Docs Home
Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi
cloudflare.ZeroTrustGatewayPolicy
Explore with Pulumi AI
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
exampleZeroTrustGatewayPolicy:
type: cloudflare:ZeroTrustGatewayPolicy
name: example_zero_trust_gateway_policy
properties:
accountId: 699d98642c564d2e855e9661899b7252
action: allow
name: block bad websites
description: Block bad websites based on their host name.
devicePosture: any(device_posture.checks.passed[*] in {"1308749e-fcfb-4ebc-b051-fe022b632644"})
enabled: true
expiration:
expires_at: 2014-01-01T05:20:20Z
duration: 10
expired: false
filters:
- http
identity: any(identity.groups.name[*] in {"finance"})
precedence: 0
ruleSettings:
add_headers:
foo: string
allow_child_bypass: false
audit_ssh:
commandLogging: false
biso_admin_controls:
copy: remote_only
dcp: false
dd: false
dk: false
download: enabled
dp: false
du: false
keyboard: enabled
paste: enabled
printing: enabled
upload: enabled
version: v1
block_page_enabled: true
block_reason: This website is a security risk
bypass_parent_rule: false
check_session:
duration: 300s
enforce: true
dns_resolvers:
ipv4:
- ip: 2.2.2.2
port: 5053
routeThroughPrivateNetwork: true
vnetId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415
ipv6:
- ip: '2001:DB8::'
port: 5053
routeThroughPrivateNetwork: true
vnetId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415
egress:
ipv4: 192.0.2.2
ipv4Fallback: 192.0.2.3
ipv6: 2001:DB8::/64
ignore_cname_category_matches: true
insecure_disable_dnssec_validation: false
ip_categories: true
ip_indicator_feeds: true
l4override:
ip: 1.1.1.1
port: 0
notification_settings:
enabled: true
msg: msg
supportUrl: support_url
override_host: example.com
override_ips:
- 1.1.1.1
- 2.2.2.2
payload_log:
enabled: true
quarantine:
fileTypes:
- exe
redirect:
targetUri: https://example.com
includeContext: true
preservePathAndQuery: true
resolve_dns_internally:
fallback: none
viewId: view_id
resolve_dns_through_cloudflare: true
untrusted_cert:
action: error
schedule:
fri: 08:00-12:30,13:30-17:00
mon: 08:00-12:30,13:30-17:00
sat: 08:00-12:30,13:30-17:00
sun: 08:00-12:30,13:30-17:00
thu: 08:00-12:30,13:30-17:00
time_zone: America/New York
tue: 08:00-12:30,13:30-17:00
wed: 08:00-12:30,13:30-17:00
traffic: http.request.uri matches ".*a/partial/uri.*" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10
Create ZeroTrustGatewayPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustGatewayPolicy(name: string, args: ZeroTrustGatewayPolicyArgs, opts?: CustomResourceOptions);@overload
def ZeroTrustGatewayPolicy(resource_name: str,
args: ZeroTrustGatewayPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustGatewayPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
action: Optional[str] = None,
name: Optional[str] = None,
filters: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
expiration: Optional[ZeroTrustGatewayPolicyExpirationArgs] = None,
device_posture: Optional[str] = None,
identity: Optional[str] = None,
description: Optional[str] = None,
precedence: Optional[int] = None,
rule_settings: Optional[ZeroTrustGatewayPolicyRuleSettingsArgs] = None,
schedule: Optional[ZeroTrustGatewayPolicyScheduleArgs] = None,
traffic: Optional[str] = None)func NewZeroTrustGatewayPolicy(ctx *Context, name string, args ZeroTrustGatewayPolicyArgs, opts ...ResourceOption) (*ZeroTrustGatewayPolicy, error)public ZeroTrustGatewayPolicy(string name, ZeroTrustGatewayPolicyArgs args, CustomResourceOptions? opts = null)
public ZeroTrustGatewayPolicy(String name, ZeroTrustGatewayPolicyArgs args)
public ZeroTrustGatewayPolicy(String name, ZeroTrustGatewayPolicyArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustGatewayPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZeroTrustGatewayPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZeroTrustGatewayPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZeroTrustGatewayPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZeroTrustGatewayPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZeroTrustGatewayPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustGatewayPolicyResource = new Cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", new()
{
AccountId = "string",
Action = "string",
Name = "string",
Filters = new[]
{
"string",
},
Enabled = false,
Expiration = new Cloudflare.Inputs.ZeroTrustGatewayPolicyExpirationArgs
{
ExpiresAt = "string",
Duration = 0,
Expired = false,
},
DevicePosture = "string",
Identity = "string",
Description = "string",
Precedence = 0,
RuleSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsArgs
{
AddHeaders =
{
{ "string", "string" },
},
AllowChildBypass = false,
AuditSsh = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs
{
CommandLogging = false,
},
BisoAdminControls = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs
{
Copy = "string",
Dcp = false,
Dd = false,
Dk = false,
Download = "string",
Dp = false,
Du = false,
Keyboard = "string",
Paste = "string",
Printing = "string",
Upload = "string",
Version = "string",
},
BlockPageEnabled = false,
BlockReason = "string",
BypassParentRule = false,
CheckSession = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs
{
Duration = "string",
Enforce = false,
},
DnsResolvers = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs
{
Ipv4s = new[]
{
new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args
{
Ip = "string",
Port = 0,
RouteThroughPrivateNetwork = false,
VnetId = "string",
},
},
Ipv6s = new[]
{
new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args
{
Ip = "string",
Port = 0,
RouteThroughPrivateNetwork = false,
VnetId = "string",
},
},
},
Egress = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsEgressArgs
{
Ipv4 = "string",
Ipv4Fallback = "string",
Ipv6 = "string",
},
IgnoreCnameCategoryMatches = false,
InsecureDisableDnssecValidation = false,
IpCategories = false,
IpIndicatorFeeds = false,
L4override = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs
{
Ip = "string",
Port = 0,
},
NotificationSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs
{
Enabled = false,
Msg = "string",
SupportUrl = "string",
},
OverrideHost = "string",
OverrideIps = new[]
{
"string",
},
PayloadLog = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs
{
Enabled = false,
},
Quarantine = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsQuarantineArgs
{
FileTypes = new[]
{
"string",
},
},
Redirect = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsRedirectArgs
{
TargetUri = "string",
IncludeContext = false,
PreservePathAndQuery = false,
