist Rule Match Ip Reputation Type] - methods
Sequence[Wafpolicy
Allowlist Rule Match Method] - paths
Sequence[Wafpolicy
Allowlist Rule Match Path] - protocols
Sequence[Wafpolicy
Allowlist Rule Match Protocol] - queries
Sequence[Wafpolicy
Allowlist Rule Match Query] - source_
ips Sequence[WafpolicyAllowlist Rule Match Source Ip] - tls_
fingerprint_ Sequence[Wafpolicymatches Allowlist Rule Match Tls Fingerprint Match] - versions
Sequence[Wafpolicy
Allowlist Rule Match Version] - vs_
ports Sequence[WafpolicyAllowlist Rule Match Vs Port]
- bot
Detection List<Property Map>Results - client
Ips List<Property Map> - List<Property Map>
- geo
Matches List<Property Map> - hdrs List<Property Map>
- host
Hdrs List<Property Map> - ip
Reputation List<Property Map>Types - methods List<Property Map>
- paths List<Property Map>
- protocols List<Property Map>
- queries List<Property Map>
- source
Ips List<Property Map> - tls
Fingerprint List<Property Map>Matches - versions List<Property Map>
- vs
Ports List<Property Map>
WafpolicyAllowlistRuleMatchBotDetectionResult, WafpolicyAllowlistRuleMatchBotDetectionResultArgs
WafpolicyAllowlistRuleMatchBotDetectionResultClassification, WafpolicyAllowlistRuleMatchBotDetectionResultClassificationArgs
- Type string
- User
Defined stringType
- Type string
- User
Defined stringType
- type String
- user
Defined StringType
- type string
- user
Defined stringType
- type str
- user_
defined_ strtype
- type String
- user
Defined StringType
WafpolicyAllowlistRuleMatchClientIp, WafpolicyAllowlistRuleMatchClientIpArgs
WafpolicyAllowlistRuleMatchClientIpAddr, WafpolicyAllowlistRuleMatchClientIpAddrArgs
WafpolicyAllowlistRuleMatchClientIpPrefix, WafpolicyAllowlistRuleMatchClientIpPrefixArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyAllowlistRuleMatchClientIpPrefixIpAddr, WafpolicyAllowlistRuleMatchClientIpPrefixIpAddrArgs
WafpolicyAllowlistRuleMatchClientIpRange, WafpolicyAllowlistRuleMatchClientIpRangeArgs
WafpolicyAllowlistRuleMatchClientIpRangeBegin, WafpolicyAllowlistRuleMatchClientIpRangeBeginArgs
WafpolicyAllowlistRuleMatchClientIpRangeEnd, WafpolicyAllowlistRuleMatchClientIpRangeEndArgs
WafpolicyAllowlistRuleMatchCookie, WafpolicyAllowlistRuleMatchCookieArgs
- Match
Criteria string - Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Case string - Value string
- Match
Criteria string - Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Case string - Value string
- match
Criteria String - name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Case String - value String
- match
Criteria string - name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Case string - value string
- match_
criteria str - name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
case str - value str
- match
Criteria String - name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Case String - value String
WafpolicyAllowlistRuleMatchGeoMatch, WafpolicyAllowlistRuleMatchGeoMatchArgs
- Attribute string
- Match
Operation string - Values List<string>
- Attribute string
- Match
Operation string - Values []string
- attribute String
- match
Operation String - values List<String>
- attribute string
- match
Operation string - values string[]
- attribute str
- match_
operation str - values Sequence[str]
- attribute String
- match
Operation String - values List<String>
WafpolicyAllowlistRuleMatchHdr, WafpolicyAllowlistRuleMatchHdrArgs
- Hdr string
- Match
Criteria string - Match
Case string - String
Group List<string>Refs - Values List<string>
- Hdr string
- Match
Criteria string - Match
Case string - String
Group []stringRefs - Values []string
- hdr String
- match
Criteria String - match
Case String - string
Group List<String>Refs - values List<String>
- hdr string
- match
Criteria string - match
Case string - string
Group string[]Refs - values string[]
- hdr str
- match_
criteria str - match_
case str - string_
group_ Sequence[str]refs - values Sequence[str]
- hdr String
- match
Criteria String - match
Case String - string
Group List<String>Refs - values List<String>
WafpolicyAllowlistRuleMatchHostHdr, WafpolicyAllowlistRuleMatchHostHdrArgs
- Match
Criteria string - Match
Case string - Values List<string>
- Match
Criteria string - Match
Case string - Values []string
- match
Criteria String - match
Case String - values List<String>
- match
Criteria string - match
Case string - values string[]
- match_
criteria str - match_
case str - values Sequence[str]
- match
Criteria String - match
Case String - values List<String>
WafpolicyAllowlistRuleMatchIpReputationType, WafpolicyAllowlistRuleMatchIpReputationTypeArgs
- Match
Operation string - Reputation
Types List<string>
- Match
Operation string - Reputation
