Cloudflare v6.10.1, Oct 22 25

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

cloudflare.TeamsRule

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

Example Usage

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

resources:
  exampleZeroTrustGatewayPolicy:
    type: cloudflare:ZeroTrustGatewayPolicy
    name: example_zero_trust_gateway_policy
    properties:
      accountId: 699d98642c564d2e855e9661899b7252
      action: allow
      name: block bad websites
      description: Block bad websites based on their host name.
      devicePosture: any(device_posture.checks.passed[*] in {"1308749e-fcfb-4ebc-b051-fe022b632644"})
      enabled: true
      expiration:
        expires_at: 2014-01-01T05:20:20Z
        duration: 10
      filters:
        - http
      identity: any(identity.groups.name[*] in {"finance"})
      precedence: 0
      ruleSettings:
        add_headers:
          my-Next-Header:
            - foo
            - bar
          x-Custom-Header-Name:
            - somecustomvalue
        allow_child_bypass: false
        audit_ssh:
          commandLogging: false
        biso_admin_controls:
          copy: remote_only
          dcp: true
          dd: true
          dk: true
          download: enabled
          dp: false
          du: true
          keyboard: enabled
          paste: enabled
          printing: enabled
          upload: enabled
          version: v1
        block_page:
          targetUri: https://example.com
          includeContext: true
        block_page_enabled: true
        block_reason: This website is a security risk
        bypass_parent_rule: false
        check_session:
          duration: 300s
          enforce: true
        dns_resolvers:
          ipv4:
            - ip: 2.2.2.2
              port: 5053
              routeThroughPrivateNetwork: true
              vnetId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415
          ipv6:
            - ip: '2001:DB8::'
              port: 5053
              routeThroughPrivateNetwork: true
              vnetId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415
        egress:
          ipv4: 192.0.2.2
          ipv4Fallback: 192.0.2.3
          ipv6: 2001:DB8::/64
        ignore_cname_category_matches: true
        insecure_disable_dnssec_validation: false
        ip_categories: true
        ip_indicator_feeds: true
        l4override:
          ip: 1.1.1.1
          port: 0
        notification_settings:
          enabled: true
          includeContext: true
          msg: msg
          supportUrl: support_url
        override_host: example.com
        override_ips:
          - 1.1.1.1
          - 2.2.2.2
        payload_log:
          enabled: true
        quarantine:
          fileTypes:
            - exe
        redirect:
          targetUri: https://example.com
          includeContext: true
          preservePathAndQuery: true
        resolve_dns_internally:
          fallback: none
          viewId: view_id
        resolve_dns_through_cloudflare: true
        untrusted_cert:
          action: error
      schedule:
        fri: 08:00-12:30,13:30-17:00
        mon: 08:00-12:30,13:30-17:00
        sat: 08:00-12:30,13:30-17:00
        sun: 08:00-12:30,13:30-17:00
        thu: 08:00-12:30,13:30-17:00
        time_zone: America/New York
        tue: 08:00-12:30,13:30-17:00
        wed: 08:00-12:30,13:30-17:00
      traffic: http.request.uri matches ".*a/partial/uri.*" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10

Create TeamsRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new TeamsRule(name: string, args: TeamsRuleArgs, opts?: CustomResourceOptions);

@overload
def TeamsRule(resource_name: str,
              args: TeamsRuleArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def TeamsRule(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              account_id: Optional[str] = None,
              action: Optional[str] = None,
              description: Optional[str] = None,
              device_posture: Optional[str] = None,
              enabled: Optional[bool] = None,
              expiration: Optional[TeamsRuleExpirationArgs] = None,
              filters: Optional[Sequence[str]] = None,
              identity: Optional[str] = None,
              name: Optional[str] = None,
              precedence: Optional[int] = None,
              rule_settings: Optional[TeamsRuleRuleSettingsArgs] = None,
              schedule: Optional[TeamsRuleScheduleArgs] = None,
              traffic: Optional[str] = None)

func NewTeamsRule(ctx *Context, name string, args TeamsRuleArgs, opts ...ResourceOption) (*TeamsRule, error)

public TeamsRule(string name, TeamsRuleArgs args, CustomResourceOptions? opts = null)

public TeamsRule(String name, TeamsRuleArgs args)
public TeamsRule(String name, TeamsRuleArgs args, CustomResourceOptions options)

type: cloudflare:TeamsRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args TeamsRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args TeamsRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args TeamsRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args TeamsRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args TeamsRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

TeamsRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The TeamsRule resource accepts the following input properties:

AccountId string
Action string: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
Name string: Specify the rule name.
Description string: Specify the rule description.
DevicePosture string
Enabled bool: Specify whether the rule is enabled.
Expiration TeamsRuleExpiration: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
Filters List<string>: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
Identity string
Precedence int
RuleSettings TeamsRuleRuleSettings
Schedule TeamsRuleSchedule: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
Traffic string