},
ResolveDnsInternally = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs
{
Fallback = "string",
ViewId = "string",
},
ResolveDnsThroughCloudflare = false,
UntrustedCert = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs
{
Action = "string",
},
},
Schedule = new Cloudflare.Inputs.ZeroTrustGatewayPolicyScheduleArgs
{
Fri = "string",
Mon = "string",
Sat = "string",
Sun = "string",
Thu = "string",
TimeZone = "string",
Tue = "string",
Wed = "string",
},
Traffic = "string",
});
example, err := cloudflare.NewZeroTrustGatewayPolicy(ctx, "zeroTrustGatewayPolicyResource", &cloudflare.ZeroTrustGatewayPolicyArgs{
AccountId: pulumi.String("string"),
Action: pulumi.String("string"),
Name: pulumi.String("string"),
Filters: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Expiration: &cloudflare.ZeroTrustGatewayPolicyExpirationArgs{
ExpiresAt: pulumi.String("string"),
Duration: pulumi.Int(0),
Expired: pulumi.Bool(false),
},
DevicePosture: pulumi.String("string"),
Identity: pulumi.String("string"),
Description: pulumi.String("string"),
Precedence: pulumi.Int(0),
RuleSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsArgs{
AddHeaders: pulumi.StringMap{
"string": pulumi.String("string"),
},
AllowChildBypass: pulumi.Bool(false),
AuditSsh: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs{
CommandLogging: pulumi.Bool(false),
},
BisoAdminControls: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs{
Copy: pulumi.String("string"),
Dcp: pulumi.Bool(false),
Dd: pulumi.Bool(false),
Dk: pulumi.Bool(false),
Download: pulumi.String("string"),
Dp: pulumi.Bool(false),
Du: pulumi.Bool(false),
Keyboard: pulumi.String("string"),
Paste: pulumi.String("string"),
Printing: pulumi.String("string"),
Upload: pulumi.String("string"),
Version: pulumi.String("string"),
},
BlockPageEnabled: pulumi.Bool(false),
BlockReason: pulumi.String("string"),
BypassParentRule: pulumi.Bool(false),
CheckSession: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs{
Duration: pulumi.String("string"),
Enforce: pulumi.Bool(false),
},
DnsResolvers: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs{
Ipv4s: cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Array{
&cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args{
Ip: pulumi.String("string"),
Port: pulumi.Int(0),
RouteThroughPrivateNetwork: pulumi.Bool(false),
VnetId: pulumi.String("string"),
},
},
Ipv6s: cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Array{
&cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args{
Ip: pulumi.String("string"),
Port: pulumi.Int(0),
RouteThroughPrivateNetwork: pulumi.Bool(false),
VnetId: pulumi.String("string"),
},
},
},
Egress: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsEgressArgs{
Ipv4: pulumi.String("string"),
Ipv4Fallback: pulumi.String("string"),
Ipv6: pulumi.String("string"),
},
IgnoreCnameCategoryMatches: pulumi.Bool(false),
InsecureDisableDnssecValidation: pulumi.Bool(false),
IpCategories: pulumi.Bool(false),
IpIndicatorFeeds: pulumi.Bool(false),
L4override: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs{
Ip: pulumi.String("string"),
Port: pulumi.Int(0),
},
NotificationSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs{
Enabled: pulumi.Bool(false),
Msg: pulumi.String("string"),
SupportUrl: pulumi.String("string"),
},
OverrideHost: pulumi.String("string"),
OverrideIps: pulumi.StringArray{
pulumi.String("string"),
},
PayloadLog: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs{
Enabled: pulumi.Bool(false),
},
Quarantine: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsQuarantineArgs{
FileTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
Redirect: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsRedirectArgs{
TargetUri: pulumi.String("string"),
IncludeContext: pulumi.Bool(false),
PreservePathAndQuery: pulumi.Bool(false),
},
ResolveDnsInternally: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs{
Fallback: pulumi.String("string"),
ViewId: pulumi.String("string"),
},
ResolveDnsThroughCloudflare: pulumi.Bool(false),
UntrustedCert: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs{
Action: pulumi.String("string"),
},
},
Schedule: &cloudflare.ZeroTrustGatewayPolicyScheduleArgs{
Fri: pulumi.String("string"),
Mon: pulumi.String("string"),
Sat: pulumi.String("string"),
Sun: pulumi.String("string"),
Thu: pulumi.String("string"),
TimeZone: pulumi.String("string"),
Tue: pulumi.String("string"),
Wed: pulumi.String("string"),
},
Traffic: pulumi.String("string"),
})
var zeroTrustGatewayPolicyResource = new ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", ZeroTrustGatewayPolicyArgs.builder()
.accountId("string")
.action("string")
.name("string")
.filters("string")
.enabled(false)
.expiration(ZeroTrustGatewayPolicyExpirationArgs.builder()
.expiresAt("string")
.duration(0)
.expired(false)
.build())
.devicePosture("string")
.identity("string")
.description("string")
.precedence(0)
.ruleSettings(ZeroTrustGatewayPolicyRuleSettingsArgs.builder()
.addHeaders(Map.of("string", "string"))
.allowChildBypass(false)
.auditSsh(ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs.builder()
.commandLogging(false)
.build())
.bisoAdminControls(ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs.builder()
.copy("string")
.dcp(false)
.dd(false)
.dk(false)
.download("string")
.dp(false)
.du(false)
.keyboard("string")
.paste("string")
.printing("string")
.upload("string")
.version("string")
.build())
.blockPageEnabled(false)
.blockReason("string")
.bypassParentRule(false)
.checkSession(ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs.builder()
.duration("string")
.enforce(false)
.build())
.dnsResolvers(ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs.builder()
.ipv4s(ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args.builder()
.ip("string")
.port(0)
.routeThroughPrivateNetwork(false)
.vnetId("string")
.build())
.ipv6s(ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args.builder()
.ip("string")
.port(0)
.routeThroughPrivateNetwork(false)
.vnetId("string")
.build())
.build())
.egress(ZeroTrustGatewayPolicyRuleSettingsEgressArgs.builder()
.ipv4("string")
.ipv4Fallback("string")
.ipv6("string")
.build())
.ignoreCnameCategoryMatches(false)
.insecureDisableDnssecValidation(false)
.ipCategories(false)
.ipIndicatorFeeds(false)
.l4override(ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs.builder()
.ip("string")
.port(0)
.build())
.notificationSettings(ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs.builder()
.enabled(false)
.msg("string")
.supportUrl("string")
.build())