Types []string
- match
Operation String - reputation
Types List<String>
- match
Operation string - reputation
Types string[]
- match_
operation str - reputation_
types Sequence[str]
- match
Operation String - reputation
Types List<String>
WafpolicyAllowlistRuleMatchMethod, WafpolicyAllowlistRuleMatchMethodArgs
- Match
Criteria string - Methods List<string>
- Match
Criteria string - Methods []string
- match
Criteria String - methods List<String>
- match
Criteria string - methods string[]
- match_
criteria str - methods Sequence[str]
- match
Criteria String - methods List<String>
WafpolicyAllowlistRuleMatchPath, WafpolicyAllowlistRuleMatchPathArgs
- Match
Criteria string - Match
Case string - Match
Decoded stringString - Match
Strs List<string> - String
Group List<string>Refs
- Match
Criteria string - Match
Case string - Match
Decoded stringString - Match
Strs []string - String
Group []stringRefs
- match
Criteria String - match
Case String - match
Decoded StringString - match
Strs List<String> - string
Group List<String>Refs
- match
Criteria string - match
Case string - match
Decoded stringString - match
Strs string[] - string
Group string[]Refs
- match_
criteria str - match_
case str - match_
decoded_ strstring - match_
strs Sequence[str] - string_
group_ Sequence[str]refs
- match
Criteria String - match
Case String - match
Decoded StringString - match
Strs List<String> - string
Group List<String>Refs
WafpolicyAllowlistRuleMatchProtocol, WafpolicyAllowlistRuleMatchProtocolArgs
- Match
Criteria string - Protocols string
- Match
Criteria string - Protocols string
- match
Criteria String - protocols String
- match
Criteria string - protocols string
- match_
criteria str - protocols str
- match
Criteria String - protocols String
WafpolicyAllowlistRuleMatchQuery, WafpolicyAllowlistRuleMatchQueryArgs
- Match
Criteria string - Match
Case string - Match
Decoded stringString - Match
Strs List<string> - String
Group List<string>Refs
- Match
Criteria string - Match
Case string - Match
Decoded stringString - Match
Strs []string - String
Group []stringRefs
- match
Criteria String - match
Case String - match
Decoded StringString - match
Strs List<String> - string
Group List<String>Refs
- match
Criteria string - match
Case string - match
Decoded stringString - match
Strs string[] - string
Group string[]Refs
- match_
criteria str - match_
case str - match_
decoded_ strstring - match_
strs Sequence[str] - string_
group_ Sequence[str]refs
- match
Criteria String - match
Case String - match
Decoded StringString - match
Strs List<String> - string
Group List<String>Refs
WafpolicyAllowlistRuleMatchSourceIp, WafpolicyAllowlistRuleMatchSourceIpArgs
WafpolicyAllowlistRuleMatchSourceIpAddr, WafpolicyAllowlistRuleMatchSourceIpAddrArgs
WafpolicyAllowlistRuleMatchSourceIpPrefix, WafpolicyAllowlistRuleMatchSourceIpPrefixArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyAllowlistRuleMatchSourceIpPrefixIpAddr, WafpolicyAllowlistRuleMatchSourceIpPrefixIpAddrArgs
WafpolicyAllowlistRuleMatchSourceIpRange, WafpolicyAllowlistRuleMatchSourceIpRangeArgs
WafpolicyAllowlistRuleMatchSourceIpRangeBegin, WafpolicyAllowlistRuleMatchSourceIpRangeBeginArgs
WafpolicyAllowlistRuleMatchSourceIpRangeEnd, WafpolicyAllowlistRuleMatchSourceIpRangeEndArgs
WafpolicyAllowlistRuleMatchTlsFingerprintMatch, WafpolicyAllowlistRuleMatchTlsFingerprintMatchArgs
- Match
Operation string - Fingerprints List<string>
- String
Group List<string>Refs
- Match
Operation string - Fingerprints []string
- String
Group []stringRefs
- match
Operation String - fingerprints List<String>
- string
Group List<String>Refs
- match
Operation string - fingerprints string[]
- string
Group string[]Refs
- match_
operation str - fingerprints Sequence[str]
- string_
group_ Sequence[str]refs
- match
Operation String - fingerprints List<String>
- string
Group List<String>Refs
WafpolicyAllowlistRuleMatchVersion, WafpolicyAllowlistRuleMatchVersionArgs
- Match
Criteria string - Versions List<string>
- Match
Criteria string - Versions []string
- match
Criteria String - versions List<String>
- match
Criteria string - versions string[]
- match_
criteria str - versions Sequence[str]
- match
Criteria String - versions List<String>
WafpolicyAllowlistRuleMatchVsPort, WafpolicyAllowlistRuleMatchVsPortArgs
- Match
Criteria string - Ports List<double>
- Match
Criteria string - Ports []float64
- match
Criteria String - ports List<Double>
- match
Criteria string - ports number[]
- match_
criteria str - ports Sequence[float]
- match
Criteria String - ports List<Number>
WafpolicyApplicationSignature, WafpolicyApplicationSignatureArgs
- provider
Ref String - resolved
