Fastly v11.0.0 published on Thursday, Sep 4, 2025 by Pulumi
fastly.NgwafWorkspaceRule
Provides a Fastly Next-Gen WAF Workspace Rule, scoped to a specific NGWAF workspace.
These rules define conditions and actions that trigger WAF enforcement at the workspace level.
Example Usage
Basic usage:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const example = new fastly.NgwafWorkspace("example", {
name: "example",
description: "Test NGWAF Workspace",
mode: "block",
ipAnonymization: "hashed",
clientIpHeaders: [
"X-Forwarded-For",
"X-Real-IP",
],
defaultBlockingResponseCode: 429,
attackSignalThresholds: {},
});
const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
workspaceId: example.id,
type: "request",
description: "example",
enabled: true,
requestLogging: "sampled",
groupOperator: "all",
actions: [{
type: "block",
}],
conditions: [
{
field: "ip",
operator: "equals",
value: "127.0.0.1",
},
{
field: "path",
operator: "equals",
value: "/login",
},
{
field: "agent_name",
operator: "equals",
value: "host-001",
},
],
groupConditions: [
{
groupOperator: "all",
conditions: [
{
field: "country",
operator: "equals",
value: "AD",
},
{
field: "method",
operator: "equals",
value: "POST",
},
],
},
{
groupOperator: "any",
conditions: [
{
field: "protocol_version",
operator: "equals",
value: "HTTP/1.0",
},
{
field: "method",
operator: "equals",
value: "HEAD",
},
{
field: "domain",
operator: "equals",
value: "example.com",
},
],
},
],
});
import pulumi
import pulumi_fastly as fastly
example = fastly.NgwafWorkspace("example",
name="example",
description="Test NGWAF Workspace",
mode="block",
ip_anonymization="hashed",
client_ip_headers=[
"X-Forwarded-For",
"X-Real-IP",
],
default_blocking_response_code=429,
attack_signal_thresholds={})
example_ngwaf_workspace_rule = fastly.NgwafWorkspaceRule("example",
workspace_id=example.id,
type="request",
description="example",
enabled=True,
request_logging="sampled",
group_operator="all",
actions=[{
"type": "block",
}],
conditions=[
{
"field": "ip",
"operator": "equals",
"value": "127.0.0.1",
},
{
"field": "path",
"operator": "equals",
"value": "/login",
},
{
"field": "agent_name",
"operator": "equals",
"value": "host-001",
},
],
group_conditions=[
{
"group_operator": "all",
"conditions": [
{
"field": "country",
"operator": "equals",
"value": "AD",
},
{
"field": "method",
"operator": "equals",
"value": "POST",
},
],
},
{
"group_operator": "any",
"conditions": [
{
"field": "protocol_version",
"operator": "equals",
"value": "HTTP/1.0",
},
{
"field": "method",
"operator": "equals",
"value": "HEAD",
},
{
"field": "domain",
"operator": "equals",
"value": "example.com",
},
],
},
])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v11/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := fastly.NewNgwafWorkspace(ctx, "example", &fastly.NgwafWorkspaceArgs{
Name: pulumi.String("example"),
Description: pulumi.String("Test NGWAF Workspace"),
Mode: pulumi.String("block"),
IpAnonymization: pulumi.String("hashed"),
ClientIpHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
pulumi.String("X-Real-IP"),
},
DefaultBlockingResponseCode: pulumi.Int(429),
AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{},
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceRule(ctx, "example", &fastly.NgwafWorkspaceRuleArgs{
WorkspaceId: example.ID(),
Type: pulumi.String("request"),
Description: pulumi.String("example"),
Enabled: pulumi.Bool(true),
RequestLogging: pulumi.String("sampled"),
GroupOperator: pulumi.String("all"),
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("block"),
},
},
Conditions: fastly.NgwafWorkspaceRuleConditionArray{
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("ip"),
Operator: pulumi.String("equals"),
Value: pulumi.String("127.0.0.1"),
},
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("path"),
Operator: pulumi.String("equals"),
Value: pulumi.String("/login"),
},
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("agent_name"),
Operator: pulumi.String("equals"),
Value: pulumi.String("host-001"),
},
},
GroupConditions: fastly.NgwafWorkspaceRuleGroupConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionArgs{
GroupOperator: pulumi.String("all"),
Conditions: fastly.NgwafWorkspaceRuleGroupConditionConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("country"),
Operator: pulumi.String("equals"),
Value: pulumi.String("AD"),
},
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("method"),
Operator: pulumi.String("equals"),
Value: pulumi.String("POST"),
},
},
},