.overrideHost("string")
.overrideIps("string")
.payloadLog(ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs.builder()
.enabled(false)
.build())
.quarantine(ZeroTrustGatewayPolicyRuleSettingsQuarantineArgs.builder()
.fileTypes("string")
.build())
.redirect(ZeroTrustGatewayPolicyRuleSettingsRedirectArgs.builder()
.targetUri("string")
.includeContext(false)
.preservePathAndQuery(false)
.build())
.resolveDnsInternally(ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs.builder()
.fallback("string")
.viewId("string")
.build())
.resolveDnsThroughCloudflare(false)
.untrustedCert(ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs.builder()
.action("string")
.build())
.build())
.schedule(ZeroTrustGatewayPolicyScheduleArgs.builder()
.fri("string")
.mon("string")
.sat("string")
.sun("string")
.thu("string")
.timeZone("string")
.tue("string")
.wed("string")
.build())
.traffic("string")
.build());
zero_trust_gateway_policy_resource = cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource",
account_id="string",
action="string",
name="string",
filters=["string"],
enabled=False,
expiration={
"expires_at": "string",
"duration": 0,
"expired": False,
},
device_posture="string",
identity="string",
description="string",
precedence=0,
rule_settings={
"add_headers": {
"string": "string",
},
"allow_child_bypass": False,
"audit_ssh": {
"command_logging": False,
},
"biso_admin_controls": {
"copy": "string",
"dcp": False,
"dd": False,
"dk": False,
"download": "string",
"dp": False,
"du": False,
"keyboard": "string",
"paste": "string",
"printing": "string",
"upload": "string",
"version": "string",
},
"block_page_enabled": False,
"block_reason": "string",
"bypass_parent_rule": False,
"check_session": {
"duration": "string",
"enforce": False,
},
"dns_resolvers": {
"ipv4s": [{
"ip": "string",
"port": 0,
"route_through_private_network": False,
"vnet_id": "string",
}],
"ipv6s": [{
"ip": "string",
"port": 0,
"route_through_private_network": False,
"vnet_id": "string",
}],
},
"egress": {
"ipv4": "string",
"ipv4_fallback": "string",
"ipv6": "string",
},
"ignore_cname_category_matches": False,
"insecure_disable_dnssec_validation": False,
"ip_categories": False,
"ip_indicator_feeds": False,
"l4override": {
"ip": "string",
"port": 0,
},
"notification_settings": {
"enabled": False,
"msg": "string",
"support_url": "string",
},
"override_host": "string",
"override_ips": ["string"],
"payload_log": {
"enabled": False,
},
"quarantine": {
"file_types": ["string"],
},
"redirect": {
"target_uri": "string",
"include_context": False,
"preserve_path_and_query": False,
},
"resolve_dns_internally": {
"fallback": "string",
"view_id": "string",
},
"resolve_dns_through_cloudflare": False,
"untrusted_cert": {
"action": "string",
},
},
schedule={
"fri": "string",
"mon": "string",
"sat": "string",
"sun": "string",
"thu": "string",
"time_zone": "string",
"tue": "string",
"wed": "string",
},
traffic="string")
const zeroTrustGatewayPolicyResource = new cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", {
accountId: "string",
action: "string",
name: "string",
filters: ["string"],
enabled: false,
expiration: {
expiresAt: "string",
duration: 0,
expired: false,
},
devicePosture: "string",
identity: "string",
description: "string",
precedence: 0,
ruleSettings: {
addHeaders: {
string: "string",
},
allowChildBypass: false,
auditSsh: {
commandLogging: false,
},
bisoAdminControls: {
copy: "string",
dcp: false,
dd: false,
dk: false,
download: "string",
dp: false,
du: false,
keyboard: "string",
paste: "string",
printing: "string",
upload: "string",
version: "string",
},
blockPageEnabled: false,
blockReason: "string",
bypassParentRule: false,
checkSession: {
duration: "string",
enforce: false,
},
dnsResolvers: {
ipv4s: [{
ip: "string",
port: 0,
routeThroughPrivateNetwork: false,
vnetId: "string",
}],
ipv6s: [{
ip: "string",
port: 0,
routeThroughPrivateNetwork: false,
vnetId: "string",
}],
},
egress: {
ipv4: "string",
ipv4Fallback: "string",
ipv6: "string",
},
ignoreCnameCategoryMatches: false,
insecureDisableDnssecValidation: false,
ipCategories: false,
ipIndicatorFeeds: false,
l4override: {
ip: "string",
port: 0,
},
notificationSettings: {
enabled: false,
msg: "string",
supportUrl: "string",
},
overrideHost: "string",
overrideIps: ["string"],
payloadLog: {
enabled: false,
},
quarantine: {
fileTypes: ["string"],
},
redirect: {
targetUri: "string",
includeContext: false,
preservePathAndQuery: false,
},
resolveDnsInternally: {
fallback: "string",
viewId: "string",
},
resolveDnsThroughCloudflare: false,
untrustedCert: {
action: "string",
},
},
schedule: {
fri: "string",
mon: "string",
sat: "string",
sun: "string",
thu: "string",
timeZone: "string",
tue: "string",
wed: "string",
},
traffic: "string",
});
type: cloudflare:ZeroTrustGatewayPolicy
properties:
accountId: string
action: string
description: string
devicePosture: string
enabled: false
expiration:
duration: 0
expired: false
expiresAt: string
filters:
- string
identity: string
name: string
precedence: 0
ruleSettings:
addHeaders:
string: string
allowChildBypass: false
auditSsh:
commandLogging: false
bisoAdminControls:
copy: string
dcp: false
dd: false
dk: false
download: string
dp: false
du: false
keyboard: string
paste: string
printing: string
upload: string
version: string
blockPageEnabled: false
blockReason: string
bypassParentRule: false
checkSession:
duration: string
enforce: false
dnsResolvers:
ipv4s:
- ip: string
port: 0
routeThroughPrivateNetwork: false
vnetId: string
ipv6s:
- ip: string
port: 0
routeThroughPrivateNetwork: false
vnetId: string
egress:
ipv4: string
ipv4Fallback: string
ipv6: string
ignoreCnameCategoryMatches: false
insecureDisableDnssecValidation: false
ipCategories: false
ipIndicatorFeeds: false
l4override:
ip: string
port: 0
notificationSettings:
enabled: false
msg: string
supportUrl: string
overrideHost: string
overrideIps:
- string
payloadLog:
enabled: false
quarantine:
fileTypes:
- string
redirect:
includeContext: false
preservePathAndQuery: false
targetUri: string
resolveDnsInternally:
fallback: string
viewId: string
resolveDnsThroughCloudflare: false
untrustedCert:
action: string
schedule:
fri: string
mon: string
sat: string
sun: string
thu: string
timeZone: string
tue: string
wed: string
traffic: string
ZeroTrustGatewayPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZeroTrustGatewayPolicy resource accepts the following input properties:
- Account
Id string - Action string
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - Name string
- The name of the rule.