Rules List<Property Map> - rule
Overrides List<Property Map> - ruleset
Version String - selected
Applications List<String>
WafpolicyApplicationSignatureResolvedRule, WafpolicyApplicationSignatureResolvedRuleArgs
- Index string
- Rule string
- Enable string
- Exclude
Lists List<WafpolicyApplication Signature Resolved Rule Exclude List> - Is
Sensitive string - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Phase string
- Rule
Id string - List<string>
- Index string
- Rule string
- Enable string
- Exclude
Lists []WafpolicyApplication Signature Resolved Rule Exclude List - Is
Sensitive string - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Phase string
- Rule
Id string - []string
- index String
- rule String
- enable String
- exclude
Lists List<WafpolicyApplication Signature Resolved Rule Exclude List> - is
Sensitive String - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase String
- rule
Id String - List<String>
- index string
- rule string
- enable string
- exclude
Lists WafpolicyApplication Signature Resolved Rule Exclude List[] - is
Sensitive string - mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase string
- rule
Id string - string[]
- index str
- rule str
- enable str
- exclude_
lists Sequence[WafpolicyApplication Signature Resolved Rule Exclude List] - is_
sensitive str - mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia_
level str - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase str
- rule_
id str - Sequence[str]
- index String
- rule String
- enable String
- exclude
Lists List<Property Map> - is
Sensitive String - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase String
- rule
Id String - List<String>
WafpolicyApplicationSignatureResolvedRuleExcludeList, WafpolicyApplicationSignatureResolvedRuleExcludeListArgs
- Client
Subnets List<WafpolicyApplication Signature Resolved Rule Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Application Signature Resolved Rule Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Application Signature Resolved Rule Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyApplication Signature Resolved Rule Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Application Signature Resolved Rule Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Application Signature Resolved Rule Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyApplication Signature Resolved Rule Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Application Signature Resolved Rule Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Application Signature Resolved Rule Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyApplication Signature Resolved Rule Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Application Signature Resolved Rule Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Application Signature Resolved Rule Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyApplication Signature Resolved Rule Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Application Signature Resolved Rule Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Application Signature Resolved Rule Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnet, WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetIpAddr, WafpolicyApplicationSignatureResolvedRuleExcludeListClientSubnetIpAddrArgs
WafpolicyApplicationSignatureResolvedRuleExcludeListMatchElementCriteria, WafpolicyApplicationSignatureResolvedRuleExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyApplicationSignatureResolvedRuleExcludeListUriMatchCriteria, WafpolicyApplicationSignatureResolvedRuleExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyApplicationSignatureRuleOverride, WafpolicyApplicationSignatureRuleOverrideArgs
- Rule
Id string - Enable string
- Exclude
Lists List<WafpolicyApplication Signature Rule Override Exclude List> - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Rule
Id string - Enable string
- Exclude
Lists []WafpolicyApplication Signature Rule Override Exclude List - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Id String - enable String
- exclude
Lists List<WafpolicyApplication Signature Rule Override Exclude List> - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Id string - enable string
- exclude
Lists WafpolicyApplication Signature Rule Override Exclude List[] - mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule_
id str - enable str
- exclude_
lists Sequence[WafpolicyApplication Signature Rule Override Exclude List] - mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Id String - enable String
- exclude
Lists List<Property Map> - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
WafpolicyApplicationSignatureRuleOverrideExcludeList, WafpolicyApplicationSignatureRuleOverrideExcludeListArgs
