1. Packages
  2. F5 BIG-IP
  3. API Docs
  4. WafPolicy
f5 BIG-IP v3.17.0 published on Thursday, Mar 28, 2024 by Pulumi

f5bigip.WafPolicy

Explore with Pulumi AI

f5bigip logo
f5 BIG-IP v3.17.0 published on Thursday, Mar 28, 2024 by Pulumi

    f5bigip.WafPolicy Manages a WAF Policy resource with its adjustments and modifications on a BIG-IP. It outputs an up-to-date WAF Policy in a JSON format

    NOTE This Resource Requires F5 BIG-IP v16.x above version, and ASM need to be provisioned.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as f5bigip from "@pulumi/f5bigip";
    
    const param1 = f5bigip.ssl.getWafEntityParameter({
        name: "Param1",
        type: "explicit",
        dataType: "alpha-numeric",
        performStaging: true,
    });
    const param2 = f5bigip.ssl.getWafEntityParameter({
        name: "Param2",
        type: "explicit",
        dataType: "alpha-numeric",
        performStaging: true,
    });
    const uRL = f5bigip.ssl.getWafEntityUrl({
        name: "URL1",
        protocol: "http",
    });
    const uRL2 = f5bigip.ssl.getWafEntityUrl({
        name: "URL2",
    });
    const test_awaf = new f5bigip.WafPolicy("test-awaf", {
        name: "testpolicyravi",
        partition: "Common",
        templateName: "POLICY_TEMPLATE_RAPID_DEPLOYMENT",
        applicationLanguage: "utf-8",
        enforcementMode: "blocking",
        serverTechnologies: [
            "MySQL",
            "Unix/Linux",
            "MongoDB",
        ],
        parameters: [
            param1.then(param1 => param1.json),
            param2.then(param2 => param2.json),
        ],
        urls: [
            uRL.then(uRL => uRL.json),
            uRL2.then(uRL2 => uRL2.json),
        ],
    });
    
    import pulumi
    import pulumi_f5bigip as f5bigip
    
    param1 = f5bigip.ssl.get_waf_entity_parameter(name="Param1",
        type="explicit",
        data_type="alpha-numeric",
        perform_staging=True)
    param2 = f5bigip.ssl.get_waf_entity_parameter(name="Param2",
        type="explicit",
        data_type="alpha-numeric",
        perform_staging=True)
    u_rl = f5bigip.ssl.get_waf_entity_url(name="URL1",
        protocol="http")
    u_rl2 = f5bigip.ssl.get_waf_entity_url(name="URL2")
    test_awaf = f5bigip.WafPolicy("test-awaf",
        name="testpolicyravi",
        partition="Common",
        template_name="POLICY_TEMPLATE_RAPID_DEPLOYMENT",
        application_language="utf-8",
        enforcement_mode="blocking",
        server_technologies=[
            "MySQL",
            "Unix/Linux",
            "MongoDB",
        ],
        parameters=[
            param1.json,
            param2.json,
        ],
        urls=[
            u_rl.json,
            u_rl2.json,
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip"
    	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip/ssl"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		param1, err := ssl.GetWafEntityParameter(ctx, &ssl.GetWafEntityParameterArgs{
    			Name:           "Param1",
    			Type:           pulumi.StringRef("explicit"),
    			DataType:       pulumi.StringRef("alpha-numeric"),
    			PerformStaging: pulumi.BoolRef(true),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		param2, err := ssl.GetWafEntityParameter(ctx, &ssl.GetWafEntityParameterArgs{
    			Name:           "Param2",
    			Type:           pulumi.StringRef("explicit"),
    			DataType:       pulumi.StringRef("alpha-numeric"),
    			PerformStaging: pulumi.BoolRef(true),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		uRL, err := ssl.GetWafEntityUrl(ctx, &ssl.GetWafEntityUrlArgs{
    			Name:     "URL1",
    			Protocol: pulumi.StringRef("http"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		uRL2, err := ssl.GetWafEntityUrl(ctx, &ssl.GetWafEntityUrlArgs{
    			Name: "URL2",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = f5bigip.NewWafPolicy(ctx, "test-awaf", &f5bigip.WafPolicyArgs{
    			Name:                pulumi.String("testpolicyravi"),
    			Partition:           pulumi.String("Common"),
    			TemplateName:        pulumi.String("POLICY_TEMPLATE_RAPID_DEPLOYMENT"),
    			ApplicationLanguage: pulumi.String("utf-8"),
    			EnforcementMode:     pulumi.String("blocking"),
    			ServerTechnologies: pulumi.StringArray{
    				pulumi.String("MySQL"),
    				pulumi.String("Unix/Linux"),
    				pulumi.String("MongoDB"),
    			},
    			Parameters: pulumi.StringArray{
    				pulumi.String(param1.Json),
    				pulumi.String(param2.Json),
    			},
    			Urls: pulumi.StringArray{
    				pulumi.String(uRL.Json),
    				pulumi.String(uRL2.Json),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using F5BigIP = Pulumi.F5BigIP;
    
    return await Deployment.RunAsync(() => 
    {
        var param1 = F5BigIP.Ssl.GetWafEntityParameter.Invoke(new()
        {
            Name = "Param1",
            Type = "explicit",
            DataType = "alpha-numeric",
            PerformStaging = true,
        });
    