- Description string
- The description of the rule.
- Device
Posture string - The wirefilter expression used for device posture check matching.
- Enabled bool
- True if the rule is enabled.
- Expiration
Zero
Trust Gateway Policy Expiration - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - Filters List<string>
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- Identity string
- The wirefilter expression used for identity matching.
- Precedence int
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional settings that modify the rule's action.
- Schedule
Zero
Trust Gateway Policy Schedule - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- Traffic string
- The wirefilter expression used for traffic matching.
- Account
Id string - Action string
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - Name string
- The name of the rule.
- Description string
- The description of the rule.
- Device
Posture string - The wirefilter expression used for device posture check matching.
- Enabled bool
- True if the rule is enabled.
- Expiration
Zero
Trust Gateway Policy Expiration Args - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - Filters []string
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- Identity string
- The wirefilter expression used for identity matching.
- Precedence int
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings Args - Additional settings that modify the rule's action.
- Schedule
Zero
Trust Gateway Policy Schedule Args - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- Traffic string
- The wirefilter expression used for traffic matching.
- account
Id String - action String
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - name String
- The name of the rule.
- description String
- The description of the rule.
- device
Posture String - The wirefilter expression used for device posture check matching.
- enabled Boolean
- True if the rule is enabled.
- expiration
Zero
Trust Gateway Policy Expiration - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters List<String>
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity String
- The wirefilter expression used for identity matching.
- precedence Integer
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional settings that modify the rule's action.
- schedule
Zero
Trust Gateway Policy Schedule - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic String
- The wirefilter expression used for traffic matching.
- account
Id string - action string
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - name string
- The name of the rule.
- description string
- The description of the rule.
- device
Posture string - The wirefilter expression used for device posture check matching.
- enabled boolean
- True if the rule is enabled.
- expiration
Zero
Trust Gateway Policy Expiration - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters string[]
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity string
- The wirefilter expression used for identity matching.
- precedence number
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional settings that modify the rule's action.
- schedule
Zero
Trust Gateway Policy Schedule - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic string
- The wirefilter expression used for traffic matching.
- account_
id str - action str
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - name str
- The name of the rule.
- description str
- The description of the rule.
- device_
posture str - The wirefilter expression used for device posture check matching.
- enabled bool
- True if the rule is enabled.
- expiration
Zero
Trust Gateway Policy Expiration Args - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters Sequence[str]
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity str
- The wirefilter expression used for identity matching.
- precedence int
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule_
settings ZeroTrust Gateway Policy Rule Settings Args - Additional settings that modify the rule's action.
- schedule
Zero
Trust Gateway Policy Schedule Args - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic str
- The wirefilter expression used for traffic matching.
- account
Id String - action String
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - name String
- The name of the rule.
- description String
- The description of the rule.
- device
Posture String - The wirefilter expression used for device posture check matching.
- enabled Boolean
- True if the rule is enabled.
- expiration Property Map
- The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters List<String>
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity String
- The wirefilter expression used for identity matching.
- precedence Number
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule
Settings Property Map - Additional settings that modify the rule's action.
- schedule Property Map
- The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic String
- The wirefilter expression used for traffic matching.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustGatewayPolicy resource produces the following output properties:
- created_
at str - deleted_
at str - Date of deletion, if any.
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at str - version int
- version number of the rule
Look up Existing ZeroTrustGatewayPolicy Resource
Get an existing ZeroTrustGatewayPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustGatewayPolicyState, opts?: CustomResourceOptions): ZeroTrustGatewayPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
action: Optional[str] = None,
created_at: Optional[str] = None,
deleted_at: Optional[str] = None,
description: Optional[str] = None,
device_posture: Optional[str] = None,
enabled: Optional[bool] = None,
expiration: Optional[ZeroTrustGatewayPolicyExpirationArgs] = None,
filters: Optional[Sequence[str]] = None,
identity: Optional[str] = None,
name: Optional[str] = None,
precedence: Optional[int] = None,
rule_settings: Optional[ZeroTrustGatewayPolicyRuleSettingsArgs] = None,
schedule: Optional[ZeroTrustGatewayPolicyScheduleArgs] = None,
traffic: Optional[str] = None,
updated_at: Optional[str] = None,
version: Optional[int] = None) -> ZeroTrustGatewayPolicyfunc GetZeroTrustGatewayPolicy(ctx *Context, name string, id IDInput, state *ZeroTrustGatewayPolicyState, opts ...ResourceOption) (*ZeroTrustGatewayPolicy, error)public static ZeroTrustGatewayPolicy Get(string name, Input<string> id, ZeroTrustGatewayPolicyState? state, CustomResourceOptions? opts = null)public static ZeroTrustGatewayPolicy get(String name, Output<String> id, ZeroTrustGatewayPolicyState state, CustomResourceOptions options)resources: _: type: cloudflare:ZeroTrustGatewayPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - Action string
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - Created
At string - Deleted
At string - Date of deletion, if any.
- Description string
- The description of the rule.
- Device
Posture string - The wirefilter expression used for device posture check matching.
- Enabled bool
- True if the rule is enabled.
- Expiration
Zero
Trust Gateway Policy Expiration - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - Filters List<string>
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- Identity string
- The wirefilter expression used for identity matching.
- Name string
- The name of the rule.
- Precedence int
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional settings that modify the rule's action.
- Schedule
Zero
Trust Gateway Policy Schedule - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- Traffic string
- The wirefilter expression used for traffic matching.
- Updated
At string - Version int
- version number of the rule
- Account
Id string - Action string
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - Created
At string - Deleted
At string - Date of deletion, if any.
- Description string
- The description of the rule.
- Device
Posture string - The wirefilter expression used for device posture check matching.
- Enabled bool
- True if the rule is enabled.