- Client
Subnets List<WafpolicyApplication Signature Rule Override Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Application Signature Rule Override Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Application Signature Rule Override Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyApplication Signature Rule Override Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Application Signature Rule Override Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Application Signature Rule Override Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyApplication Signature Rule Override Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Application Signature Rule Override Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Application Signature Rule Override Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyApplication Signature Rule Override Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Application Signature Rule Override Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Application Signature Rule Override Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyApplication Signature Rule Override Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Application Signature Rule Override Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Application Signature Rule Override Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnet, WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetIpAddr, WafpolicyApplicationSignatureRuleOverrideExcludeListClientSubnetIpAddrArgs
WafpolicyApplicationSignatureRuleOverrideExcludeListMatchElementCriteria, WafpolicyApplicationSignatureRuleOverrideExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyApplicationSignatureRuleOverrideExcludeListUriMatchCriteria, WafpolicyApplicationSignatureRuleOverrideExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyConfidenceOverride, WafpolicyConfidenceOverrideArgs
- Confid
High stringValue - Confid
Low stringValue - Confid
Probable stringValue - Confid
Very stringHigh Value
- Confid
High stringValue - Confid
Low stringValue - Confid
Probable stringValue - Confid
Very stringHigh Value
- confid
High StringValue - confid
Low StringValue - confid
Probable StringValue - confid
Very StringHigh Value
- confid
High stringValue - confid
Low stringValue - confid
Probable stringValue - confid
Very stringHigh Value
- confid
High StringValue - confid
Low StringValue - confid
Probable StringValue - confid
Very StringHigh Value
WafpolicyConfigpbAttribute, WafpolicyConfigpbAttributeArgs
- Version string
- Version string
- version String
- version string
- version str
- version String
WafpolicyCrsOverride, WafpolicyCrsOverrideArgs
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Exclude
Lists List<WafpolicyCrs Override Exclude List> - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Rule
Overrides List<WafpolicyCrs Override Rule Override>
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Exclude
Lists []WafpolicyCrs Override Exclude List - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Rule
Overrides []WafpolicyCrs Override Rule Override
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- exclude
Lists List<WafpolicyCrs Override Exclude List> - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Overrides List<WafpolicyCrs Override Rule Override>
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable string
- exclude
Lists WafpolicyCrs Override Exclude List[] - mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Overrides WafpolicyCrs Override Rule Override[]
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable str
- exclude_
lists Sequence[WafpolicyCrs Override Exclude List] - mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule_
overrides Sequence[WafpolicyCrs Override Rule Override]
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- exclude
Lists List<Property Map> - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Overrides List<Property Map>
WafpolicyCrsOverrideExcludeList, WafpolicyCrsOverrideExcludeListArgs
- Client
Subnets List<WafpolicyCrs Override Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Crs Override Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Crs Override Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyCrs Override Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Crs Override Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Crs Override Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyCrs Override Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Crs Override Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Crs Override Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyCrs Override Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Crs Override Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Crs Override Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyCrs Override Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Crs Override Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Crs Override Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyCrsOverrideExcludeListClientSubnet, WafpolicyCrsOverrideExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyCrsOverrideExcludeListClientSubnetIpAddr, WafpolicyCrsOverrideExcludeListClientSubnetIpAddrArgs