        var param2 = F5BigIP.Ssl.GetWafEntityParameter.Invoke(new()
        {
            Name = "Param2",
            Type = "explicit",
            DataType = "alpha-numeric",
            PerformStaging = true,
        });
    
        var uRL = F5BigIP.Ssl.GetWafEntityUrl.Invoke(new()
        {
            Name = "URL1",
            Protocol = "http",
        });
    
        var uRL2 = F5BigIP.Ssl.GetWafEntityUrl.Invoke(new()
        {
            Name = "URL2",
        });
    
        var test_awaf = new F5BigIP.WafPolicy("test-awaf", new()
        {
            Name = "testpolicyravi",
            Partition = "Common",
            TemplateName = "POLICY_TEMPLATE_RAPID_DEPLOYMENT",
            ApplicationLanguage = "utf-8",
            EnforcementMode = "blocking",
            ServerTechnologies = new[]
            {
                "MySQL",
                "Unix/Linux",
                "MongoDB",
            },
            Parameters = new[]
            {
                param1.Apply(getWafEntityParameterResult => getWafEntityParameterResult.Json),
                param2.Apply(getWafEntityParameterResult => getWafEntityParameterResult.Json),
            },
            Urls = new[]
            {
                uRL.Apply(getWafEntityUrlResult => getWafEntityUrlResult.Json),
                uRL2.Apply(getWafEntityUrlResult => getWafEntityUrlResult.Json),
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.f5bigip.ssl.SslFunctions;
    import com.pulumi.f5bigip.ssl.inputs.GetWafEntityParameterArgs;
    import com.pulumi.f5bigip.ssl.inputs.GetWafEntityUrlArgs;
    import com.pulumi.f5bigip.WafPolicy;
    import com.pulumi.f5bigip.WafPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var param1 = SslFunctions.getWafEntityParameter(GetWafEntityParameterArgs.builder()
                .name("Param1")
                .type("explicit")
                .dataType("alpha-numeric")
                .performStaging(true)
                .build());
    
            final var param2 = SslFunctions.getWafEntityParameter(GetWafEntityParameterArgs.builder()
                .name("Param2")
                .type("explicit")
                .dataType("alpha-numeric")
                .performStaging(true)
                .build());
    
            final var uRL = SslFunctions.getWafEntityUrl(GetWafEntityUrlArgs.builder()
                .name("URL1")
                .protocol("http")
                .build());
    
            final var uRL2 = SslFunctions.getWafEntityUrl(GetWafEntityUrlArgs.builder()
                .name("URL2")
                .build());
    
            var test_awaf = new WafPolicy("test-awaf", WafPolicyArgs.builder()        
                .name("testpolicyravi")
                .partition("Common")
                .templateName("POLICY_TEMPLATE_RAPID_DEPLOYMENT")
                .applicationLanguage("utf-8")
                .enforcementMode("blocking")
                .serverTechnologies(            
                    "MySQL",
                    "Unix/Linux",
                    "MongoDB")
                .parameters(            
                    param1.applyValue(getWafEntityParameterResult -> getWafEntityParameterResult.json()),
                    param2.applyValue(getWafEntityParameterResult -> getWafEntityParameterResult.json()))
                .urls(            
                    uRL.applyValue(getWafEntityUrlResult -> getWafEntityUrlResult.json()),
                    uRL2.applyValue(getWafEntityUrlResult -> getWafEntityUrlResult.json()))
                .build());
    
        }
    }
    
    resources:
      test-awaf:
        type: f5bigip:WafPolicy
        properties:
          name: testpolicyravi
          partition: Common
          templateName: POLICY_TEMPLATE_RAPID_DEPLOYMENT
          applicationLanguage: utf-8
          enforcementMode: blocking
          serverTechnologies:
            - MySQL
            - Unix/Linux
            - MongoDB
          parameters:
            - ${param1.json}
            - ${param2.json}
          urls:
            - ${uRL.json}
            - ${uRL2.json}
    variables:
      param1:
        fn::invoke:
          Function: f5bigip:ssl:getWafEntityParameter
          Arguments:
            name: Param1
            type: explicit
            dataType: alpha-numeric
            performStaging: true
      param2:
        fn::invoke:
          Function: f5bigip:ssl:getWafEntityParameter
          Arguments:
            name: Param2
            type: explicit
            dataType: alpha-numeric
            performStaging: true
      uRL:
        fn::invoke:
          Function: f5bigip:ssl:getWafEntityUrl
          Arguments:
            name: URL1
            protocol: http
      uRL2:
        fn::invoke:
          Function: f5bigip:ssl:getWafEntityUrl
          Arguments:
            name: URL2
    