AccountId string
Action string: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
Name string: Specify the rule name.
Description string: Specify the rule description.
DevicePosture string
Enabled bool: Specify whether the rule is enabled.
Expiration TeamsRuleExpirationArgs: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
Filters []string: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
Identity string
Precedence int
RuleSettings TeamsRuleRuleSettingsArgs
Schedule TeamsRuleScheduleArgs: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
Traffic string

accountId String
action String: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
name String: Specify the rule name.
description String: Specify the rule description.
devicePosture String
enabled Boolean: Specify whether the rule is enabled.
expiration TeamsRuleExpiration: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters List<String>: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity String
precedence Integer
ruleSettings TeamsRuleRuleSettings
schedule TeamsRuleSchedule: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
traffic String

accountId string
action string: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
name string: Specify the rule name.
description string: Specify the rule description.
devicePosture string
enabled boolean: Specify whether the rule is enabled.
expiration TeamsRuleExpiration: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters string[]: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity string
precedence number
ruleSettings TeamsRuleRuleSettings
schedule TeamsRuleSchedule: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
traffic string

account_id str
action str: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
name str: Specify the rule name.
description str: Specify the rule description.
device_posture str
enabled bool: Specify whether the rule is enabled.
expiration TeamsRuleExpirationArgs: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters Sequence[str]: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity str
precedence int
rule_settings TeamsRuleRuleSettingsArgs
schedule TeamsRuleScheduleArgs: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
traffic str

accountId String
action String: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
name String: Specify the rule name.
description String: Specify the rule description.
devicePosture String
enabled Boolean: Specify whether the rule is enabled.
expiration Property Map: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters List<String>: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity String
precedence Number
ruleSettings Property Map
schedule Property Map: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
traffic String

Outputs

All input properties are implicitly available as output properties. Additionally, the TeamsRule resource produces the following output properties:

CreatedAt string
DeletedAt string: Indicate the date of deletion, if any.
Id string: The provider-assigned unique ID for this managed resource.
ReadOnly bool: Indicate that this rule is shared via the Orgs API and read only.
Sharable bool: Indicate that this rule is sharable via the Orgs API.
SourceAccount string: Provide the account tag of the account that created the rule.
UpdatedAt string
Version int: Indicate the version number of the rule(read-only).
WarningStatus string: Indicate a warning for a misconfigured rule, if any.

CreatedAt string
DeletedAt string: Indicate the date of deletion, if any.
Id string: The provider-assigned unique ID for this managed resource.
ReadOnly bool: Indicate that this rule is shared via the Orgs API and read only.
Sharable bool: Indicate that this rule is sharable via the Orgs API.
SourceAccount string: Provide the account tag of the account that created the rule.
UpdatedAt string
Version int: Indicate the version number of the rule(read-only).
WarningStatus string: Indicate a warning for a misconfigured rule, if any.

createdAt String
deletedAt String: Indicate the date of deletion, if any.
id String: The provider-assigned unique ID for this managed resource.
readOnly Boolean: Indicate that this rule is shared via the Orgs API and read only.
sharable Boolean: Indicate that this rule is sharable via the Orgs API.
sourceAccount String: Provide the account tag of the account that created the rule.
updatedAt String
version Integer: Indicate the version number of the rule(read-only).
warningStatus String: Indicate a warning for a misconfigured rule, if any.

createdAt string
deletedAt string: Indicate the date of deletion, if any.
id string: The provider-assigned unique ID for this managed resource.
readOnly boolean: Indicate that this rule is shared via the Orgs API and read only.
sharable boolean: Indicate that this rule is sharable via the Orgs API.
sourceAccount string: Provide the account tag of the account that created the rule.
updatedAt string
version number: Indicate the version number of the rule(read-only).
warningStatus string: Indicate a warning for a misconfigured rule, if any.

created_at str
deleted_at str: Indicate the date of deletion, if any.
id str: The provider-assigned unique ID for this managed resource.
read_only bool: Indicate that this rule is shared via the Orgs API and read only.
sharable bool: Indicate that this rule is sharable via the Orgs API.
source_account str: Provide the account tag of the account that created the rule.
updated_at str
version int: Indicate the version number of the rule(read-only).
warning_status str: Indicate a warning for a misconfigured rule, if any.

createdAt String
deletedAt String: Indicate the date of deletion, if any.
id String: The provider-assigned unique ID for this managed resource.
readOnly Boolean: Indicate that this rule is shared via the Orgs API and read only.
sharable Boolean: Indicate that this rule is sharable via the Orgs API.
sourceAccount String: Provide the account tag of the account that created the rule.
updatedAt String
version Number: Indicate the version number of the rule(read-only).
warningStatus String: Indicate a warning for a misconfigured rule, if any.

Look up Existing TeamsRule Resource

Get an existing TeamsRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: TeamsRuleState, opts?: CustomResourceOptions): TeamsRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        action: Optional[str] = None,
        created_at: Optional[str] = None,
        deleted_at: Optional[str] = None,
        description: Optional[str] = None,
        device_posture: Optional[str] = None,
        enabled: Optional[bool] = None,
        expiration: Optional[TeamsRuleExpirationArgs] = None,
        filters: Optional[Sequence[str]] = None,
        identity: Optional[str] = None,
        name: Optional[str] = None,
        precedence: Optional[int] = None,
        read_only: Optional[bool] = None,
        rule_settings: Optional[TeamsRuleRuleSettingsArgs] = None,
        schedule: Optional[TeamsRuleScheduleArgs] = None,
        sharable: Optional[bool] = None,
        source_account: Optional[str] = None,
        traffic: Optional[str] = None,
        updated_at: Optional[str] = None,
        version: Optional[int] = None,
        warning_status: Optional[str] = None) -> TeamsRule

func GetTeamsRule(ctx *Context, name string, id IDInput, state *TeamsRuleState, opts ...ResourceOption) (*TeamsRule, error)

public static TeamsRule Get(string name, Input<string> id, TeamsRuleState? state, CustomResourceOptions? opts = null)

public static TeamsRule get(String name, Output<String> id, TeamsRuleState state, CustomResourceOptions options)

resources:  _:    type: cloudflare:TeamsRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string
Action string: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
CreatedAt string
DeletedAt string: Indicate the date of deletion, if any.
Description string: Specify the rule description.
DevicePosture string
Enabled bool: Specify whether the rule is enabled.
Expiration TeamsRuleExpiration: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
Filters List<string>: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
Identity string
Name string: Specify the rule name.
Precedence int
ReadOnly bool: Indicate that this rule is shared via the Orgs API and read only.
RuleSettings TeamsRuleRuleSettings
Schedule TeamsRuleSchedule: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
Sharable bool: Indicate that this rule is sharable via the Orgs API.
SourceAccount string: Provide the account tag of the account that created the rule.
Traffic string
UpdatedAt string
Version int: Indicate the version number of the rule(read-only).
WarningStatus string: Indicate a warning for a misconfigured rule, if any.