&fastly.NgwafWorkspaceRuleGroupConditionArgs{
GroupOperator: pulumi.String("any"),
Conditions: fastly.NgwafWorkspaceRuleGroupConditionConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("protocol_version"),
Operator: pulumi.String("equals"),
Value: pulumi.String("HTTP/1.0"),
},
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("method"),
Operator: pulumi.String("equals"),
Value: pulumi.String("HEAD"),
},
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("domain"),
Operator: pulumi.String("equals"),
Value: pulumi.String("example.com"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var example = new Fastly.NgwafWorkspace("example", new()
{
Name = "example",
Description = "Test NGWAF Workspace",
Mode = "block",
IpAnonymization = "hashed",
ClientIpHeaders = new[]
{
"X-Forwarded-For",
"X-Real-IP",
},
DefaultBlockingResponseCode = 429,
AttackSignalThresholds = null,
});
var exampleNgwafWorkspaceRule = new Fastly.NgwafWorkspaceRule("example", new()
{
WorkspaceId = example.Id,
Type = "request",
Description = "example",
Enabled = true,
RequestLogging = "sampled",
GroupOperator = "all",
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "block",
},
},
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "ip",
Operator = "equals",
Value = "127.0.0.1",
},
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "path",
Operator = "equals",
Value = "/login",
},
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "agent_name",
Operator = "equals",
Value = "host-001",
},
},
GroupConditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionArgs
{
GroupOperator = "all",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "country",
Operator = "equals",
Value = "AD",
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "method",
Operator = "equals",
Value = "POST",
},
},
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionArgs
{
GroupOperator = "any",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "protocol_version",
Operator = "equals",
Value = "HTTP/1.0",
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "method",
Operator = "equals",
Value = "HEAD",
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "domain",
Operator = "equals",
Value = "example.com",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.NgwafWorkspace;
import com.pulumi.fastly.NgwafWorkspaceArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceAttackSignalThresholdsArgs;
import com.pulumi.fastly.NgwafWorkspaceRule;
import com.pulumi.fastly.NgwafWorkspaceRuleArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleActionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleConditionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleGroupConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NgwafWorkspace("example", NgwafWorkspaceArgs.builder()
.name("example")
.description("Test NGWAF Workspace")
.mode("block")
.ipAnonymization("hashed")
.clientIpHeaders(
"X-Forwarded-For",
"X-Real-IP")
.defaultBlockingResponseCode(429)
.attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
.build())
.build());
var exampleNgwafWorkspaceRule = new NgwafWorkspaceRule("exampleNgwafWorkspaceRule", NgwafWorkspaceRuleArgs.builder()
.workspaceId(example.id())
.type("request")
.description("example")
.enabled(true)
.requestLogging("sampled")
.groupOperator("all")
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("block")
.build())
.conditions(
NgwafWorkspaceRuleConditionArgs.builder()
.field("ip")
.operator("equals")
.value("127.0.0.1")
.build(),
NgwafWorkspaceRuleConditionArgs.builder()
.field("path")
.operator("equals")
.value("/login")
.build(),
NgwafWorkspaceRuleConditionArgs.builder()
.field("agent_name")
.operator("equals")
.value("host-001")
.build())
.groupConditions(
NgwafWorkspaceRuleGroupConditionArgs.builder()
.groupOperator("all")
.conditions(
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("country")
.operator("equals")
.value("AD")
.build(),
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("method")
.operator("equals")
.value("POST")
.build())
.build(),
NgwafWorkspaceRuleGroupConditionArgs.builder()
.groupOperator("any")
.conditions(
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("protocol_version")
.operator("equals")
.value("HTTP/1.0")
.build(),
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("method")
.operator("equals")
.value("HEAD")
.build(),
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("domain")
.operator("equals")
.value("example.com")
.build())
.build())
.build());
}
}
resources:
example:
type: fastly:NgwafWorkspace
properties:
name: example
description: Test NGWAF Workspace
mode: block
ipAnonymization: hashed
clientIpHeaders:
- X-Forwarded-For
- X-Real-IP
defaultBlockingResponseCode: 429
attackSignalThresholds: {}
exampleNgwafWorkspaceRule:
type: fastly:NgwafWorkspaceRule
name: example
properties:
workspaceId: ${example.id}
type: request
description: example
enabled: true
requestLogging: sampled
groupOperator: all
actions:
- type: block
conditions:
- field: ip
operator: equals
value: 127.0.0.1
- field: path
operator: equals
value: /login
- field: agent_name
operator: equals
value: host-001
groupConditions:
- groupOperator: all
conditions:
- field: country
operator: equals
value: AD
- field: method
operator: equals
value: POST
- groupOperator: any
conditions:
- field: protocol_version
operator: equals
value: HTTP/1.0
- field: method
operator: equals
value: HEAD
- field: domain
operator: equals
value: example.com
Create NgwafWorkspaceRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NgwafWorkspaceRule(name: string, args: NgwafWorkspaceRuleArgs, opts?: CustomResourceOptions);@overload
def NgwafWorkspaceRule(resource_name: str,
args: NgwafWorkspaceRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NgwafWorkspaceRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[NgwafWorkspaceRuleActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
type: Optional[str] = None,
workspace_id: Optional[str] = None,
conditions: Optional[Sequence[NgwafWorkspaceRuleConditionArgs]] = None,
group_conditions: Optional[Sequence[NgwafWorkspaceRuleGroupConditionArgs]] = None,
group_operator: Optional[str] = None,
rate_limit: Optional[NgwafWorkspaceRuleRateLimitArgs] = None,
request_logging: Optional[str] = None)func NewNgwafWorkspaceRule(ctx *Context, name string, args NgwafWorkspaceRuleArgs, opts ...ResourceOption) (*NgwafWorkspaceRule, error)public NgwafWorkspaceRule(string name, NgwafWorkspaceRuleArgs args, CustomResourceOptions? opts = null)
public NgwafWorkspaceRule(String name, NgwafWorkspaceRuleArgs args)
public NgwafWorkspaceRule(String name, NgwafWorkspaceRuleArgs args, CustomResourceOptions options)
type: fastly:NgwafWorkspaceRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ngwafWorkspaceRuleResource = new Fastly.NgwafWorkspaceRule("ngwafWorkspaceRuleResource", new()
{
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "string",
RedirectUrl = "string",
ResponseCode = 0,
Signal = "string",
},
},
Description = "string",
Enabled = false,
Type = "string",
WorkspaceId = "string",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "string",
Operator = "string",
Value = "string",
},
},
GroupConditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionArgs
{
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "string",
Operator = "string",
Value = "string",
},
},
GroupOperator = "string",
},
},
GroupOperator = "string",
RateLimit = new Fastly.Inputs.NgwafWorkspaceRuleRateLimitArgs
{
ClientIdentifiers = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleRateLimitClientIdentifierArgs
{
Type = "string",
Key = "string",
Name = "string",
},
},
Duration = 0,
Interval = 0,
Signal = "string",
Threshold = 0,
},
RequestLogging = "string",
});
example, err := fastly.NewNgwafWorkspaceRule(ctx, "ngwafWorkspaceRuleResource", &fastly.NgwafWorkspaceRuleArgs{
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
ResponseCode: pulumi.Int(0),
Signal: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Type: pulumi.String("string"),
WorkspaceId: pulumi.String("string"),
Conditions: fastly.NgwafWorkspaceRuleConditionArray{
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("string"),
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
GroupConditions: fastly.NgwafWorkspaceRuleGroupConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionArgs{
Conditions: fastly.NgwafWorkspaceRuleGroupConditionConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("string"),
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
GroupOperator: pulumi.String("string"),
},
},
GroupOperator: pulumi.String("string"),
RateLimit: &fastly.NgwafWorkspaceRuleRateLimitArgs{
ClientIdentifiers: fastly.NgwafWorkspaceRuleRateLimitClientIdentifierArray{
&fastly.NgwafWorkspaceRuleRateLimitClientIdentifierArgs{
Type: pulumi.String("string"),
Key: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Duration: pulumi.Int(0),
Interval: pulumi.Int(0),
Signal: pulumi.String("string"),
Threshold: pulumi.Int(0),
},
RequestLogging: pulumi.String("string"),
})
