Viewing docs for Vercel v4.6.1
published on Saturday, Feb 28, 2026 by Pulumiverse
published on Saturday, Feb 28, 2026 by Pulumiverse
Viewing docs for Vercel v4.6.1
published on Saturday, Feb 28, 2026 by Pulumiverse
published on Saturday, Feb 28, 2026 by Pulumiverse
Define Custom Rules to shape the way your traffic is handled by the Vercel Edge Network.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vercel from "@pulumiverse/vercel";
const example = new vercel.Project("example", {name: "firewall-config-example"});
const exampleFirewallConfig = new vercel.FirewallConfig("example", {
projectId: example.id,
rules: {
rules: [
{
name: "Bypass Known request",
description: "Bypass requests using internal bearer tokens",
conditionGroups: [
{
conditions: [{
type: "header",
key: "Authorization",
op: "eq",
value: "Bearer internaltoken",
}],
},
{
conditions: [{
type: "header",
key: "Authorization",
op: "eq",
value: "Bearer internaltoken2",
}],
},
],
action: {
action: "bypass",
},
},
{
name: "Challenge curl",
description: "Challenge user agents containing 'curl'",
conditionGroups: [{
conditions: [{
type: "user_agent",
op: "sub",
value: "curl",
}],
}],
action: {
action: "challenge",
},
},
{
name: "Deny cookieless requests",
description: "requests to /api that are missing a session cookie",
conditionGroups: [{
conditions: [
{
type: "path",
op: "eq",
value: "/api",
},
{
type: "cookie",
key: "_session",
neg: true,
op: "ex",
},
],
}],
action: {
action: "challenge",
},
},
{
name: "Require Authorization header",
description: "Block requests without Authorization header",
conditionGroups: [{
conditions: [{
type: "header",
key: "Authorization",
op: "nex",
}],
}],
action: {
action: "deny",
},
},
{
name: "Log requests with custom header",
description: "Log requests that have X-Custom-Header present",
conditionGroups: [{
conditions: [{
type: "header",
key: "X-Custom-Header",
op: "ex",
}],
}],
action: {
action: "log",
},
},
{
name: "Rate limit API",
description: "apply ratelimit to requests under /api",
conditionGroups: [{
conditions: [{
type: "path",
op: "pre",
value: "/api",
}],
}],
action: {
action: "rate_limit",
rateLimit: {
limit: 100,
window: 300,
keys: [
"ip",
"ja4",
],
algo: "fixed_window",
action: "deny",
},
actionDuration: "5m",
},
},
{
name: "Known clients",
description: "Match known keys in header",
conditionGroups: [{
conditions: [{
type: "header",
key: "Authorization",
op: "inc",
values: [
"key1",
"key2",
],
}],
}],
action: {
action: "rate_limit",
rateLimit: {
limit: 100,
window: 300,
keys: [
"ip",
"ja4",
],
algo: "fixed_window",
action: "deny",
},
actionDuration: "5m",
},
},
],
},
});
const managedExample = new vercel.Project("managed_example", {name: "firewall-managed-rule-example"});
const managed = new vercel.FirewallConfig("managed", {
projectId: managedVercelProject.id,
managedRulesets: {
owasp: {
xss: {
action: "deny",
},
sqli: {
action: "deny",
},
rce: {
action: "deny",
},
php: {
action: "deny",
},
java: {
action: "deny",
},
lfi: {
action: "deny",
},
rfi: {
action: "deny",
},
gen: {
action: "deny",
},
},
botProtection: {
action: "log",
active: true,
},
aiBots: {
action: "log",
active: true,
},
},
});
const ipExample = new vercel.Project("ip_example", {name: "firewall-ip-blocking-example"});
const ip_blocking = new vercel.FirewallConfig("ip-blocking", {
projectId: ipExample.id,
ipRules: {
rules: [
{
action: "deny",
ip: "51.85.0.0/16",
hostname: "*",
},
{
action: "challenge",
ip: "1.2.3.4",
hostname: "example.com",
},
],
},
});
import pulumi