    Create WafPolicy Resource

    new WafPolicy(name: string, args: WafPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def WafPolicy(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  application_language: Optional[str] = None,
                  case_insensitive: Optional[bool] = None,
                  description: Optional[str] = None,
                  enable_passivemode: Optional[bool] = None,
                  enforcement_mode: Optional[str] = None,
                  file_types: Optional[Sequence[WafPolicyFileTypeArgs]] = None,
                  graphql_profiles: Optional[Sequence[WafPolicyGraphqlProfileArgs]] = None,
                  host_names: Optional[Sequence[WafPolicyHostNameArgs]] = None,
                  ip_exceptions: Optional[Sequence[WafPolicyIpExceptionArgs]] = None,
                  modifications: Optional[Sequence[str]] = None,
                  name: Optional[str] = None,
                  open_api_files: Optional[Sequence[str]] = None,
                  parameters: Optional[Sequence[str]] = None,
                  partition: Optional[str] = None,
                  policy_builders: Optional[Sequence[WafPolicyPolicyBuilderArgs]] = None,
                  policy_id: Optional[str] = None,
                  policy_import_json: Optional[str] = None,
                  protocol_independent: Optional[bool] = None,
                  server_technologies: Optional[Sequence[str]] = None,
                  signature_sets: Optional[Sequence[str]] = None,
                  signatures: Optional[Sequence[str]] = None,
                  signatures_settings: Optional[Sequence[WafPolicySignaturesSettingArgs]] = None,
                  template_link: Optional[str] = None,
                  template_name: Optional[str] = None,
                  type: Optional[str] = None,
                  urls: Optional[Sequence[str]] = None)
    @overload
    def WafPolicy(resource_name: str,
                  args: WafPolicyArgs,
                  opts: Optional[ResourceOptions] = None)
    func NewWafPolicy(ctx *Context, name string, args WafPolicyArgs, opts ...ResourceOption) (*WafPolicy, error)
    public WafPolicy(string name, WafPolicyArgs args, CustomResourceOptions? opts = null)
    public WafPolicy(String name, WafPolicyArgs args)
    public WafPolicy(String name, WafPolicyArgs args, CustomResourceOptions options)
    
    type: f5bigip:WafPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args WafPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WafPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WafPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WafPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WafPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    WafPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The WafPolicy resource accepts the following input properties:

    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    TemplateName string
    Specifies the name of the template used for the policy creation.
    ApplicationLanguage string
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    CaseInsensitive bool
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    Description string
    Specifies the description of the policy.
    EnablePassivemode bool
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    EnforcementMode string
    How the system processes a request that triggers a security policy violation
    FileTypes List<Pulumi.F5BigIP.Inputs.WafPolicyFileType>
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    GraphqlProfiles List<Pulumi.F5BigIP.Inputs.WafPolicyGraphqlProfile>
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    HostNames List<Pulumi.F5BigIP.Inputs.WafPolicyHostName>
    specify the list of host name that is used to access the application
    IpExceptions List<Pulumi.F5BigIP.Inputs.WafPolicyIpException>
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    Modifications List<string>
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    OpenApiFiles List<string>
    This section defines the Link for open api files on the policy.
    Parameters List<string>
    This section defines parameters that the security policy permits in requests.
    Partition string
    Specifies the partition of the policy. Default is Common
    PolicyBuilders List<Pulumi.F5BigIP.Inputs.WafPolicyPolicyBuilder>
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    PolicyId string
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    PolicyImportJson string
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    ProtocolIndependent bool
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    ServerTechnologies List<string>
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    SignatureSets List<string>
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    Signatures List<string>
    This section defines the properties of a signature on the policy.
    SignaturesSettings List<Pulumi.F5BigIP.Inputs.WafPolicySignaturesSetting>
    bulk signature setting
    TemplateLink string
    Specifies the Link of the template used for the policy creation.
    Type string
    The type of policy you want to create. The default policy type is security.
    Urls List<string>
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    TemplateName string
    Specifies the name of the template used for the policy creation.
    ApplicationLanguage string
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    CaseInsensitive bool
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    Description string
    Specifies the description of the policy.
    EnablePassivemode bool
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    EnforcementMode string
    How the system processes a request that triggers a security policy violation
    FileTypes []WafPolicyFileTypeArgs
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    GraphqlProfiles []WafPolicyGraphqlProfileArgs
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    HostNames []WafPolicyHostNameArgs
    specify the list of host name that is used to access the application
    IpExceptions []WafPolicyIpExceptionArgs
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    Modifications []string
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    OpenApiFiles []string
    This section defines the Link for open api files on the policy.
    Parameters []string
    This section defines parameters that the security policy permits in requests.
    Partition string
    Specifies the partition of the policy. Default is Common
    PolicyBuilders []WafPolicyPolicyBuilderArgs
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    PolicyId string
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    PolicyImportJson string
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    ProtocolIndependent bool
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    ServerTechnologies []string
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    SignatureSets []string
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    Signatures []string
    This section defines the properties of a signature on the policy.
    SignaturesSettings []WafPolicySignaturesSettingArgs
    bulk signature setting
    TemplateLink string
    Specifies the Link of the template used for the policy creation.
    Type string
    The type of policy you want to create. The default policy type is security.
    Urls []string
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    templateName String
    Specifies the name of the template used for the policy creation.
    applicationLanguage String
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    caseInsensitive Boolean
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description String
    Specifies the description of the policy.
    enablePassivemode Boolean
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcementMode String
    How the system processes a request that triggers a security policy violation
    fileTypes List<WafPolicyFileType>
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphqlProfiles List<WafPolicyGraphqlProfile>
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    hostNames List<WafPolicyHostName>
    specify the list of host name that is used to access the application
    ipExceptions List<WafPolicyIpException>
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications List<String>
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    openApiFiles List<String>
    This section defines the Link for open api files on the policy.
    parameters List<String>
    This section defines parameters that the security policy permits in requests.
    partition String
    Specifies the partition of the policy. Default is Common
    policyBuilders List<WafPolicyPolicyBuilder>
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policyId String
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policyImportJson String
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocolIndependent Boolean
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    serverTechnologies List<String>
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signatureSets List<String>
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures List<String>
    This section defines the properties of a signature on the policy.
    signaturesSettings List<WafPolicySignaturesSetting>
    bulk signature setting
    templateLink String
    Specifies the Link of the template used for the policy creation.
    type String
    The type of policy you want to create. The default policy type is security.
    urls List<String>
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    templateName string
    Specifies the name of the template used for the policy creation.
    applicationLanguage string
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    caseInsensitive boolean
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description string
    Specifies the description of the policy.
    enablePassivemode boolean
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcementMode string
    How the system processes a request that triggers a security policy violation
    fileTypes WafPolicyFileType[]
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphqlProfiles WafPolicyGraphqlProfile[]
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    hostNames WafPolicyHostName[]
    specify the list of host name that is used to access the application
    ipExceptions WafPolicyIpException[]
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications string[]
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    openApiFiles string[]
    This section defines the Link for open api files on the policy.
    parameters string[]
    This section defines parameters that the security policy permits in requests.
    partition string
    Specifies the partition of the policy. Default is Common
    policyBuilders WafPolicyPolicyBuilder[]
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policyId string
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policyImportJson string
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocolIndependent boolean
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    serverTechnologies string[]
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signatureSets string[]
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures string[]
    This section defines the properties of a signature on the policy.
    signaturesSettings WafPolicySignaturesSetting[]
    bulk signature setting
    templateLink string
    Specifies the Link of the template used for the policy creation.
    type string
    The type of policy you want to create. The default policy type is security.
    urls string[]
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    name str
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    template_name str
    Specifies the name of the template used for the policy creation.
    application_language str
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    case_insensitive bool
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description str
    Specifies the description of the policy.
    enable_passivemode bool
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcement_mode str
    How the system processes a request that triggers a security policy violation
    file_types Sequence[WafPolicyFileTypeArgs]
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphql_profiles Sequence[WafPolicyGraphqlProfileArgs]
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    host_names Sequence[WafPolicyHostNameArgs]
    specify the list of host name that is used to access the application
    ip_exceptions Sequence[WafPolicyIpExceptionArgs]
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications Sequence[str]
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    open_api_files Sequence[str]
    This section defines the Link for open api files on the policy.
    parameters Sequence[str]
    This section defines parameters that the security policy permits in requests.
    partition str
    Specifies the partition of the policy. Default is Common
    policy_builders Sequence[WafPolicyPolicyBuilderArgs]
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policy_id str
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policy_import_json str
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocol_independent bool
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    server_technologies Sequence[str]
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signature_sets Sequence[str]
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures Sequence[str]
    This section defines the properties of a signature on the policy.
    signatures_settings Sequence[WafPolicySignaturesSettingArgs]
    bulk signature setting
    template_link str
    Specifies the Link of the template used for the policy creation.
    type str
    The type of policy you want to create. The default policy type is security.
    urls Sequence[str]
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    templateName String
    Specifies the name of the template used for the policy creation.
    applicationLanguage String
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    caseInsensitive Boolean
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description String
    Specifies the description of the policy.
    enablePassivemode Boolean
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcementMode String
    How the system processes a request that triggers a security policy violation
    fileTypes List<Property Map>
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphqlProfiles List<Property Map>
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    hostNames List<Property Map>
    specify the list of host name that is used to access the application
    ipExceptions List<Property Map>
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications List<String>
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    openApiFiles List<String>
    This section defines the Link for open api files on the policy.
    parameters List<String>
    This section defines parameters that the security policy permits in requests.
    partition String
    Specifies the partition of the policy. Default is Common
    policyBuilders List<Property Map>
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policyId String
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policyImportJson String
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocolIndependent Boolean
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    serverTechnologies List<String>
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signatureSets List<String>
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures List<String>
    This section defines the properties of a signature on the policy.
    signaturesSettings List<Property Map>
    bulk signature setting
    templateLink String
    Specifies the Link of the template used for the policy creation.
    type String
    The type of policy you want to create. The default policy type is security.
    urls List<String>
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the WafPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyExportJson string
    Exported WAF policy deployed on BIGIP.
    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyExportJson string
    Exported WAF policy deployed on BIGIP.
    id String
    The provider-assigned unique ID for this managed resource.
    policyExportJson String
    Exported WAF policy deployed on BIGIP.
    id string
    The provider-assigned unique ID for this managed resource.
    policyExportJson string
    Exported WAF policy deployed on BIGIP.
    id str
    The provider-assigned unique ID for this managed resource.
    policy_export_json str
    Exported WAF policy deployed on BIGIP.
    id String
    The provider-assigned unique ID for this managed resource.
    policyExportJson String
    Exported WAF policy deployed on BIGIP.