- Expiration
Zero
Trust Gateway Policy Expiration Args - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - Filters []string
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- Identity string
- The wirefilter expression used for identity matching.
- Name string
- The name of the rule.
- Precedence int
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- Rule
Settings ZeroTrust Gateway Policy Rule Settings Args - Additional settings that modify the rule's action.
- Schedule
Zero
Trust Gateway Policy Schedule Args - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- Traffic string
- The wirefilter expression used for traffic matching.
- Updated
At string - Version int
- version number of the rule
- account
Id String - action String
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - created
At String - deleted
At String - Date of deletion, if any.
- description String
- The description of the rule.
- device
Posture String - The wirefilter expression used for device posture check matching.
- enabled Boolean
- True if the rule is enabled.
- expiration
Zero
Trust Gateway Policy Expiration - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters List<String>
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity String
- The wirefilter expression used for identity matching.
- name String
- The name of the rule.
- precedence Integer
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional settings that modify the rule's action.
- schedule
Zero
Trust Gateway Policy Schedule - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic String
- The wirefilter expression used for traffic matching.
- updated
At String - version Integer
- version number of the rule
- account
Id string - action string
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - created
At string - deleted
At string - Date of deletion, if any.
- description string
- The description of the rule.
- device
Posture string - The wirefilter expression used for device posture check matching.
- enabled boolean
- True if the rule is enabled.
- expiration
Zero
Trust Gateway Policy Expiration - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters string[]
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity string
- The wirefilter expression used for identity matching.
- name string
- The name of the rule.
- precedence number
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule
Settings ZeroTrust Gateway Policy Rule Settings - Additional settings that modify the rule's action.
- schedule
Zero
Trust Gateway Policy Schedule - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic string
- The wirefilter expression used for traffic matching.
- updated
At string - version number
- version number of the rule
- account_
id str - action str
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - created_
at str - deleted_
at str - Date of deletion, if any.
- description str
- The description of the rule.
- device_
posture str - The wirefilter expression used for device posture check matching.
- enabled bool
- True if the rule is enabled.
- expiration
Zero
Trust Gateway Policy Expiration Args - The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters Sequence[str]
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity str
- The wirefilter expression used for identity matching.
- name str
- The name of the rule.
- precedence int
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule_
settings ZeroTrust Gateway Policy Rule Settings Args - Additional settings that modify the rule's action.
- schedule
Zero
Trust Gateway Policy Schedule Args - The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic str
- The wirefilter expression used for traffic matching.
- updated_
at str - version int
- version number of the rule
- account
Id String - action String
- The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to
true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect". - created
At String - deleted
At String - Date of deletion, if any.
- description String
- The description of the rule.
- device
Posture String - The wirefilter expression used for device posture check matching.
- enabled Boolean
- True if the rule is enabled.
- expiration Property Map
- The expiration time stamp and default duration of a DNS policy. Takes
precedence over the policy's
scheduleconfiguration, if any. - filters List<String>
- The protocol or layer to evaluate the traffic, identity, and device posture expressions.
- identity String
- The wirefilter expression used for identity matching.
- name String
- The name of the rule.
- precedence Number
- Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
- rule
Settings Property Map - Additional settings that modify the rule's action.
- schedule Property Map
- The schedule for activating DNS policies. This does not apply to HTTP or network policies.
- traffic String
- The wirefilter expression used for traffic matching.
- updated
At String - version Number
- version number of the rule
Supporting Types
ZeroTrustGatewayPolicyExpiration, ZeroTrustGatewayPolicyExpirationArgs
- expires_
at str - The time stamp at which the policy will expire and cease to be applied.
- duration int
- The default duration a policy will be active in minutes. Must be set in order to use the
reset_expirationendpoint on this rule. - expired bool
- Whether the policy has expired.
ZeroTrustGatewayPolicyRuleSettings, ZeroTrustGatewayPolicyRuleSettingsArgs
- Add
Headers Dictionary<string, string> - Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
- Allow
Child boolBypass - Set by parent MSP accounts to enable their children to bypass this rule.
- Audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for the Audit SSH action.
- Biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- Block
Page boolEnabled - Enable the custom block page.
- Block
Reason string - The text describing why this block occurred, displayed on the custom block page (if enabled).
- Bypass
Parent boolRule - Set by children MSP accounts to bypass their parent's rules.
- Check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- Dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
- Egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
- Ignore
Cname boolCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
- Insecure
Disable boolDnssec Validation - INSECURE - disable DNSSEC validation (for Allow actions).
- Ip
Categories bool - Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
- Ip
Indicator boolFeeds - Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
- L4override
Zero
Trust Gateway Policy Rule Settings L4override - Send matching traffic to the supplied destination IP address and port.
- Notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Configure a notification to display on the user's device when this rule is matched.
- Override
Host string - Override matching DNS queries with a hostname.
- Override
Ips List<string> - Override matching DNS queries with an IP or set of IPs.
- Payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP payload logging.
- Quarantine
Zero
Trust Gateway Policy Rule Settings Quarantine - Settings that apply to quarantine rules
- Redirect
Zero
Trust Gateway Policy Rule Settings Redirect - Settings that apply to redirect rules
- Resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- Resolve
Dns boolThrough Cloudflare - Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
- Untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure behavior when an upstream cert is invalid or an SSL error occurs.
- Add
Headers map[string]string - Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
- Allow
Child boolBypass - Set by parent MSP accounts to enable their children to bypass this rule.
- Audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for the Audit SSH action.
- Biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- Block
Page boolEnabled - Enable the custom block page.
- Block
Reason string - The text describing why this block occurred, displayed on the custom block page (if enabled).
- Bypass
Parent boolRule - Set by children MSP accounts to bypass their parent's rules.
- Check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- Dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
- Egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
- Ignore
Cname boolCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
- Insecure
Disable boolDnssec Validation - INSECURE - disable DNSSEC validation (for Allow actions).
- Ip
Categories bool - Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
- Ip
Indicator boolFeeds - Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
- L4override
Zero
Trust Gateway Policy Rule Settings L4override - Send matching traffic to the supplied destination IP address and port.
- Notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Configure a notification to display on the user's device when this rule is matched.
- Override
Host string - Override matching DNS queries with a hostname.
- Override
Ips []string - Override matching DNS queries with an IP or set of IPs.
- Payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP payload logging.