WafpolicyCrsOverrideExcludeListMatchElementCriteria, WafpolicyCrsOverrideExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyCrsOverrideExcludeListUriMatchCriteria, WafpolicyCrsOverrideExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyCrsOverrideRuleOverride, WafpolicyCrsOverrideRuleOverrideArgs
- Rule
Id string - Enable string
- Exclude
Lists List<WafpolicyCrs Override Rule Override Exclude List> - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Rule
Id string - Enable string
- Exclude
Lists []WafpolicyCrs Override Rule Override Exclude List - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Id String - enable String
- exclude
Lists List<WafpolicyCrs Override Rule Override Exclude List> - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Id string - enable string
- exclude
Lists WafpolicyCrs Override Rule Override Exclude List[] - mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule_
id str - enable str
- exclude_
lists Sequence[WafpolicyCrs Override Rule Override Exclude List] - mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- rule
Id String - enable String
- exclude
Lists List<Property Map> - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
WafpolicyCrsOverrideRuleOverrideExcludeList, WafpolicyCrsOverrideRuleOverrideExcludeListArgs
- Client
Subnets List<WafpolicyCrs Override Rule Override Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Crs Override Rule Override Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Crs Override Rule Override Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyCrs Override Rule Override Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Crs Override Rule Override Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Crs Override Rule Override Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyCrs Override Rule Override Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Crs Override Rule Override Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Crs Override Rule Override Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyCrs Override Rule Override Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Crs Override Rule Override Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Crs Override Rule Override Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyCrs Override Rule Override Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Crs Override Rule Override Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Crs Override Rule Override Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnet, WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetIpAddr, WafpolicyCrsOverrideRuleOverrideExcludeListClientSubnetIpAddrArgs
WafpolicyCrsOverrideRuleOverrideExcludeListMatchElementCriteria, WafpolicyCrsOverrideRuleOverrideExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyCrsOverrideRuleOverrideExcludeListUriMatchCriteria, WafpolicyCrsOverrideRuleOverrideExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyLearningParam, WafpolicyLearningParamArgs
- Enable
Learn stringFrom Bots - Enable
Per stringUri Learning - Learn
From stringAuthenticated Clients Only - Learn
From List<WafpolicyBots Learning Param Learn From Bot> - Max
Params string - Max
Uris string - Min
Hits stringTo Learn - Sampling
Percent string - Trusted
Ipgroup stringRef - Update
Interval string
- Enable
Learn stringFrom Bots - Enable
Per stringUri Learning - Learn
From stringAuthenticated Clients Only - Learn
From []WafpolicyBots Learning Param Learn From Bot - Max
Params string - Max
Uris string - Min
Hits stringTo Learn - Sampling
Percent string - Trusted
Ipgroup stringRef - Update
Interval string
- enable
Learn StringFrom Bots - enable
Per StringUri Learning - learn
From StringAuthenticated Clients Only - learn
From List<WafpolicyBots Learning Param Learn From Bot> - max
Params String - max
Uris String - min
Hits StringTo Learn - sampling
Percent String - trusted
Ipgroup StringRef - update
Interval String
- enable
Learn stringFrom Bots - enable
Per stringUri Learning - learn
From stringAuthenticated Clients Only - learn
From WafpolicyBots Learning Param Learn From Bot[] - max