    Look up Existing WafPolicy Resource

    Get an existing WafPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WafPolicyState, opts?: CustomResourceOptions): WafPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_language: Optional[str] = None,
            case_insensitive: Optional[bool] = None,
            description: Optional[str] = None,
            enable_passivemode: Optional[bool] = None,
            enforcement_mode: Optional[str] = None,
            file_types: Optional[Sequence[WafPolicyFileTypeArgs]] = None,
            graphql_profiles: Optional[Sequence[WafPolicyGraphqlProfileArgs]] = None,
            host_names: Optional[Sequence[WafPolicyHostNameArgs]] = None,
            ip_exceptions: Optional[Sequence[WafPolicyIpExceptionArgs]] = None,
            modifications: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            open_api_files: Optional[Sequence[str]] = None,
            parameters: Optional[Sequence[str]] = None,
            partition: Optional[str] = None,
            policy_builders: Optional[Sequence[WafPolicyPolicyBuilderArgs]] = None,
            policy_export_json: Optional[str] = None,
            policy_id: Optional[str] = None,
            policy_import_json: Optional[str] = None,
            protocol_independent: Optional[bool] = None,
            server_technologies: Optional[Sequence[str]] = None,
            signature_sets: Optional[Sequence[str]] = None,
            signatures: Optional[Sequence[str]] = None,
            signatures_settings: Optional[Sequence[WafPolicySignaturesSettingArgs]] = None,
            template_link: Optional[str] = None,
            template_name: Optional[str] = None,
            type: Optional[str] = None,
            urls: Optional[Sequence[str]] = None) -> WafPolicy
    func GetWafPolicy(ctx *Context, name string, id IDInput, state *WafPolicyState, opts ...ResourceOption) (*WafPolicy, error)
    public static WafPolicy Get(string name, Input<string> id, WafPolicyState? state, CustomResourceOptions? opts = null)
    public static WafPolicy get(String name, Output<String> id, WafPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationLanguage string
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    CaseInsensitive bool
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    Description string
    Specifies the description of the policy.
    EnablePassivemode bool
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    EnforcementMode string
    How the system processes a request that triggers a security policy violation
    FileTypes List<Pulumi.F5BigIP.Inputs.WafPolicyFileType>
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    GraphqlProfiles List<Pulumi.F5BigIP.Inputs.WafPolicyGraphqlProfile>
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    HostNames List<Pulumi.F5BigIP.Inputs.WafPolicyHostName>
    specify the list of host name that is used to access the application
    IpExceptions List<Pulumi.F5BigIP.Inputs.WafPolicyIpException>
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    Modifications List<string>
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    OpenApiFiles List<string>
    This section defines the Link for open api files on the policy.
    Parameters List<string>
    This section defines parameters that the security policy permits in requests.
    Partition string
    Specifies the partition of the policy. Default is Common
    PolicyBuilders List<Pulumi.F5BigIP.Inputs.WafPolicyPolicyBuilder>
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    PolicyExportJson string
    Exported WAF policy deployed on BIGIP.
    PolicyId string
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    PolicyImportJson string
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    ProtocolIndependent bool
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    ServerTechnologies List<string>
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    SignatureSets List<string>
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    Signatures List<string>
    This section defines the properties of a signature on the policy.
    SignaturesSettings List<Pulumi.F5BigIP.Inputs.WafPolicySignaturesSetting>
    bulk signature setting
    TemplateLink string
    Specifies the Link of the template used for the policy creation.
    TemplateName string
    Specifies the name of the template used for the policy creation.
    Type string
    The type of policy you want to create. The default policy type is security.
    Urls List<string>
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    ApplicationLanguage string
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    CaseInsensitive bool
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    Description string
    Specifies the description of the policy.
    EnablePassivemode bool
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    EnforcementMode string
    How the system processes a request that triggers a security policy violation
    FileTypes []WafPolicyFileTypeArgs
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    GraphqlProfiles []WafPolicyGraphqlProfileArgs
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    HostNames []WafPolicyHostNameArgs
    specify the list of host name that is used to access the application
    IpExceptions []WafPolicyIpExceptionArgs
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    Modifications []string
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    OpenApiFiles []string
    This section defines the Link for open api files on the policy.
    Parameters []string
    This section defines parameters that the security policy permits in requests.
    Partition string
    Specifies the partition of the policy. Default is Common
    PolicyBuilders []WafPolicyPolicyBuilderArgs
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    PolicyExportJson string
    Exported WAF policy deployed on BIGIP.
    PolicyId string
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    PolicyImportJson string
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    ProtocolIndependent bool
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    ServerTechnologies []string
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    SignatureSets []string
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    Signatures []string
    This section defines the properties of a signature on the policy.
    SignaturesSettings []WafPolicySignaturesSettingArgs
    bulk signature setting
    TemplateLink string
    Specifies the Link of the template used for the policy creation.
    TemplateName string
    Specifies the name of the template used for the policy creation.
    Type string
    The type of policy you want to create. The default policy type is security.
    Urls []string
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    applicationLanguage String
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    caseInsensitive Boolean
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description String
    Specifies the description of the policy.
    enablePassivemode Boolean
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcementMode String
    How the system processes a request that triggers a security policy violation
    fileTypes List<WafPolicyFileType>
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphqlProfiles List<WafPolicyGraphqlProfile>
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    hostNames List<WafPolicyHostName>
    specify the list of host name that is used to access the application
    ipExceptions List<WafPolicyIpException>
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications List<String>
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    openApiFiles List<String>
    This section defines the Link for open api files on the policy.
    parameters List<String>
    This section defines parameters that the security policy permits in requests.
    partition String
    Specifies the partition of the policy. Default is Common
    policyBuilders List<WafPolicyPolicyBuilder>
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policyExportJson String