var ngwafWorkspaceRuleResource = new NgwafWorkspaceRule("ngwafWorkspaceRuleResource", NgwafWorkspaceRuleArgs.builder()
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("string")
.redirectUrl("string")
.responseCode(0)
.signal("string")
.build())
.description("string")
.enabled(false)
.type("string")
.workspaceId("string")
.conditions(NgwafWorkspaceRuleConditionArgs.builder()
.field("string")
.operator("string")
.value("string")
.build())
.groupConditions(NgwafWorkspaceRuleGroupConditionArgs.builder()
.conditions(NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("string")
.operator("string")
.value("string")
.build())
.groupOperator("string")
.build())
.groupOperator("string")
.rateLimit(NgwafWorkspaceRuleRateLimitArgs.builder()
.clientIdentifiers(NgwafWorkspaceRuleRateLimitClientIdentifierArgs.builder()
.type("string")
.key("string")
.name("string")
.build())
.duration(0)
.interval(0)
.signal("string")
.threshold(0)
.build())
.requestLogging("string")
.build());
ngwaf_workspace_rule_resource = fastly.NgwafWorkspaceRule("ngwafWorkspaceRuleResource",
actions=[{
"type": "string",
"redirect_url": "string",
"response_code": 0,
"signal": "string",
}],
description="string",
enabled=False,
type="string",
workspace_id="string",
conditions=[{
"field": "string",
"operator": "string",
"value": "string",
}],
group_conditions=[{
"conditions": [{
"field": "string",
"operator": "string",
"value": "string",
}],
"group_operator": "string",
}],
group_operator="string",
rate_limit={
"client_identifiers": [{
"type": "string",
"key": "string",
"name": "string",
}],
"duration": 0,
"interval": 0,
"signal": "string",
"threshold": 0,
},
request_logging="string")
const ngwafWorkspaceRuleResource = new fastly.NgwafWorkspaceRule("ngwafWorkspaceRuleResource", {
actions: [{
type: "string",
redirectUrl: "string",
responseCode: 0,
signal: "string",
}],
description: "string",
enabled: false,
type: "string",
workspaceId: "string",
conditions: [{
field: "string",
operator: "string",
value: "string",
}],
groupConditions: [{
conditions: [{
field: "string",
operator: "string",
value: "string",
}],
groupOperator: "string",
}],
groupOperator: "string",
rateLimit: {
clientIdentifiers: [{
type: "string",
key: "string",
name: "string",
}],
duration: 0,
interval: 0,
signal: "string",
threshold: 0,
},
requestLogging: "string",
});
type: fastly:NgwafWorkspaceRule
properties:
actions:
- redirectUrl: string
responseCode: 0
signal: string
type: string
conditions:
- field: string
operator: string
value: string
description: string
enabled: false
groupConditions:
- conditions:
- field: string
operator: string
value: string
groupOperator: string
groupOperator: string
rateLimit:
clientIdentifiers:
- key: string
name: string
type: string
duration: 0
interval: 0
signal: string
threshold: 0
requestLogging: string
type: string
workspaceId: string
NgwafWorkspaceRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NgwafWorkspaceRule resource accepts the following input properties:
- Actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- Conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - Group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone.
- Actions
[]Ngwaf
Workspace Rule Action Args - List of actions to perform when the rule matches.
- Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- Conditions
[]Ngwaf
Workspace Rule Condition Args - Flat list of individual conditions. Each must include
field,operator, andvalue. - Group
Conditions []NgwafWorkspace Rule Group Condition Args - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Rate
Limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
- conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions
Ngwaf
Workspace Rule Action[] - List of actions to perform when the rule matches.
- description string
- The description of the rule.
- enabled boolean
- Whether the rule is currently enabled.
- type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id string - The ID of the workspace.
- conditions
Ngwaf
Workspace Rule Condition[] - Flat list of individual conditions. Each must include
field,operator, andvalue. - group
Conditions NgwafWorkspace Rule Group Condition[] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions
Sequence[Ngwaf
Workspace Rule Action Args] - List of actions to perform when the rule matches.
- description str
- The description of the rule.
- enabled bool
- Whether the rule is currently enabled.
- type str
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace_
id str - The ID of the workspace.