AccountId string
Action string: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
CreatedAt string
DeletedAt string: Indicate the date of deletion, if any.
Description string: Specify the rule description.
DevicePosture string
Enabled bool: Specify whether the rule is enabled.
Expiration TeamsRuleExpirationArgs: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
Filters []string: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
Identity string
Name string: Specify the rule name.
Precedence int
ReadOnly bool: Indicate that this rule is shared via the Orgs API and read only.
RuleSettings TeamsRuleRuleSettingsArgs
Schedule TeamsRuleScheduleArgs: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
Sharable bool: Indicate that this rule is sharable via the Orgs API.
SourceAccount string: Provide the account tag of the account that created the rule.
Traffic string
UpdatedAt string
Version int: Indicate the version number of the rule(read-only).
WarningStatus string: Indicate a warning for a misconfigured rule, if any.

accountId String
action String: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt String
deletedAt String: Indicate the date of deletion, if any.
description String: Specify the rule description.
devicePosture String
enabled Boolean: Specify whether the rule is enabled.
expiration TeamsRuleExpiration: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters List<String>: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity String
name String: Specify the rule name.
precedence Integer
readOnly Boolean: Indicate that this rule is shared via the Orgs API and read only.
ruleSettings TeamsRuleRuleSettings
schedule TeamsRuleSchedule: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
sharable Boolean: Indicate that this rule is sharable via the Orgs API.
sourceAccount String: Provide the account tag of the account that created the rule.
traffic String
updatedAt String
version Integer: Indicate the version number of the rule(read-only).
warningStatus String: Indicate a warning for a misconfigured rule, if any.

accountId string
action string: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt string
deletedAt string: Indicate the date of deletion, if any.
description string: Specify the rule description.
devicePosture string
enabled boolean: Specify whether the rule is enabled.
expiration TeamsRuleExpiration: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters string[]: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity string
name string: Specify the rule name.
precedence number
readOnly boolean: Indicate that this rule is shared via the Orgs API and read only.
ruleSettings TeamsRuleRuleSettings
schedule TeamsRuleSchedule: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
sharable boolean: Indicate that this rule is sharable via the Orgs API.
sourceAccount string: Provide the account tag of the account that created the rule.
traffic string
updatedAt string
version number: Indicate the version number of the rule(read-only).
warningStatus string: Indicate a warning for a misconfigured rule, if any.

account_id str
action str: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
created_at str
deleted_at str: Indicate the date of deletion, if any.
description str: Specify the rule description.
device_posture str
enabled bool: Specify whether the rule is enabled.
expiration TeamsRuleExpirationArgs: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters Sequence[str]: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity str
name str: Specify the rule name.
precedence int
read_only bool: Indicate that this rule is shared via the Orgs API and read only.
rule_settings TeamsRuleRuleSettingsArgs
schedule TeamsRuleScheduleArgs: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
sharable bool: Indicate that this rule is sharable via the Orgs API.
source_account str: Provide the account tag of the account that created the rule.
traffic str
updated_at str
version int: Indicate the version number of the rule(read-only).
warning_status str: Indicate a warning for a misconfigured rule, if any.

accountId String
action String: Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt String
deletedAt String: Indicate the date of deletion, if any.
description String: Specify the rule description.
devicePosture String
enabled Boolean: Specify whether the rule is enabled.
expiration Property Map: Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.
filters List<String>: Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions.
identity String
name String: Specify the rule name.
precedence Number
readOnly Boolean: Indicate that this rule is shared via the Orgs API and read only.
ruleSettings Property Map
schedule Property Map: Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
sharable Boolean: Indicate that this rule is sharable via the Orgs API.
sourceAccount String: Provide the account tag of the account that created the rule.
traffic String
updatedAt String
version Number: Indicate the version number of the rule(read-only).
warningStatus String: Indicate a warning for a misconfigured rule, if any.

Supporting Types

TeamsRuleExpiration, TeamsRuleExpirationArgs

ExpiresAt string: Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.
Duration int: Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.
Expired bool: Indicates whether the policy is expired.

ExpiresAt string: Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.
Duration int: Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.
Expired bool: Indicates whether the policy is expired.

expiresAt String: Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.
duration Integer: Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.
expired Boolean: Indicates whether the policy is expired.

expiresAt string: Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.
duration number: Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.
expired boolean: Indicates whether the policy is expired.

expires_at str: Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.
duration int: Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.
expired bool: Indicates whether the policy is expired.

expiresAt String: Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.
duration Number: Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.
expired Boolean: Indicates whether the policy is expired.