    Exported WAF policy deployed on BIGIP.
    policyId String
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policyImportJson String
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocolIndependent Boolean
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    serverTechnologies List<String>
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signatureSets List<String>
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures List<String>
    This section defines the properties of a signature on the policy.
    signaturesSettings List<WafPolicySignaturesSetting>
    bulk signature setting
    templateLink String
    Specifies the Link of the template used for the policy creation.
    templateName String
    Specifies the name of the template used for the policy creation.
    type String
    The type of policy you want to create. The default policy type is security.
    urls List<String>
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    applicationLanguage string
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    caseInsensitive boolean
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description string
    Specifies the description of the policy.
    enablePassivemode boolean
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcementMode string
    How the system processes a request that triggers a security policy violation
    fileTypes WafPolicyFileType[]
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphqlProfiles WafPolicyGraphqlProfile[]
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    hostNames WafPolicyHostName[]
    specify the list of host name that is used to access the application
    ipExceptions WafPolicyIpException[]
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications string[]
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    openApiFiles string[]
    This section defines the Link for open api files on the policy.
    parameters string[]
    This section defines parameters that the security policy permits in requests.
    partition string
    Specifies the partition of the policy. Default is Common
    policyBuilders WafPolicyPolicyBuilder[]
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policyExportJson string
    Exported WAF policy deployed on BIGIP.
    policyId string
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policyImportJson string
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocolIndependent boolean
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    serverTechnologies string[]
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signatureSets string[]
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures string[]
    This section defines the properties of a signature on the policy.
    signaturesSettings WafPolicySignaturesSetting[]
    bulk signature setting
    templateLink string
    Specifies the Link of the template used for the policy creation.
    templateName string
    Specifies the name of the template used for the policy creation.
    type string
    The type of policy you want to create. The default policy type is security.
    urls string[]
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    application_language str
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    case_insensitive bool
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description str
    Specifies the description of the policy.
    enable_passivemode bool
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcement_mode str
    How the system processes a request that triggers a security policy violation
    file_types Sequence[WafPolicyFileTypeArgs]
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphql_profiles Sequence[WafPolicyGraphqlProfileArgs]
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    host_names Sequence[WafPolicyHostNameArgs]
    specify the list of host name that is used to access the application
    ip_exceptions Sequence[WafPolicyIpExceptionArgs]
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications Sequence[str]
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    name str
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    open_api_files Sequence[str]
    This section defines the Link for open api files on the policy.
    parameters Sequence[str]
    This section defines parameters that the security policy permits in requests.
    partition str
    Specifies the partition of the policy. Default is Common
    policy_builders Sequence[WafPolicyPolicyBuilderArgs]
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policy_export_json str
    Exported WAF policy deployed on BIGIP.
    policy_id str
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policy_import_json str
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocol_independent bool
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    server_technologies Sequence[str]
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signature_sets Sequence[str]
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures Sequence[str]
    This section defines the properties of a signature on the policy.
    signatures_settings Sequence[WafPolicySignaturesSettingArgs]
    bulk signature setting
    template_link str
    Specifies the Link of the template used for the policy creation.
    template_name str
    Specifies the name of the template used for the policy creation.
    type str
    The type of policy you want to create. The default policy type is security.
    urls Sequence[str]
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
    applicationLanguage String
    The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is utf-8
    caseInsensitive Boolean
    Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
    description String
    Specifies the description of the policy.
    enablePassivemode Boolean
    Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
    enforcementMode String
    How the system processes a request that triggers a security policy violation
    fileTypes List<Property Map>
    file_types takes list of file-types options to be used for policy builder. See file types below for more details.
    graphqlProfiles List<Property Map>
    graphql_profiles takes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.
    hostNames List<Property Map>
    specify the list of host name that is used to access the application
    ipExceptions List<Property Map>
    ip_exceptions takes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.
    modifications List<String>
    the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    openApiFiles List<String>
    This section defines the Link for open api files on the policy.
    parameters List<String>
    This section defines parameters that the security policy permits in requests.
    partition String
    Specifies the partition of the policy. Default is Common
    policyBuilders List<Property Map>
    policy_builder block will provide learning_mode options to be used for policy builder. See policy builder below for more details.
    policyExportJson String
    Exported WAF policy deployed on BIGIP.
    policyId String
    The id of the A.WAF Policy as it would be calculated on the BIG-IP.
    policyImportJson String
    The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
    protocolIndependent Boolean
    When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
    serverTechnologies List<String>
    The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
    signatureSets List<String>
    Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
    signatures List<String>
    This section defines the properties of a signature on the policy.
    signaturesSettings List<Property Map>
    bulk signature setting
    templateLink String
    Specifies the Link of the template used for the policy creation.
    templateName String
    Specifies the name of the template used for the policy creation.
    type String
    The type of policy you want to create. The default policy type is security.
    urls List<String>
    In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.