- Quarantine
Zero
Trust Gateway Policy Rule Settings Quarantine - Settings that apply to quarantine rules
- Redirect
Zero
Trust Gateway Policy Rule Settings Redirect - Settings that apply to redirect rules
- Resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- Resolve
Dns boolThrough Cloudflare - Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
- Untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure behavior when an upstream cert is invalid or an SSL error occurs.
- add
Headers Map<String,String> - Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
- allow
Child BooleanBypass - Set by parent MSP accounts to enable their children to bypass this rule.
- audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for the Audit SSH action.
- biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- block
Page BooleanEnabled - Enable the custom block page.
- block
Reason String - The text describing why this block occurred, displayed on the custom block page (if enabled).
- bypass
Parent BooleanRule - Set by children MSP accounts to bypass their parent's rules.
- check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
- egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
- ignore
Cname BooleanCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
- insecure
Disable BooleanDnssec Validation - INSECURE - disable DNSSEC validation (for Allow actions).
- ip
Categories Boolean - Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
- ip
Indicator BooleanFeeds - Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
- l4override
Zero
Trust Gateway Policy Rule Settings L4override - Send matching traffic to the supplied destination IP address and port.
- notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Configure a notification to display on the user's device when this rule is matched.
- override
Host String - Override matching DNS queries with a hostname.
- override
Ips List<String> - Override matching DNS queries with an IP or set of IPs.
- payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP payload logging.
- quarantine
Zero
Trust Gateway Policy Rule Settings Quarantine - Settings that apply to quarantine rules
- redirect
Zero
Trust Gateway Policy Rule Settings Redirect - Settings that apply to redirect rules
- resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve
Dns BooleanThrough Cloudflare - Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
- untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure behavior when an upstream cert is invalid or an SSL error occurs.
- add
Headers {[key: string]: string} - Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
- allow
Child booleanBypass - Set by parent MSP accounts to enable their children to bypass this rule.
- audit
Ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for the Audit SSH action.
- biso
Admin ZeroControls Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- block
Page booleanEnabled - Enable the custom block page.
- block
Reason string - The text describing why this block occurred, displayed on the custom block page (if enabled).
- bypass
Parent booleanRule - Set by children MSP accounts to bypass their parent's rules.
- check
Session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- dns
Resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
- egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
- ignore
Cname booleanCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
- insecure
Disable booleanDnssec Validation - INSECURE - disable DNSSEC validation (for Allow actions).
- ip
Categories boolean - Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
- ip
Indicator booleanFeeds - Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
- l4override
Zero
Trust Gateway Policy Rule Settings L4override - Send matching traffic to the supplied destination IP address and port.
- notification
Settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Configure a notification to display on the user's device when this rule is matched.
- override
Host string - Override matching DNS queries with a hostname.
- override
Ips string[] - Override matching DNS queries with an IP or set of IPs.
- payload
Log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP payload logging.
- quarantine
Zero
Trust Gateway Policy Rule Settings Quarantine - Settings that apply to quarantine rules
- redirect
Zero
Trust Gateway Policy Rule Settings Redirect - Settings that apply to redirect rules
- resolve
Dns ZeroInternally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve
Dns booleanThrough Cloudflare - Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
- untrusted
Cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure behavior when an upstream cert is invalid or an SSL error occurs.
- add_
headers Mapping[str, str] - Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
- allow_
child_ boolbypass - Set by parent MSP accounts to enable their children to bypass this rule.
- audit_
ssh ZeroTrust Gateway Policy Rule Settings Audit Ssh - Settings for the Audit SSH action.
- biso_
admin_ Zerocontrols Trust Gateway Policy Rule Settings Biso Admin Controls - Configure how browser isolation behaves.
- block_
page_ boolenabled - Enable the custom block page.
- block_
reason str - The text describing why this block occurred, displayed on the custom block page (if enabled).
- bypass_
parent_ boolrule - Set by children MSP accounts to bypass their parent's rules.
- check_
session ZeroTrust Gateway Policy Rule Settings Check Session - Configure how session check behaves.
- dns_
resolvers ZeroTrust Gateway Policy Rule Settings Dns Resolvers - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
- egress
Zero
Trust Gateway Policy Rule Settings Egress - Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
- ignore_
cname_ boolcategory_ matches - Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
- insecure_
disable_ booldnssec_ validation - INSECURE - disable DNSSEC validation (for Allow actions).
- ip_
categories bool - Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
- ip_
indicator_ boolfeeds - Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
- l4override
Zero
Trust Gateway Policy Rule Settings L4override - Send matching traffic to the supplied destination IP address and port.
- notification_
settings ZeroTrust Gateway Policy Rule Settings Notification Settings - Configure a notification to display on the user's device when this rule is matched.
- override_
host str - Override matching DNS queries with a hostname.
- override_
ips Sequence[str] - Override matching DNS queries with an IP or set of IPs.
- payload_
log ZeroTrust Gateway Policy Rule Settings Payload Log - Configure DLP payload logging.
- quarantine
Zero
Trust Gateway Policy Rule Settings Quarantine - Settings that apply to quarantine rules
- redirect
Zero
Trust Gateway Policy Rule Settings Redirect - Settings that apply to redirect rules
- resolve_
dns_ Zerointernally Trust Gateway Policy Rule Settings Resolve Dns Internally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve_
dns_ boolthrough_ cloudflare - Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
- untrusted_
cert ZeroTrust Gateway Policy Rule Settings Untrusted Cert - Configure behavior when an upstream cert is invalid or an SSL error occurs.
- add
Headers Map<String> - Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
- allow
Child BooleanBypass - Set by parent MSP accounts to enable their children to bypass this rule.
- audit
Ssh Property Map - Settings for the Audit SSH action.
- biso
Admin Property MapControls - Configure how browser isolation behaves.
- block
Page BooleanEnabled - Enable the custom block page.
- block
Reason String - The text describing why this block occurred, displayed on the custom block page (if enabled).
- bypass
Parent BooleanRule - Set by children MSP accounts to bypass their parent's rules.
- check
Session Property Map - Configure how session check behaves.
- dns
Resolvers Property Map - Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
- egress Property Map
- Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
- ignore
Cname BooleanCategory Matches - Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
- insecure
Disable BooleanDnssec Validation - INSECURE - disable DNSSEC validation (for Allow actions).
- ip
Categories Boolean - Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
- ip
Indicator BooleanFeeds - Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
- l4override Property Map
- Send matching traffic to the supplied destination IP address and port.