TeamsRuleRuleSettings, TeamsRuleRuleSettingsArgs

AddHeaders Dictionary<string, ImmutableArray<string>>: Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.
AllowChildBypass bool: Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.
AuditSsh TeamsRuleRuleSettingsAuditSsh: Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.
BisoAdminControls TeamsRuleRuleSettingsBisoAdminControls: Configure browser isolation behavior. Settable only for http rules with the action set to isolate.
BlockPage TeamsRuleRuleSettingsBlockPage: Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.
BlockPageEnabled bool: Enable the custom block page. Settable only for dns rules with action block.
BlockReason string: Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.
BypassParentRule bool: Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.
CheckSession TeamsRuleRuleSettingsCheckSession: Configure session check behavior. Settable only for l4 and http rules with the action set to allow.
DnsResolvers TeamsRuleRuleSettingsDnsResolvers: Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolvednsthroughcloudflare' or 'resolvedns*internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
Egress TeamsRuleRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.
IgnoreCnameCategoryMatches bool: Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.
InsecureDisableDnssecValidation bool: Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.
IpCategories bool: Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.
IpIndicatorFeeds bool: Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.
L4override TeamsRuleRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.
NotificationSettings TeamsRuleRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.
OverrideHost string: Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.
OverrideIps List<string>: Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.
PayloadLog TeamsRuleRuleSettingsPayloadLog: Configure DLP payload logging. Settable only for http rules.
Quarantine TeamsRuleRuleSettingsQuarantine: Configure settings that apply to quarantine rules. Settable only for http rules.
Redirect TeamsRuleRuleSettingsRedirect: Apply settings to redirect rules. Settable only for http rules with the action set to redirect.
ResolveDnsInternally TeamsRuleRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Not used when 'dnsresolvers' is specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
ResolveDnsThroughCloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dnsresolvers' specified or 'resolvedns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
UntrustedCert TeamsRuleRuleSettingsUntrustedCert: Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

AddHeaders map[string][]string: Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.
AllowChildBypass bool: Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.
AuditSsh TeamsRuleRuleSettingsAuditSsh: Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.
BisoAdminControls TeamsRuleRuleSettingsBisoAdminControls: Configure browser isolation behavior. Settable only for http rules with the action set to isolate.
BlockPage TeamsRuleRuleSettingsBlockPage: Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.
BlockPageEnabled bool: Enable the custom block page. Settable only for dns rules with action block.
BlockReason string: Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.
BypassParentRule bool: Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.
CheckSession TeamsRuleRuleSettingsCheckSession: Configure session check behavior. Settable only for l4 and http rules with the action set to allow.
DnsResolvers TeamsRuleRuleSettingsDnsResolvers: Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolvednsthroughcloudflare' or 'resolvedns*internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
Egress TeamsRuleRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.
IgnoreCnameCategoryMatches bool: Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.
InsecureDisableDnssecValidation bool: Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.
IpCategories bool: Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.
IpIndicatorFeeds bool: Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.
L4override TeamsRuleRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.
NotificationSettings TeamsRuleRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.
OverrideHost string: Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.
OverrideIps []string: Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.
PayloadLog TeamsRuleRuleSettingsPayloadLog: Configure DLP payload logging. Settable only for http rules.
Quarantine TeamsRuleRuleSettingsQuarantine: Configure settings that apply to quarantine rules. Settable only for http rules.
Redirect TeamsRuleRuleSettingsRedirect: Apply settings to redirect rules. Settable only for http rules with the action set to redirect.
ResolveDnsInternally TeamsRuleRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Not used when 'dnsresolvers' is specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
ResolveDnsThroughCloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dnsresolvers' specified or 'resolvedns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
UntrustedCert TeamsRuleRuleSettingsUntrustedCert: Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

addHeaders Map<String,List<String>>: Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.
allowChildBypass Boolean: Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.
auditSsh TeamsRuleRuleSettingsAuditSsh: Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.
bisoAdminControls TeamsRuleRuleSettingsBisoAdminControls: Configure browser isolation behavior. Settable only for http rules with the action set to isolate.
blockPage TeamsRuleRuleSettingsBlockPage: Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.
blockPageEnabled Boolean: Enable the custom block page. Settable only for dns rules with action block.
blockReason String: Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.
bypassParentRule Boolean: Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.
checkSession TeamsRuleRuleSettingsCheckSession: Configure session check behavior. Settable only for l4 and http rules with the action set to allow.
dnsResolvers TeamsRuleRuleSettingsDnsResolvers: Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolvednsthroughcloudflare' or 'resolvedns*internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
egress TeamsRuleRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.
ignoreCnameCategoryMatches Boolean: Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.
insecureDisableDnssecValidation Boolean: Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.
ipCategories Boolean: Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.
ipIndicatorFeeds Boolean: Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.
l4override TeamsRuleRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.
notificationSettings TeamsRuleRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.
overrideHost String: Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.
overrideIps List<String>: Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.
payloadLog TeamsRuleRuleSettingsPayloadLog: Configure DLP payload logging. Settable only for http rules.
quarantine TeamsRuleRuleSettingsQuarantine: Configure settings that apply to quarantine rules. Settable only for http rules.
redirect TeamsRuleRuleSettingsRedirect: Apply settings to redirect rules. Settable only for http rules with the action set to redirect.
resolveDnsInternally TeamsRuleRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Not used when 'dnsresolvers' is specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
resolveDnsThroughCloudflare Boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dnsresolvers' specified or 'resolvedns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
untrustedCert TeamsRuleRuleSettingsUntrustedCert: Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

addHeaders {[key: string]: string[]}: Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.
allowChildBypass boolean: Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.
auditSsh TeamsRuleRuleSettingsAuditSsh: Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.
bisoAdminControls TeamsRuleRuleSettingsBisoAdminControls: Configure browser isolation behavior. Settable only for http rules with the action set to isolate.
blockPage TeamsRuleRuleSettingsBlockPage: Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.
blockPageEnabled boolean: Enable the custom block page. Settable only for dns rules with action block.
blockReason string: Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.
bypassParentRule boolean: Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.
checkSession TeamsRuleRuleSettingsCheckSession: Configure session check behavior. Settable only for l4 and http rules with the action set to allow.
dnsResolvers TeamsRuleRuleSettingsDnsResolvers: Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolvednsthroughcloudflare' or 'resolvedns*internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
egress TeamsRuleRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.
ignoreCnameCategoryMatches boolean: Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.
insecureDisableDnssecValidation boolean: Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.
ipCategories boolean: Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.
ipIndicatorFeeds boolean: Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.
l4override TeamsRuleRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.
notificationSettings TeamsRuleRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.
overrideHost string: Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.
overrideIps string[]: Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.
payloadLog TeamsRuleRuleSettingsPayloadLog: Configure DLP payload logging. Settable only for http rules.
quarantine TeamsRuleRuleSettingsQuarantine: Configure settings that apply to quarantine rules. Settable only for http rules.
redirect TeamsRuleRuleSettingsRedirect: Apply settings to redirect rules. Settable only for http rules with the action set to redirect.
resolveDnsInternally TeamsRuleRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Not used when 'dnsresolvers' is specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
resolveDnsThroughCloudflare boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dnsresolvers' specified or 'resolvedns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
untrustedCert TeamsRuleRuleSettingsUntrustedCert: Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