    Supporting Types

    WafPolicyFileType, WafPolicyFileTypeArgs

    Allowed bool
    Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-

    • No allowed file type matched the file type of the request.
    • The file type of the request matched a disallowed file type.
    Name string
    Specifies the file type name as appearing in the URL extension.
    Type string
    Determines the type of the name attribute. Only when setting the type to wildcard will the special wildcard characters in the name be interpreted as such
    Allowed bool
    Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-

    • No allowed file type matched the file type of the request.
    • The file type of the request matched a disallowed file type.
    Name string
    Specifies the file type name as appearing in the URL extension.
    Type string
    Determines the type of the name attribute. Only when setting the type to wildcard will the special wildcard characters in the name be interpreted as such
    allowed Boolean
    Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-

    • No allowed file type matched the file type of the request.
    • The file type of the request matched a disallowed file type.
    name String
    Specifies the file type name as appearing in the URL extension.
    type String
    Determines the type of the name attribute. Only when setting the type to wildcard will the special wildcard characters in the name be interpreted as such
    allowed boolean
    Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-

    • No allowed file type matched the file type of the request.
    • The file type of the request matched a disallowed file type.
    name string
    Specifies the file type name as appearing in the URL extension.
    type string
    Determines the type of the name attribute. Only when setting the type to wildcard will the special wildcard characters in the name be interpreted as such
    allowed bool
    Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-

    • No allowed file type matched the file type of the request.
    • The file type of the request matched a disallowed file type.
    name str
    Specifies the file type name as appearing in the URL extension.
    type str
    Determines the type of the name attribute. Only when setting the type to wildcard will the special wildcard characters in the name be interpreted as such
    allowed Boolean
    Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-

    • No allowed file type matched the file type of the request.
    • The file type of the request matched a disallowed file type.
    name String
    Specifies the file type name as appearing in the URL extension.
    type String
    Determines the type of the name attribute. Only when setting the type to wildcard will the special wildcard characters in the name be interpreted as such

    WafPolicyGraphqlProfile, WafPolicyGraphqlProfileArgs

    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    AttackSignaturesCheck bool
    Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled.
    DefenseAttributes List<Pulumi.F5BigIP.Inputs.WafPolicyGraphqlProfileDefenseAttribute>
    defense_attributes block settings for GraphQl policy.See defense attributes below for more details.
    MetacharElementcheck bool
    Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled.
    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    AttackSignaturesCheck bool
    Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled.
    DefenseAttributes []WafPolicyGraphqlProfileDefenseAttribute
    defense_attributes block settings for GraphQl policy.See defense attributes below for more details.
    MetacharElementcheck bool
    Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled.
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    attackSignaturesCheck Boolean
    Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled.
    defenseAttributes List<WafPolicyGraphqlProfileDefenseAttribute>
    defense_attributes block settings for GraphQl policy.See defense attributes below for more details.
    metacharElementcheck Boolean
    Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled.
    name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    attackSignaturesCheck boolean
    Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled.
    defenseAttributes WafPolicyGraphqlProfileDefenseAttribute[]
    defense_attributes block settings for GraphQl policy.See defense attributes below for more details.
    metacharElementcheck boolean
    Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled.
    name str
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    attack_signatures_check bool
    Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled.
    defense_attributes Sequence[WafPolicyGraphqlProfileDefenseAttribute]
    defense_attributes block settings for GraphQl policy.See defense attributes below for more details.
    metachar_elementcheck bool
    Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled.
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    attackSignaturesCheck Boolean
    Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled.
    defenseAttributes List<Property Map>
    defense_attributes block settings for GraphQl policy.See defense attributes below for more details.
    metacharElementcheck Boolean
    Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled.

    WafPolicyGraphqlProfileDefenseAttribute, WafPolicyGraphqlProfileDefenseAttributeArgs

    AllowIntrospectionQueries bool
    Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
    MaximumBatchedQueries string
    Specifies the highest number of batched queries allowed by the security policy.
    MaximumStructureDepth string
    Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
    MaximumTotalLength string
    Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
    MaximumValueLength string
    Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
    TolerateParsingWarnings bool
    Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
    AllowIntrospectionQueries bool
    Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
    MaximumBatchedQueries string
    Specifies the highest number of batched queries allowed by the security policy.
    MaximumStructureDepth string
    Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
    MaximumTotalLength string
    Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
    MaximumValueLength string
    Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
    TolerateParsingWarnings bool
    Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
    allowIntrospectionQueries Boolean
    Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
    maximumBatchedQueries String
    Specifies the highest number of batched queries allowed by the security policy.
    maximumStructureDepth String
    Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
    maximumTotalLength String
    Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
    maximumValueLength String
    Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
    tolerateParsingWarnings Boolean
    Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
    allowIntrospectionQueries boolean
    Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
    maximumBatchedQueries string
    Specifies the highest number of batched queries allowed by the security policy.
    maximumStructureDepth string
    Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
    maximumTotalLength string
    Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
    maximumValueLength string
    Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
    tolerateParsingWarnings boolean
    Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
    allow_introspection_queries bool
    Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
    maximum_batched_queries str
    Specifies the highest number of batched queries allowed by the security policy.
    maximum_structure_depth str
    Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
    maximum_total_length str
    Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
    maximum_value_length str
    Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
    tolerate_parsing_warnings bool
    Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
    allowIntrospectionQueries Boolean
    Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
    maximumBatchedQueries String
    Specifies the highest number of batched queries allowed by the security policy.
    maximumStructureDepth String
    Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
    maximumTotalLength String
    Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
    maximumValueLength String
    Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
    tolerateParsingWarnings Boolean
    Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.