Params string - max
Uris string - min
Hits stringTo Learn - sampling
Percent string - trusted
Ipgroup stringRef - update
Interval string
- enable
Learn StringFrom Bots - enable
Per StringUri Learning - learn
From StringAuthenticated Clients Only - learn
From List<Property Map>Bots - max
Params String - max
Uris String - min
Hits StringTo Learn - sampling
Percent String - trusted
Ipgroup StringRef - update
Interval String
WafpolicyLearningParamLearnFromBot, WafpolicyLearningParamLearnFromBotArgs
WafpolicyLearningParamLearnFromBotClassification, WafpolicyLearningParamLearnFromBotClassificationArgs
- Type string
- User
Defined stringType
- Type string
- User
Defined stringType
- type String
- user
Defined StringType
- type string
- user
Defined stringType
- type str
- user_
defined_ strtype
- type String
- user
Defined StringType
WafpolicyMarker, WafpolicyMarkerArgs
WafpolicyPositiveSecurityModel, WafpolicyPositiveSecurityModelArgs
- Group
Refs List<string>
- Group
Refs []string
- group
Refs List<String>
- group
Refs string[]
- group_
refs Sequence[str]
- group
Refs List<String>
WafpolicyPostCrsGroup, WafpolicyPostCrsGroupArgs
- Index string
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Exclude
Lists List<WafpolicyPost Crs Group Exclude List> - Rules
List<Wafpolicy
Post Crs Group Rule>
- Index string
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Exclude
Lists []WafpolicyPost Crs Group Exclude List - Rules
[]Wafpolicy
Post Crs Group Rule
- index String
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- exclude
Lists List<WafpolicyPost Crs Group Exclude List> - rules
List<Wafpolicy
Post Crs Group Rule>
- index string
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable string
- exclude
Lists WafpolicyPost Crs Group Exclude List[] - rules
Wafpolicy
Post Crs Group Rule[]
- index str
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable str
- exclude_
lists Sequence[WafpolicyPost Crs Group Exclude List] - rules
Sequence[Wafpolicy
Post Crs Group Rule]
- index String
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- exclude
Lists List<Property Map> - rules List<Property Map>
WafpolicyPostCrsGroupExcludeList, WafpolicyPostCrsGroupExcludeListArgs
- Client
Subnets List<WafpolicyPost Crs Group Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Post Crs Group Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Post Crs Group Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyPost Crs Group Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Post Crs Group Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Post Crs Group Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyPost Crs Group Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Post Crs Group Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Post Crs Group Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyPost Crs Group Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Post Crs Group Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Post Crs Group Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyPost Crs Group Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Post Crs Group Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Post Crs Group Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyPostCrsGroupExcludeListClientSubnet, WafpolicyPostCrsGroupExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyPostCrsGroupExcludeListClientSubnetIpAddr, WafpolicyPostCrsGroupExcludeListClientSubnetIpAddrArgs
WafpolicyPostCrsGroupExcludeListMatchElementCriteria, WafpolicyPostCrsGroupExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyPostCrsGroupExcludeListUriMatchCriteria, WafpolicyPostCrsGroupExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyPostCrsGroupRule, WafpolicyPostCrsGroupRuleArgs
- Index string
- Rule string
- Enable string
- Exclude
Lists List<WafpolicyPost Crs Group Rule Exclude List> - Is
Sensitive string - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Phase string
- Rule
Id string - List<string>
- Index string
- Rule string
- Enable string
- Exclude
Lists []WafpolicyPost Crs Group Rule Exclude List - Is
Sensitive string - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Phase string
- Rule
Id string - []string
- index String
- rule String
- enable String
- exclude
Lists List<WafpolicyPost Crs Group Rule Exclude List> - is
Sensitive String - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase String
- rule
Id String - List<String>
- index string
- rule string
- enable string
- exclude
Lists WafpolicyPost Crs Group Rule Exclude List[] - is
Sensitive string - mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase string
- rule
Id string - string[]