add_headers Mapping[str, Sequence[str]]: Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.
allow_child_bypass bool: Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.
audit_ssh TeamsRuleRuleSettingsAuditSsh: Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.
biso_admin_controls TeamsRuleRuleSettingsBisoAdminControls: Configure browser isolation behavior. Settable only for http rules with the action set to isolate.
block_page TeamsRuleRuleSettingsBlockPage: Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.
block_page_enabled bool: Enable the custom block page. Settable only for dns rules with action block.
block_reason str: Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.
bypass_parent_rule bool: Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.
check_session TeamsRuleRuleSettingsCheckSession: Configure session check behavior. Settable only for l4 and http rules with the action set to allow.
dns_resolvers TeamsRuleRuleSettingsDnsResolvers: Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolvednsthroughcloudflare' or 'resolvedns*internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
egress TeamsRuleRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.
ignore_cname_category_matches bool: Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.
insecure_disable_dnssec_validation bool: Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.
ip_categories bool: Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.
ip_indicator_feeds bool: Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.
l4override TeamsRuleRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.
notification_settings TeamsRuleRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.
override_host str: Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.
override_ips Sequence[str]: Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.
payload_log TeamsRuleRuleSettingsPayloadLog: Configure DLP payload logging. Settable only for http rules.
quarantine TeamsRuleRuleSettingsQuarantine: Configure settings that apply to quarantine rules. Settable only for http rules.
redirect TeamsRuleRuleSettingsRedirect: Apply settings to redirect rules. Settable only for http rules with the action set to redirect.
resolve_dns_internally TeamsRuleRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Not used when 'dnsresolvers' is specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
resolve_dns_through_cloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dnsresolvers' specified or 'resolvedns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
untrusted_cert TeamsRuleRuleSettingsUntrustedCert: Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

addHeaders Map<List<String>>: Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.
allowChildBypass Boolean: Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.
auditSsh Property Map: Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.
bisoAdminControls Property Map: Configure browser isolation behavior. Settable only for http rules with the action set to isolate.
blockPage Property Map: Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.
blockPageEnabled Boolean: Enable the custom block page. Settable only for dns rules with action block.
blockReason String: Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.
bypassParentRule Boolean: Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.
checkSession Property Map: Configure session check behavior. Settable only for l4 and http rules with the action set to allow.
dnsResolvers Property Map: Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolvednsthroughcloudflare' or 'resolvedns*internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
egress Property Map: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.
ignoreCnameCategoryMatches Boolean: Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.
insecureDisableDnssecValidation Boolean: Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.
ipCategories Boolean: Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.
ipIndicatorFeeds Boolean: Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.
l4override Property Map: Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.
notificationSettings Property Map: Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.
overrideHost String: Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.
overrideIps List<String>: Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.
payloadLog Property Map: Configure DLP payload logging. Settable only for http rules.
quarantine Property Map: Configure settings that apply to quarantine rules. Settable only for http rules.
redirect Property Map: Apply settings to redirect rules. Settable only for http rules with the action set to redirect.
resolveDnsInternally Property Map: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Not used when 'dnsresolvers' is specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
resolveDnsThroughCloudflare Boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dnsresolvers' specified or 'resolvedns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.
untrustedCert Property Map: Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

TeamsRuleRuleSettingsAuditSsh, TeamsRuleRuleSettingsAuditSshArgs

CommandLogging bool: Enable SSH command logging.

CommandLogging bool: Enable SSH command logging.

commandLogging Boolean: Enable SSH command logging.

commandLogging boolean: Enable SSH command logging.

command_logging bool: Enable SSH command logging.

commandLogging Boolean: Enable SSH command logging.

TeamsRuleRuleSettingsBisoAdminControls, TeamsRuleRuleSettingsBisoAdminControlsArgs

Copy string: Configure copy behavior. If set to remoteonly, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
Dd bool: Set to false to enable downloading. Only applies when version == "v1".
Dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
Download string: Configure download behavior. When set to remoteonly, users can view downloads but cannot save them. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dp bool: Set to false to enable printing. Only applies when version == "v1".
Du bool: Set to false to enable uploading. Only applies when version == "v1".
Keyboard string: Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
Paste string: Configure paste behavior. If set to remoteonly, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Printing string: Configure print behavior. Default, Printing is enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
Upload string: Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
Version string: Indicate which version of the browser isolation controls should apply. Available values: "v1", "v2".