    WafPolicyHostName, WafPolicyHostNameArgs

    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    Name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    name string
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    name str
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
    name String
    The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).

    WafPolicyIpException, WafPolicyIpExceptionArgs

    IpAddress string
    Specifies the IP address that you want the system to trust.
    IpMask string
    Specifies the netmask of the exceptional IP address. This is an optional field.
    BlockRequests string
    Specifies how the system responds to blocking requests sent from this IP address. Possible options [always, never, policy-default].
    Description string
    Specifies the description of the policy.
    IgnoreAnomalies bool
    Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
    IgnoreIpreputation bool
    Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
    TrustedbyPolicybuilder bool
    Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
    IpAddress string
    Specifies the IP address that you want the system to trust.
    IpMask string
    Specifies the netmask of the exceptional IP address. This is an optional field.
    BlockRequests string
    Specifies how the system responds to blocking requests sent from this IP address. Possible options [always, never, policy-default].
    Description string
    Specifies the description of the policy.
    IgnoreAnomalies bool
    Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
    IgnoreIpreputation bool
    Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
    TrustedbyPolicybuilder bool
    Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
    ipAddress String
    Specifies the IP address that you want the system to trust.
    ipMask String
    Specifies the netmask of the exceptional IP address. This is an optional field.
    blockRequests String
    Specifies how the system responds to blocking requests sent from this IP address. Possible options [always, never, policy-default].
    description String
    Specifies the description of the policy.
    ignoreAnomalies Boolean
    Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
    ignoreIpreputation Boolean
    Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
    trustedbyPolicybuilder Boolean
    Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
    ipAddress string
    Specifies the IP address that you want the system to trust.
    ipMask string
    Specifies the netmask of the exceptional IP address. This is an optional field.
    blockRequests string
    Specifies how the system responds to blocking requests sent from this IP address. Possible options [always, never, policy-default].
    description string
    Specifies the description of the policy.
    ignoreAnomalies boolean
    Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
    ignoreIpreputation boolean
    Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
    trustedbyPolicybuilder boolean
    Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
    ip_address str
    Specifies the IP address that you want the system to trust.
    ip_mask str
    Specifies the netmask of the exceptional IP address. This is an optional field.
    block_requests str
    Specifies how the system responds to blocking requests sent from this IP address. Possible options [always, never, policy-default].
    description str
    Specifies the description of the policy.
    ignore_anomalies bool
    Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
    ignore_ipreputation bool
    Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
    trustedby_policybuilder bool
    Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
    ipAddress String
    Specifies the IP address that you want the system to trust.
    ipMask String
    Specifies the netmask of the exceptional IP address. This is an optional field.
    blockRequests String
    Specifies how the system responds to blocking requests sent from this IP address. Possible options [always, never, policy-default].
    description String
    Specifies the description of the policy.
    ignoreAnomalies Boolean
    Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
    ignoreIpreputation Boolean
    Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
    trustedbyPolicybuilder Boolean
    Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.

    WafPolicyPolicyBuilder, WafPolicyPolicyBuilderArgs

    LearningMode string
    learning mode setting for policy-builder, possible options: [automatic,disabled, manual]
    LearningMode string
    learning mode setting for policy-builder, possible options: [automatic,disabled, manual]
    learningMode String
    learning mode setting for policy-builder, possible options: [automatic,disabled, manual]
    learningMode string
    learning mode setting for policy-builder, possible options: [automatic,disabled, manual]
    learning_mode str
    learning mode setting for policy-builder, possible options: [automatic,disabled, manual]
    learningMode String
    learning mode setting for policy-builder, possible options: [automatic,disabled, manual]

    WafPolicySignaturesSetting, WafPolicySignaturesSettingArgs

    PlacesignaturesInStaging bool
    SignatureStaging bool
    setting true will enforce all signature from staging
    PlacesignaturesInStaging bool
    SignatureStaging bool
    setting true will enforce all signature from staging
    placesignaturesInStaging Boolean
    signatureStaging Boolean
    setting true will enforce all signature from staging
    placesignaturesInStaging boolean
    signatureStaging boolean
    setting true will enforce all signature from staging
    placesignatures_in_staging bool
    signature_staging bool
    setting true will enforce all signature from staging
    placesignaturesInStaging Boolean
    signatureStaging Boolean
    setting true will enforce all signature from staging

    Import

    An existing WAF Policy or if the WAF Policy has been manually created or modified on the BIG-IP WebUI, it can be imported using its id.

    e.g:

    $ pulumi import f5bigip:index/wafPolicy:WafPolicy example <id>
    

    Package Details

    Repository
    f5 BIG-IP pulumi/pulumi-f5bigip
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the bigip Terraform Provider.
    f5bigip logo
    f5 BIG-IP v3.17.0 published on Thursday, Mar 28, 2024 by Pulumi