- index str
- rule str
- enable str
- exclude_
lists Sequence[WafpolicyPost Crs Group Rule Exclude List] - is_
sensitive str - mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia_
level str - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase str
- rule_
id str - Sequence[str]
- index String
- rule String
- enable String
- exclude
Lists List<Property Map> - is
Sensitive String - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase String
- rule
Id String - List<String>
WafpolicyPostCrsGroupRuleExcludeList, WafpolicyPostCrsGroupRuleExcludeListArgs
- Client
Subnets List<WafpolicyPost Crs Group Rule Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Post Crs Group Rule Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Post Crs Group Rule Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyPost Crs Group Rule Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Post Crs Group Rule Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Post Crs Group Rule Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyPost Crs Group Rule Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Post Crs Group Rule Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Post Crs Group Rule Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyPost Crs Group Rule Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Post Crs Group Rule Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Post Crs Group Rule Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyPost Crs Group Rule Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Post Crs Group Rule Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Post Crs Group Rule Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyPostCrsGroupRuleExcludeListClientSubnet, WafpolicyPostCrsGroupRuleExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyPostCrsGroupRuleExcludeListClientSubnetIpAddr, WafpolicyPostCrsGroupRuleExcludeListClientSubnetIpAddrArgs
WafpolicyPostCrsGroupRuleExcludeListMatchElementCriteria, WafpolicyPostCrsGroupRuleExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyPostCrsGroupRuleExcludeListUriMatchCriteria, WafpolicyPostCrsGroupRuleExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyPreCrsGroup, WafpolicyPreCrsGroupArgs
- Index string
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Exclude
Lists List<WafpolicyPre Crs Group Exclude List> - Rules
List<Wafpolicy
Pre Crs Group Rule>
- Index string
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Enable string
- Exclude
Lists []WafpolicyPre Crs Group Exclude List - Rules
[]Wafpolicy
Pre Crs Group Rule
- index String
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- exclude
Lists List<WafpolicyPre Crs Group Exclude List> - rules
List<Wafpolicy
Pre Crs Group Rule>
- index string
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable string
- exclude
Lists WafpolicyPre Crs Group Exclude List[] - rules
Wafpolicy
Pre Crs Group Rule[]
- index str
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable str
- exclude_
lists Sequence[WafpolicyPre Crs Group Exclude List] - rules
Sequence[Wafpolicy
Pre Crs Group Rule]
- index String
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- enable String
- exclude
Lists List<Property Map> - rules List<Property Map>
WafpolicyPreCrsGroupExcludeList, WafpolicyPreCrsGroupExcludeListArgs
- Client
Subnets List<WafpolicyPre Crs Group Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Pre Crs Group Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Pre Crs Group Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyPre Crs Group Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Pre Crs Group Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Pre Crs Group Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyPre Crs Group Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Pre Crs Group Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Pre Crs Group Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyPre Crs Group Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Pre Crs Group Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Pre Crs Group Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyPre Crs Group Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Pre Crs Group Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Pre Crs Group Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyPreCrsGroupExcludeListClientSubnet, WafpolicyPreCrsGroupExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyPreCrsGroupExcludeListClientSubnetIpAddr, WafpolicyPreCrsGroupExcludeListClientSubnetIpAddrArgs