- conditions
Sequence[Ngwaf
Workspace Rule Condition Args] - Flat list of individual conditions. Each must include
field,operator, andvalue. - group_
conditions Sequence[NgwafWorkspace Rule Group Condition Args] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group_
operator str - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate_
limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- request_
logging str - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions List<Property Map>
- List of actions to perform when the rule matches.
- description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
- conditions List<Property Map>
- Flat list of individual conditions. Each must include
field,operator, andvalue. - group
Conditions List<Property Map> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate
Limit Property Map - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone.
Outputs
All input properties are implicitly available as output properties. Additionally, the NgwafWorkspaceRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NgwafWorkspaceRule Resource
Get an existing NgwafWorkspaceRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NgwafWorkspaceRuleState, opts?: CustomResourceOptions): NgwafWorkspaceRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[NgwafWorkspaceRuleActionArgs]] = None,
conditions: Optional[Sequence[NgwafWorkspaceRuleConditionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
group_conditions: Optional[Sequence[NgwafWorkspaceRuleGroupConditionArgs]] = None,
group_operator: Optional[str] = None,
rate_limit: Optional[NgwafWorkspaceRuleRateLimitArgs] = None,
request_logging: Optional[str] = None,
type: Optional[str] = None,
workspace_id: Optional[str] = None) -> NgwafWorkspaceRulefunc GetNgwafWorkspaceRule(ctx *Context, name string, id IDInput, state *NgwafWorkspaceRuleState, opts ...ResourceOption) (*NgwafWorkspaceRule, error)public static NgwafWorkspaceRule Get(string name, Input<string> id, NgwafWorkspaceRuleState? state, CustomResourceOptions? opts = null)public static NgwafWorkspaceRule get(String name, Output<String> id, NgwafWorkspaceRuleState state, CustomResourceOptions options)resources: _: type: fastly:NgwafWorkspaceRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- Conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone. - Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- Actions
[]Ngwaf
Workspace Rule Action Args - List of actions to perform when the rule matches.
- Conditions
[]Ngwaf
Workspace Rule Condition Args - Flat list of individual conditions. Each must include
field,operator, andvalue. - Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Group
Conditions []NgwafWorkspace Rule Group Condition Args - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Rate
Limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone. - Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone. - type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
- actions
Ngwaf
Workspace Rule Action[] - List of actions to perform when the rule matches.
- conditions
Ngwaf
Workspace Rule Condition[] - Flat list of individual conditions. Each must include
field,operator, andvalue. - description string
- The description of the rule.
- enabled boolean
- Whether the rule is currently enabled.
- group
Conditions NgwafWorkspace Rule Group Condition[] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone. - type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id string - The ID of the workspace.
- actions
Sequence[Ngwaf
Workspace Rule Action Args] - List of actions to perform when the rule matches.
- conditions
Sequence[Ngwaf
Workspace Rule Condition Args] - Flat list of individual conditions. Each must include
field,operator, andvalue. - description str
- The description of the rule.
- enabled bool
- Whether the rule is currently enabled.
- group_
conditions Sequence[NgwafWorkspace Rule Group Condition Args] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group_
operator str - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate_
limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- request_
logging str - Logging behavior for matching requests. Accepted values are
sampledandnone. - type str
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace_
id str - The ID of the workspace.
- actions List<Property Map>
- List of actions to perform when the rule matches.
- conditions List<Property Map>
- Flat list of individual conditions. Each must include
field,operator, andvalue. - description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- group
Conditions List<Property Map> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - rate
Limit Property Map - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone. - type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
Supporting Types
NgwafWorkspaceRuleAction, NgwafWorkspaceRuleActionArgs
- Type string
- The action type, e.g.
block,redirect,exclude_signal. - Redirect
Url string - Redirect target (used when
type = redirect). - Response
Code int - Response code used with redirect.
- Signal string
- Signal name to exclude (used when
type = exclude_signal).
- Type string
- The action type, e.g.
block,redirect,exclude_signal. - Redirect
Url string - Redirect target (used when
type = redirect). - Response
Code int - Response code used with redirect.
- Signal string
- Signal name to exclude (used when
type = exclude_signal).
- type String
- The action type, e.g.
block,redirect,exclude_signal. - redirect
Url String - Redirect target (used when
type = redirect). - response
Code Integer - Response code used with redirect.
- signal String
- Signal name to exclude (used when
type = exclude_signal).