- notification
Settings Property Map - Configure a notification to display on the user's device when this rule is matched.
- override
Host String - Override matching DNS queries with a hostname.
- override
Ips List<String> - Override matching DNS queries with an IP or set of IPs.
- payload
Log Property Map - Configure DLP payload logging.
- quarantine Property Map
- Settings that apply to quarantine rules
- redirect Property Map
- Settings that apply to redirect rules
- resolve
Dns Property MapInternally - Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
- resolve
Dns BooleanThrough Cloudflare - Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
- untrusted
Cert Property Map - Configure behavior when an upstream cert is invalid or an SSL error occurs.
ZeroTrustGatewayPolicyRuleSettingsAuditSsh, ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs
- Command
Logging bool - Enable to turn on SSH command logging.
- Command
Logging bool - Enable to turn on SSH command logging.
- command
Logging Boolean - Enable to turn on SSH command logging.
- command
Logging boolean - Enable to turn on SSH command logging.
- command_
logging bool - Enable to turn on SSH command logging.
- command
Logging Boolean - Enable to turn on SSH command logging.
ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls, ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs
- Copy string
- Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - Dcp bool
- Set to false to enable copy-pasting. Only applies when
version == "v1". - Dd bool
- Set to false to enable downloading. Only applies when
version == "v1". - Dk bool
- Set to false to enable keyboard usage. Only applies when
version == "v1". - Download string
- Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Dp bool
- Set to false to enable printing. Only applies when
version == "v1". - Du bool
- Set to false to enable uploading. Only applies when
version == "v1". - Keyboard string
- Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Paste string
- Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - Printing string
- Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Upload string
- Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Version string
- Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".
- Copy string
- Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - Dcp bool
- Set to false to enable copy-pasting. Only applies when
version == "v1". - Dd bool
- Set to false to enable downloading. Only applies when
version == "v1". - Dk bool
- Set to false to enable keyboard usage. Only applies when
version == "v1". - Download string
- Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Dp bool
- Set to false to enable printing. Only applies when
version == "v1". - Du bool
- Set to false to enable uploading. Only applies when
version == "v1". - Keyboard string
- Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Paste string
- Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - Printing string
- Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Upload string
- Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - Version string
- Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".
- copy String
- Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - dcp Boolean
- Set to false to enable copy-pasting. Only applies when
version == "v1". - dd Boolean
- Set to false to enable downloading. Only applies when
version == "v1". - dk Boolean
- Set to false to enable keyboard usage. Only applies when
version == "v1". - download String
- Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - dp Boolean
- Set to false to enable printing. Only applies when
version == "v1". - du Boolean
- Set to false to enable uploading. Only applies when
version == "v1". - keyboard String
- Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - paste String
- Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - printing String
- Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - upload String
- Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - version String
- Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".
- copy string
- Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - dcp boolean
- Set to false to enable copy-pasting. Only applies when
version == "v1". - dd boolean
- Set to false to enable downloading. Only applies when
version == "v1". - dk boolean
- Set to false to enable keyboard usage. Only applies when
version == "v1". - download string
- Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - dp boolean
- Set to false to enable printing. Only applies when
version == "v1". - du boolean
- Set to false to enable uploading. Only applies when
version == "v1". - keyboard string
- Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - paste string
- Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - printing string
- Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - upload string
- Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - version string
- Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".
- copy str
- Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - dcp bool
- Set to false to enable copy-pasting. Only applies when
version == "v1". - dd bool
- Set to false to enable downloading. Only applies when
version == "v1". - dk bool
- Set to false to enable keyboard usage. Only applies when
version == "v1". - download str
- Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - dp bool
- Set to false to enable printing. Only applies when
version == "v1". - du bool
- Set to false to enable uploading. Only applies when
version == "v1". - keyboard str
- Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - paste str
- Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - printing str
- Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - upload str
- Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - version str
- Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".
- copy String
- Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - dcp Boolean
- Set to false to enable copy-pasting. Only applies when
version == "v1". - dd Boolean
- Set to false to enable downloading. Only applies when
version == "v1". - dk Boolean
- Set to false to enable keyboard usage. Only applies when
version == "v1". - download String
- Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - dp Boolean
- Set to false to enable printing. Only applies when
version == "v1". - du Boolean
- Set to false to enable uploading. Only applies when
version == "v1". - keyboard String
- Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - paste String
- Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled", "remoteonly". - printing String
- Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - upload String
- Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when
version == "v2". Available values: "enabled", "disabled". - version String
- Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".
ZeroTrustGatewayPolicyRuleSettingsCheckSession, ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs
ZeroTrustGatewayPolicyRuleSettingsDnsResolvers, ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs
ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args
- Ip string
- IPv4 address of upstream resolver.
- Port int
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- Vnet
Id string - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- Ip string
- IPv4 address of upstream resolver.
- Port int
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- Vnet
Id string - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip String
- IPv4 address of upstream resolver.
- port Integer
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet
Id String - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip string
- IPv4 address of upstream resolver.
- port number
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route
Through booleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet
Id string - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip str
- IPv4 address of upstream resolver.
- port int
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route_
through_ boolprivate_ network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet_
id str - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip String
- IPv4 address of upstream resolver.
- port Number
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet
Id String - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args
- Ip string
- IPv6 address of upstream resolver.
- Port int
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- Vnet
Id string - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- Ip string
- IPv6 address of upstream resolver.
- Port int
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- Route
Through boolPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- Vnet
Id string - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip String
- IPv6 address of upstream resolver.
- port Integer
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet
Id String - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip string
- IPv6 address of upstream resolver.
- port number
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route
Through booleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet
Id string - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip str
- IPv6 address of upstream resolver.
- port int
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route_
through_ boolprivate_ network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet_
id str - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
- ip String
- IPv6 address of upstream resolver.
- port Number
- A port number to use for upstream resolver. Defaults to 53 if unspecified.
- route
Through BooleanPrivate Network - Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
- vnet
Id String - Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
ZeroTrustGatewayPolicyRuleSettingsEgress, ZeroTrustGatewayPolicyRuleSettingsEgressArgs
- Ipv4 string
- The IPv4 address to be used for egress.
- Ipv4Fallback string
- The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
- Ipv6 string
- The IPv6 range to be used for egress.
- Ipv4 string
- The IPv4 address to be used for egress.
- Ipv4Fallback string
- The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
- Ipv6 string
- The IPv6 range to be used for egress.
- ipv4 String
- The IPv4 address to be used for egress.
- ipv4Fallback String
- The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
- ipv6 String
- The IPv6 range to be used for egress.