WafpolicyPreCrsGroupExcludeListMatchElementCriteria, WafpolicyPreCrsGroupExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyPreCrsGroupExcludeListUriMatchCriteria, WafpolicyPreCrsGroupExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyPreCrsGroupRule, WafpolicyPreCrsGroupRuleArgs
- Index string
- Rule string
- Enable string
- Exclude
Lists List<WafpolicyPre Crs Group Rule Exclude List> - Is
Sensitive string - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Phase string
- Rule
Id string - List<string>
- Index string
- Rule string
- Enable string
- Exclude
Lists []WafpolicyPre Crs Group Rule Exclude List - Is
Sensitive string - Mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Phase string
- Rule
Id string - []string
- index String
- rule String
- enable String
- exclude
Lists List<WafpolicyPre Crs Group Rule Exclude List> - is
Sensitive String - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase String
- rule
Id String - List<String>
- index string
- rule string
- enable string
- exclude
Lists WafpolicyPre Crs Group Rule Exclude List[] - is
Sensitive string - mode string
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level string - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase string
- rule
Id string - string[]
- index str
- rule str
- enable str
- exclude_
lists Sequence[WafpolicyPre Crs Group Rule Exclude List] - is_
sensitive str - mode str
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia_
level str - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase str
- rule_
id str - Sequence[str]
- index String
- rule String
- enable String
- exclude
Lists List<Property Map> - is
Sensitive String - mode String
- Waf policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- name String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- paranoia
Level String - Waf ruleset paranoia mode. This is used to select rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- phase String
- rule
Id String - List<String>
WafpolicyPreCrsGroupRuleExcludeList, WafpolicyPreCrsGroupRuleExcludeListArgs
- Client
Subnets List<WafpolicyPre Crs Group Rule Exclude List Client Subnet> - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element List<WafpolicyCriterias Pre Crs Group Rule Exclude List Match Element Criteria> - Uri
Match List<WafpolicyCriterias Pre Crs Group Rule Exclude List Uri Match Criteria> - Uri
Path string
- Client
Subnets []WafpolicyPre Crs Group Rule Exclude List Client Subnet - Description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- Match
Element string - Match
Element []WafpolicyCriterias Pre Crs Group Rule Exclude List Match Element Criteria - Uri
Match []WafpolicyCriterias Pre Crs Group Rule Exclude List Uri Match Criteria - Uri
Path string
- client
Subnets List<WafpolicyPre Crs Group Rule Exclude List Client Subnet> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<WafpolicyCriterias Pre Crs Group Rule Exclude List Match Element Criteria> - uri
Match List<WafpolicyCriterias Pre Crs Group Rule Exclude List Uri Match Criteria> - uri
Path String
- client
Subnets WafpolicyPre Crs Group Rule Exclude List Client Subnet[] - description string
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element string - match
Element WafpolicyCriterias Pre Crs Group Rule Exclude List Match Element Criteria[] - uri
Match WafpolicyCriterias Pre Crs Group Rule Exclude List Uri Match Criteria[] - uri
Path string
- client_
subnets Sequence[WafpolicyPre Crs Group Rule Exclude List Client Subnet] - description str
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match_
element str - match_
element_ Sequence[Wafpolicycriterias Pre Crs Group Rule Exclude List Match Element Criteria] - uri_
match_ Sequence[Wafpolicycriterias Pre Crs Group Rule Exclude List Uri Match Criteria] - uri_
path str
- client
Subnets List<Property Map> - description String
- Field introduced in 17.2.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
- match
Element String - match
Element List<Property Map>Criterias - uri
Match List<Property Map>Criterias - uri
Path String
WafpolicyPreCrsGroupRuleExcludeListClientSubnet, WafpolicyPreCrsGroupRuleExcludeListClientSubnetArgs
- ip
Addrs List<Property Map> - mask String
WafpolicyPreCrsGroupRuleExcludeListClientSubnetIpAddr, WafpolicyPreCrsGroupRuleExcludeListClientSubnetIpAddrArgs
WafpolicyPreCrsGroupRuleExcludeListMatchElementCriteria, WafpolicyPreCrsGroupRuleExcludeListMatchElementCriteriaArgs
- match_
case str - match_
op str
WafpolicyPreCrsGroupRuleExcludeListUriMatchCriteria, WafpolicyPreCrsGroupRuleExcludeListUriMatchCriteriaArgs
- match_
case str - match_
op str
WafpolicyRequiredDataFile, WafpolicyRequiredDataFileArgs
Package Details
- Repository
- avi vmware/terraform-provider-avi
- License
- Notes
- This Pulumi package is based on the
aviTerraform Provider.