Copy string: Configure copy behavior. If set to remoteonly, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
Dd bool: Set to false to enable downloading. Only applies when version == "v1".
Dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
Download string: Configure download behavior. When set to remoteonly, users can view downloads but cannot save them. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dp bool: Set to false to enable printing. Only applies when version == "v1".
Du bool: Set to false to enable uploading. Only applies when version == "v1".
Keyboard string: Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
Paste string: Configure paste behavior. If set to remoteonly, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Printing string: Configure print behavior. Default, Printing is enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
Upload string: Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
Version string: Indicate which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy String: Configure copy behavior. If set to remoteonly, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp Boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd Boolean: Set to false to enable downloading. Only applies when version == "v1".
dk Boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download String: Configure download behavior. When set to remoteonly, users can view downloads but cannot save them. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dp Boolean: Set to false to enable printing. Only applies when version == "v1".
du Boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard String: Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
paste String: Configure paste behavior. If set to remoteonly, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing String: Configure print behavior. Default, Printing is enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
upload String: Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
version String: Indicate which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy string: Configure copy behavior. If set to remoteonly, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd boolean: Set to false to enable downloading. Only applies when version == "v1".
dk boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download string: Configure download behavior. When set to remoteonly, users can view downloads but cannot save them. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dp boolean: Set to false to enable printing. Only applies when version == "v1".
du boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard string: Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
paste string: Configure paste behavior. If set to remoteonly, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing string: Configure print behavior. Default, Printing is enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
upload string: Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
version string: Indicate which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy str: Configure copy behavior. If set to remoteonly, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
dd bool: Set to false to enable downloading. Only applies when version == "v1".
dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
download str: Configure download behavior. When set to remoteonly, users can view downloads but cannot save them. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dp bool: Set to false to enable printing. Only applies when version == "v1".
du bool: Set to false to enable uploading. Only applies when version == "v1".
keyboard str: Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
paste str: Configure paste behavior. If set to remoteonly, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing str: Configure print behavior. Default, Printing is enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
upload str: Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
version str: Indicate which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy String: Configure copy behavior. If set to remoteonly, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp Boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd Boolean: Set to false to enable downloading. Only applies when version == "v1".
dk Boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download String: Configure download behavior. When set to remoteonly, users can view downloads but cannot save them. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dp Boolean: Set to false to enable printing. Only applies when version == "v1".
du Boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard String: Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
paste String: Configure paste behavior. If set to remoteonly, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing String: Configure print behavior. Default, Printing is enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
upload String: Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2". Available values: "enabled", "disabled".
version String: Indicate which version of the browser isolation controls should apply. Available values: "v1", "v2".

TeamsRuleRuleSettingsBlockPage, TeamsRuleRuleSettingsBlockPageArgs

TargetUri string: Specify the URI to which the user is redirected.
IncludeContext bool: Specify whether to pass the context information as query parameters.

TargetUri string: Specify the URI to which the user is redirected.
IncludeContext bool: Specify whether to pass the context information as query parameters.

targetUri String: Specify the URI to which the user is redirected.
includeContext Boolean: Specify whether to pass the context information as query parameters.

targetUri string: Specify the URI to which the user is redirected.
includeContext boolean: Specify whether to pass the context information as query parameters.

target_uri str: Specify the URI to which the user is redirected.
include_context bool: Specify whether to pass the context information as query parameters.

targetUri String: Specify the URI to which the user is redirected.
includeContext Boolean: Specify whether to pass the context information as query parameters.

TeamsRuleRuleSettingsCheckSession, TeamsRuleRuleSettingsCheckSessionArgs

Duration string: Sets the required session freshness threshold. The API returns a normalized version of this value.
Enforce bool: Enable session enforcement.

Duration string: Sets the required session freshness threshold. The API returns a normalized version of this value.
Enforce bool: Enable session enforcement.

duration String: Sets the required session freshness threshold. The API returns a normalized version of this value.
enforce Boolean: Enable session enforcement.

duration string: Sets the required session freshness threshold. The API returns a normalized version of this value.
enforce boolean: Enable session enforcement.

duration str: Sets the required session freshness threshold. The API returns a normalized version of this value.
enforce bool: Enable session enforcement.

duration String: Sets the required session freshness threshold. The API returns a normalized version of this value.
enforce Boolean: Enable session enforcement.

TeamsRuleRuleSettingsDnsResolvers, TeamsRuleRuleSettingsDnsResolversArgs

Ipv4s List<TeamsRuleRuleSettingsDnsResolversIpv4>
Ipv6s List<TeamsRuleRuleSettingsDnsResolversIpv6>

Ipv4s []TeamsRuleRuleSettingsDnsResolversIpv4
Ipv6s []TeamsRuleRuleSettingsDnsResolversIpv6

ipv4s List<TeamsRuleRuleSettingsDnsResolversIpv4>
ipv6s List<TeamsRuleRuleSettingsDnsResolversIpv6>

ipv4s TeamsRuleRuleSettingsDnsResolversIpv4[]
ipv6s TeamsRuleRuleSettingsDnsResolversIpv6[]

ipv4s Sequence[TeamsRuleRuleSettingsDnsResolversIpv4]
ipv6s Sequence[TeamsRuleRuleSettingsDnsResolversIpv6]

ipv4s List<Property Map>
ipv6s List<Property Map>

TeamsRuleRuleSettingsDnsResolversIpv4, TeamsRuleRuleSettingsDnsResolversIpv4Args

Ip string: Specify the IPv4 address of the upstream resolver.
Port int: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
VnetId string: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

Ip string: Specify the IPv4 address of the upstream resolver.
Port int: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
VnetId string: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip String: Specify the IPv4 address of the upstream resolver.
port Integer: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnetId String: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip string: Specify the IPv4 address of the upstream resolver.
port number: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork boolean: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnetId string: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip str: Specify the IPv4 address of the upstream resolver.
port int: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
route_through_private_network bool: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnet_id str: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip String: Specify the IPv4 address of the upstream resolver.
port Number: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnetId String: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

TeamsRuleRuleSettingsDnsResolversIpv6, TeamsRuleRuleSettingsDnsResolversIpv6Args

Ip string: Specify the IPv6 address of the upstream resolver.
Port int: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
VnetId string: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

Ip string: Specify the IPv6 address of the upstream resolver.
Port int: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
VnetId string: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip String: Specify the IPv6 address of the upstream resolver.
port Integer: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnetId String: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip string: Specify the IPv6 address of the upstream resolver.
port number: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork boolean: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnetId string: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip str: Specify the IPv6 address of the upstream resolver.
port int: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
route_through_private_network bool: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnet_id str: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

ip String: Specify the IPv6 address of the upstream resolver.
port Number: Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.
vnetId String: Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

TeamsRuleRuleSettingsEgress, TeamsRuleRuleSettingsEgressArgs

Ipv4 string: Specify the IPv4 address to use for egress.
Ipv4Fallback string: Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.
Ipv6 string: Specify the IPv6 range to use for egress.