- ipv4 string
- The IPv4 address to be used for egress.
- ipv4Fallback string
- The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
- ipv6 string
- The IPv6 range to be used for egress.
- ipv4 str
- The IPv4 address to be used for egress.
- ipv4_
fallback str - The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
- ipv6 str
- The IPv6 range to be used for egress.
- ipv4 String
- The IPv4 address to be used for egress.
- ipv4Fallback String
- The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
- ipv6 String
- The IPv6 range to be used for egress.
ZeroTrustGatewayPolicyRuleSettingsL4override, ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs
ZeroTrustGatewayPolicyRuleSettingsNotificationSettings, ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs
- Enabled bool
- Set notification on
- Msg string
- Customize the message shown in the notification.
- Support
Url string - Optional URL to direct users to additional information. If not set, the notification will open a block page.
- Enabled bool
- Set notification on
- Msg string
- Customize the message shown in the notification.
- Support
Url string - Optional URL to direct users to additional information. If not set, the notification will open a block page.
- enabled Boolean
- Set notification on
- msg String
- Customize the message shown in the notification.
- support
Url String - Optional URL to direct users to additional information. If not set, the notification will open a block page.
- enabled boolean
- Set notification on
- msg string
- Customize the message shown in the notification.
- support
Url string - Optional URL to direct users to additional information. If not set, the notification will open a block page.
- enabled bool
- Set notification on
- msg str
- Customize the message shown in the notification.
- support_
url str - Optional URL to direct users to additional information. If not set, the notification will open a block page.
- enabled Boolean
- Set notification on
- msg String
- Customize the message shown in the notification.
- support
Url String - Optional URL to direct users to additional information. If not set, the notification will open a block page.
ZeroTrustGatewayPolicyRuleSettingsPayloadLog, ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs
- Enabled bool
- Set to true to enable DLP payload logging for this rule.
- Enabled bool
- Set to true to enable DLP payload logging for this rule.
- enabled Boolean
- Set to true to enable DLP payload logging for this rule.
- enabled boolean
- Set to true to enable DLP payload logging for this rule.
- enabled bool
- Set to true to enable DLP payload logging for this rule.
- enabled Boolean
- Set to true to enable DLP payload logging for this rule.
ZeroTrustGatewayPolicyRuleSettingsQuarantine, ZeroTrustGatewayPolicyRuleSettingsQuarantineArgs
- File
Types List<string> - Types of files to sandbox.
- File
Types []string - Types of files to sandbox.
- file
Types List<String> - Types of files to sandbox.
- file
Types string[] - Types of files to sandbox.
- file_
types Sequence[str] - Types of files to sandbox.
- file
Types List<String> - Types of files to sandbox.
ZeroTrustGatewayPolicyRuleSettingsRedirect, ZeroTrustGatewayPolicyRuleSettingsRedirectArgs
- Target
Uri string - URI to which the user will be redirected
- Include
Context bool - If true, context information will be passed as query parameters
- Preserve
Path boolAnd Query - If true, the path and query parameters from the original request will be appended to target_uri
- Target
Uri string - URI to which the user will be redirected
- Include
Context bool - If true, context information will be passed as query parameters
- Preserve
Path boolAnd Query - If true, the path and query parameters from the original request will be appended to target_uri
- target
Uri String - URI to which the user will be redirected
- include
Context Boolean - If true, context information will be passed as query parameters
- preserve
Path BooleanAnd Query - If true, the path and query parameters from the original request will be appended to target_uri
- target
Uri string - URI to which the user will be redirected
- include
Context boolean - If true, context information will be passed as query parameters
- preserve
Path booleanAnd Query - If true, the path and query parameters from the original request will be appended to target_uri
- target_
uri str - URI to which the user will be redirected
- include_
context bool - If true, context information will be passed as query parameters
- preserve_
path_ booland_ query - If true, the path and query parameters from the original request will be appended to target_uri
- target
Uri String - URI to which the user will be redirected
- include
Context Boolean - If true, context information will be passed as query parameters
- preserve
Path BooleanAnd Query - If true, the path and query parameters from the original request will be appended to target_uri
ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally, ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternallyArgs
- Fallback string
- The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
- View
Id string - The internal DNS view identifier that's passed to the internal DNS service.
- Fallback string
- The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
- View
Id string - The internal DNS view identifier that's passed to the internal DNS service.
- fallback String
- The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
- view
Id String - The internal DNS view identifier that's passed to the internal DNS service.
- fallback string
- The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
- view
Id string - The internal DNS view identifier that's passed to the internal DNS service.
- fallback str
- The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
- view_
id str - The internal DNS view identifier that's passed to the internal DNS service.
- fallback String
- The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
- view
Id String - The internal DNS view identifier that's passed to the internal DNS service.
ZeroTrustGatewayPolicyRuleSettingsUntrustedCert, ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs
- Action string
- The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".
- Action string
- The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".
- action String
- The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".
- action string
- The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".
- action str
- The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".
- action String
- The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".
ZeroTrustGatewayPolicySchedule, ZeroTrustGatewayPolicyScheduleArgs
- Fri string
- The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
- Mon string
- The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
- Sat string
- The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
- Sun string
- The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
- Thu string
- The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
- Time
Zone string - The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
- Tue string
- The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
- Wed string
- The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
- Fri string
- The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
- Mon string
- The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
- Sat string
- The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
- Sun string
- The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
- Thu string
- The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
- Time
Zone string - The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
- Tue string
- The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
- Wed string
- The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
- fri String
- The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
- mon String
- The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
- sat String
- The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
- sun String
- The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
- thu String
- The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
- time
Zone String - The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
- tue String
- The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
- wed String
- The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
- fri string
- The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
- mon string
- The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
- sat string
- The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
- sun string
- The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
- thu string
- The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
- time
Zone string - The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
- tue string
- The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
- wed string
- The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
- fri str
- The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
- mon str
- The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
- sat str
- The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
- sun str
- The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
- thu str
- The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
- time_
zone str - The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
- tue str
- The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
- wed str
- The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
- fri String
- The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
- mon String
- The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
- sat String
- The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
- sun String
- The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
- thu String
- The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
- time
Zone String - The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
- tue String
- The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
- wed String
- The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
Import
$ pulumi import cloudflare:index/zeroTrustGatewayPolicy:ZeroTrustGatewayPolicy example '<account_id>/<rule_id>'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.