- type string
- The action type, e.g.
block,redirect,exclude_signal. - redirect
Url string - Redirect target (used when
type = redirect). - response
Code number - Response code used with redirect.
- signal string
- Signal name to exclude (used when
type = exclude_signal).
- type str
- The action type, e.g.
block,redirect,exclude_signal. - redirect_
url str - Redirect target (used when
type = redirect). - response_
code int - Response code used with redirect.
- signal str
- Signal name to exclude (used when
type = exclude_signal).
- type String
- The action type, e.g.
block,redirect,exclude_signal. - redirect
Url String - Redirect target (used when
type = redirect). - response
Code Number - Response code used with redirect.
- signal String
- Signal name to exclude (used when
type = exclude_signal).
NgwafWorkspaceRuleCondition, NgwafWorkspaceRuleConditionArgs
NgwafWorkspaceRuleGroupCondition, NgwafWorkspaceRuleGroupConditionArgs
- Conditions
List<Ngwaf
Workspace Rule Group Condition Condition> - A list of nested conditions in this group.
- Group
Operator string - Logical operator for the group. Accepted values are
anyandall.
- Conditions
[]Ngwaf
Workspace Rule Group Condition Condition - A list of nested conditions in this group.
- Group
Operator string - Logical operator for the group. Accepted values are
anyandall.
- conditions
List<Ngwaf
Workspace Rule Group Condition Condition> - A list of nested conditions in this group.
- group
Operator String - Logical operator for the group. Accepted values are
anyandall.
- conditions
Ngwaf
Workspace Rule Group Condition Condition[] - A list of nested conditions in this group.
- group
Operator string - Logical operator for the group. Accepted values are
anyandall.
- conditions
Sequence[Ngwaf
Workspace Rule Group Condition Condition] - A list of nested conditions in this group.
- group_
operator str - Logical operator for the group. Accepted values are
anyandall.
- conditions List<Property Map>
- A list of nested conditions in this group.
- group
Operator String - Logical operator for the group. Accepted values are
anyandall.
NgwafWorkspaceRuleGroupConditionCondition, NgwafWorkspaceRuleGroupConditionConditionArgs
NgwafWorkspaceRuleRateLimit, NgwafWorkspaceRuleRateLimitArgs
- Client
Identifiers List<NgwafWorkspace Rule Rate Limit Client Identifier> - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- Duration int
- Duration in seconds for the rate limit.
- Interval int
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- Signal string
- Reference ID of the custom signal this rule uses to count requests.
- Threshold int
- Rate limit threshold. Minimum 1 and maximum 10,000.
- Client
Identifiers []NgwafWorkspace Rule Rate Limit Client Identifier - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- Duration int
- Duration in seconds for the rate limit.
- Interval int
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- Signal string
- Reference ID of the custom signal this rule uses to count requests.
- Threshold int
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client
Identifiers List<NgwafWorkspace Rule Rate Limit Client Identifier> - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration Integer
- Duration in seconds for the rate limit.
- interval Integer
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal String
- Reference ID of the custom signal this rule uses to count requests.
- threshold Integer
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client
Identifiers NgwafWorkspace Rule Rate Limit Client Identifier[] - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration number
- Duration in seconds for the rate limit.
- interval number
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal string
- Reference ID of the custom signal this rule uses to count requests.
- threshold number
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client_
identifiers Sequence[NgwafWorkspace Rule Rate Limit Client Identifier] - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration int
- Duration in seconds for the rate limit.
- interval int
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal str
- Reference ID of the custom signal this rule uses to count requests.
- threshold int
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client
Identifiers List<Property Map> - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration Number
- Duration in seconds for the rate limit.
- interval Number
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal String
- Reference ID of the custom signal this rule uses to count requests.
- threshold Number
- Rate limit threshold. Minimum 1 and maximum 10,000.
NgwafWorkspaceRuleRateLimitClientIdentifier, NgwafWorkspaceRuleRateLimitClientIdentifierArgs
Import
Fastly Next-Gen WAF workspace rules can be imported using the format <workspaceID>/<ruleID>, e.g.:
$ pulumi import fastly:index/ngwafWorkspaceRule:NgwafWorkspaceRule demo <workspaceID>/<ruleID>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Fastly pulumi/pulumi-fastly
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fastlyTerraform Provider.