Ipv4 string: Specify the IPv4 address to use for egress.
Ipv4Fallback string: Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.
Ipv6 string: Specify the IPv6 range to use for egress.

ipv4 String: Specify the IPv4 address to use for egress.
ipv4Fallback String: Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 String: Specify the IPv6 range to use for egress.

ipv4 string: Specify the IPv4 address to use for egress.
ipv4Fallback string: Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 string: Specify the IPv6 range to use for egress.

ipv4 str: Specify the IPv4 address to use for egress.
ipv4_fallback str: Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 str: Specify the IPv6 range to use for egress.

ipv4 String: Specify the IPv4 address to use for egress.
ipv4Fallback String: Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 String: Specify the IPv6 range to use for egress.

TeamsRuleRuleSettingsL4override, TeamsRuleRuleSettingsL4overrideArgs

Ip string: Defines the IPv4 or IPv6 address.
Port int: Defines a port number to use for TCP/UDP overrides.

Ip string: Defines the IPv4 or IPv6 address.
Port int: Defines a port number to use for TCP/UDP overrides.

ip String: Defines the IPv4 or IPv6 address.
port Integer: Defines a port number to use for TCP/UDP overrides.

ip string: Defines the IPv4 or IPv6 address.
port number: Defines a port number to use for TCP/UDP overrides.

ip str: Defines the IPv4 or IPv6 address.
port int: Defines a port number to use for TCP/UDP overrides.

ip String: Defines the IPv4 or IPv6 address.
port Number: Defines a port number to use for TCP/UDP overrides.

TeamsRuleRuleSettingsNotificationSettings, TeamsRuleRuleSettingsNotificationSettingsArgs

Enabled bool: Enable notification.
IncludeContext bool: Indicates whether to pass the context information as query parameters.
Msg string: Customize the message shown in the notification.
SupportUrl string: Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

Enabled bool: Enable notification.
IncludeContext bool: Indicates whether to pass the context information as query parameters.
Msg string: Customize the message shown in the notification.
SupportUrl string: Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

enabled Boolean: Enable notification.
includeContext Boolean: Indicates whether to pass the context information as query parameters.
msg String: Customize the message shown in the notification.
supportUrl String: Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

enabled boolean: Enable notification.
includeContext boolean: Indicates whether to pass the context information as query parameters.
msg string: Customize the message shown in the notification.
supportUrl string: Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

enabled bool: Enable notification.
include_context bool: Indicates whether to pass the context information as query parameters.
msg str: Customize the message shown in the notification.
support_url str: Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

enabled Boolean: Enable notification.
includeContext Boolean: Indicates whether to pass the context information as query parameters.
msg String: Customize the message shown in the notification.
supportUrl String: Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

TeamsRuleRuleSettingsPayloadLog, TeamsRuleRuleSettingsPayloadLogArgs

Enabled bool: Enable DLP payload logging for this rule.

Enabled bool: Enable DLP payload logging for this rule.

enabled Boolean: Enable DLP payload logging for this rule.

enabled boolean: Enable DLP payload logging for this rule.

enabled bool: Enable DLP payload logging for this rule.

enabled Boolean: Enable DLP payload logging for this rule.

TeamsRuleRuleSettingsQuarantine, TeamsRuleRuleSettingsQuarantineArgs

FileTypes List<string>: Specify the types of files to sandbox.

FileTypes []string: Specify the types of files to sandbox.

fileTypes List<String>: Specify the types of files to sandbox.

fileTypes string[]: Specify the types of files to sandbox.

file_types Sequence[str]: Specify the types of files to sandbox.

fileTypes List<String>: Specify the types of files to sandbox.

TeamsRuleRuleSettingsRedirect, TeamsRuleRuleSettingsRedirectArgs

TargetUri string: Specify the URI to which the user is redirected.
IncludeContext bool: Specify whether to pass the context information as query parameters.
PreservePathAndQuery bool: Specify whether to append the path and query parameters from the original request to target_uri.

TargetUri string: Specify the URI to which the user is redirected.
IncludeContext bool: Specify whether to pass the context information as query parameters.
PreservePathAndQuery bool: Specify whether to append the path and query parameters from the original request to target_uri.

targetUri String: Specify the URI to which the user is redirected.
includeContext Boolean: Specify whether to pass the context information as query parameters.
preservePathAndQuery Boolean: Specify whether to append the path and query parameters from the original request to target_uri.

targetUri string: Specify the URI to which the user is redirected.
includeContext boolean: Specify whether to pass the context information as query parameters.
preservePathAndQuery boolean: Specify whether to append the path and query parameters from the original request to target_uri.

target_uri str: Specify the URI to which the user is redirected.
include_context bool: Specify whether to pass the context information as query parameters.
preserve_path_and_query bool: Specify whether to append the path and query parameters from the original request to target_uri.

targetUri String: Specify the URI to which the user is redirected.
includeContext Boolean: Specify whether to pass the context information as query parameters.
preservePathAndQuery Boolean: Specify whether to append the path and query parameters from the original request to target_uri.

TeamsRuleRuleSettingsResolveDnsInternally, TeamsRuleRuleSettingsResolveDnsInternallyArgs

Fallback string: Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
ViewId string: Specify the internal DNS view identifier to pass to the internal DNS service.

Fallback string: Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
ViewId string: Specify the internal DNS view identifier to pass to the internal DNS service.

fallback String: Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId String: Specify the internal DNS view identifier to pass to the internal DNS service.

fallback string: Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId string: Specify the internal DNS view identifier to pass to the internal DNS service.

fallback str: Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
view_id str: Specify the internal DNS view identifier to pass to the internal DNS service.

fallback String: Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId String: Specify the internal DNS view identifier to pass to the internal DNS service.

TeamsRuleRuleSettingsUntrustedCert, TeamsRuleRuleSettingsUntrustedCertArgs

Action string: Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526. Available values: <span pulumi-lang-nodejs=""passThrough"" pulumi-lang-dotnet=""PassThrough"" pulumi-lang-go=""passThrough"" pulumi-lang-python=""pass_through"" pulumi-lang-yaml=""passThrough"" pulumi-lang-java=""passThrough"">"pass_through", "block", "error".

Action string: Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526. Available values: <span pulumi-lang-nodejs=""passThrough"" pulumi-lang-dotnet=""PassThrough"" pulumi-lang-go=""passThrough"" pulumi-lang-python=""pass_through"" pulumi-lang-yaml=""passThrough"" pulumi-lang-java=""passThrough"">"pass_through", "block", "error".

action String: Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526. Available values: <span pulumi-lang-nodejs=""passThrough"" pulumi-lang-dotnet=""PassThrough"" pulumi-lang-go=""passThrough"" pulumi-lang-python=""pass_through"" pulumi-lang-yaml=""passThrough"" pulumi-lang-java=""passThrough"">"pass_through", "block", "error".

action string: Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526. Available values: <span pulumi-lang-nodejs=""passThrough"" pulumi-lang-dotnet=""PassThrough"" pulumi-lang-go=""passThrough"" pulumi-lang-python=""pass_through"" pulumi-lang-yaml=""passThrough"" pulumi-lang-java=""passThrough"">"pass_through", "block", "error".

action str: Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526. Available values: <span pulumi-lang-nodejs=""passThrough"" pulumi-lang-dotnet=""PassThrough"" pulumi-lang-go=""passThrough"" pulumi-lang-python=""pass_through"" pulumi-lang-yaml=""passThrough"" pulumi-lang-java=""passThrough"">"pass_through", "block", "error".

action String: Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526. Available values: <span pulumi-lang-nodejs=""passThrough"" pulumi-lang-dotnet=""PassThrough"" pulumi-lang-go=""passThrough"" pulumi-lang-python=""pass_through"" pulumi-lang-yaml=""passThrough"" pulumi-lang-java=""passThrough"">"pass_through", "block", "error".

TeamsRuleSchedule, TeamsRuleScheduleArgs

Fri string
Mon string
Sat string
Sun string
Thu string
TimeZone string: Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.
Tue string
Wed string

Fri string
Mon string
Sat string
Sun string
Thu string
TimeZone string: Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.
Tue string
Wed string

fri String
mon String
sat String
sun String
thu String
timeZone String: Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.
tue String
wed String

fri string
mon string
sat string
sun string
thu string
timeZone string: Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.
tue string
wed string

fri str
mon str
sat str
sun str
thu str
time_zone str: Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.
tue str
wed str

fri String
mon String
sat String
sun String
thu String
timeZone String: Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.
tue String
wed String

Import

$ pulumi import cloudflare:index/teamsRule:TeamsRule example '<account_id>/<rule_id>'

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.TeamsRule

On this page

On this page

Example Usage

Create TeamsRule Resource

Constructor syntax

Parameters

TeamsRule Resource Properties

Inputs

Outputs

Look up Existing TeamsRule Resource

Supporting Types

TeamsRuleExpiration, TeamsRuleExpirationArgs

TeamsRuleRuleSettings, TeamsRuleRuleSettingsArgs

TeamsRuleRuleSettingsAuditSsh, TeamsRuleRuleSettingsAuditSshArgs

TeamsRuleRuleSettingsBisoAdminControls, TeamsRuleRuleSettingsBisoAdminControlsArgs

TeamsRuleRuleSettingsBlockPage, TeamsRuleRuleSettingsBlockPageArgs

TeamsRuleRuleSettingsCheckSession, TeamsRuleRuleSettingsCheckSessionArgs

TeamsRuleRuleSettingsDnsResolvers, TeamsRuleRuleSettingsDnsResolversArgs

TeamsRuleRuleSettingsDnsResolversIpv4, TeamsRuleRuleSettingsDnsResolversIpv4Args

TeamsRuleRuleSettingsDnsResolversIpv6, TeamsRuleRuleSettingsDnsResolversIpv6Args

TeamsRuleRuleSettingsEgress, TeamsRuleRuleSettingsEgressArgs

TeamsRuleRuleSettingsL4override, TeamsRuleRuleSettingsL4overrideArgs

TeamsRuleRuleSettingsNotificationSettings, TeamsRuleRuleSettingsNotificationSettingsArgs

TeamsRuleRuleSettingsPayloadLog, TeamsRuleRuleSettingsPayloadLogArgs

TeamsRuleRuleSettingsQuarantine, TeamsRuleRuleSettingsQuarantineArgs

TeamsRuleRuleSettingsRedirect, TeamsRuleRuleSettingsRedirectArgs

TeamsRuleRuleSettingsResolveDnsInternally, TeamsRuleRuleSettingsResolveDnsInternallyArgs

TeamsRuleRuleSettingsUntrustedCert, TeamsRuleRuleSettingsUntrustedCertArgs

TeamsRuleSchedule, TeamsRuleScheduleArgs

Import

Package Details

On this page

On this page