import pulumiverse_vercel as vercel
example = vercel.Project("example", name="firewall-config-example")
example_firewall_config = vercel.FirewallConfig("example",
project_id=example.id,
rules={
"rules": [
{
"name": "Bypass Known request",
"description": "Bypass requests using internal bearer tokens",
"condition_groups": [
{
"conditions": [{
"type": "header",
"key": "Authorization",
"op": "eq",
"value": "Bearer internaltoken",
}],
},
{
"conditions": [{
"type": "header",
"key": "Authorization",
"op": "eq",
"value": "Bearer internaltoken2",
}],
},
],
"action": {
"action": "bypass",
},
},
{
"name": "Challenge curl",
"description": "Challenge user agents containing 'curl'",
"condition_groups": [{
"conditions": [{
"type": "user_agent",
"op": "sub",
"value": "curl",
}],
}],
"action": {
"action": "challenge",
},
},
{
"name": "Deny cookieless requests",
"description": "requests to /api that are missing a session cookie",
"condition_groups": [{
"conditions": [
{
"type": "path",
"op": "eq",
"value": "/api",
},
{
"type": "cookie",
"key": "_session",
"neg": True,
"op": "ex",
},
],
}],
"action": {
"action": "challenge",
},
},
{
"name": "Require Authorization header",
"description": "Block requests without Authorization header",
"condition_groups": [{
"conditions": [{
"type": "header",
"key": "Authorization",
"op": "nex",
}],
}],
"action": {
"action": "deny",
},
},
{
"name": "Log requests with custom header",
"description": "Log requests that have X-Custom-Header present",
"condition_groups": [{
"conditions": [{
"type": "header",
"key": "X-Custom-Header",
"op": "ex",
}],
}],
"action": {
"action": "log",
},
},
{
"name": "Rate limit API",
"description": "apply ratelimit to requests under /api",
"condition_groups": [{
"conditions": [{
"type": "path",
"op": "pre",
"value": "/api",
}],
}],
"action": {
"action": "rate_limit",
"rate_limit": {
"limit": 100,
"window": 300,
"keys": [
"ip",
"ja4",
],
"algo": "fixed_window",
"action": "deny",
},
"action_duration": "5m",
},
},
{
"name": "Known clients",
"description": "Match known keys in header",
"condition_groups": [{
"conditions": [{
"type": "header",
"key": "Authorization",
"op": "inc",
"values": [
"key1",
"key2",
],
}],
}],
"action": {
"action": "rate_limit",
"rate_limit": {
"limit": 100,
"window": 300,
"keys": [
"ip",
"ja4",
],
"algo": "fixed_window",
"action": "deny",
},
"action_duration": "5m",
},
},
],
})
managed_example = vercel.Project("managed_example", name="firewall-managed-rule-example")
managed = vercel.FirewallConfig("managed",
project_id=managed_vercel_project["id"],
managed_rulesets={
"owasp": {
"xss": {
"action": "deny",
},
"sqli": {
"action": "deny",
},
"rce": {
"action": "deny",
},
"php": {
"action": "deny",
},
"java": {
"action": "deny",
},
"lfi": {
"action": "deny",
},
"rfi": {
"action": "deny",
},
"gen": {
"action": "deny",
},
},
"bot_protection": {
"action": "log",
"active": True,
},
"ai_bots": {
"action": "log",
"active": True,
},
})
ip_example = vercel.Project("ip_example", name="firewall-ip-blocking-example")
ip_blocking = vercel.FirewallConfig("ip-blocking",
project_id=ip_example.id,
ip_rules={
"rules": [
{
"action": "deny",
"ip": "51.85.0.0/16",
"hostname": "*",
},
{
"action": "challenge",
"ip": "1.2.3.4",
"hostname": "example.com",
},
],
})
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-vercel/sdk/v4/go/vercel"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := vercel.NewProject(ctx, "example", &vercel.ProjectArgs{
Name: pulumi.String("firewall-config-example"),
})
if err != nil {
return err
}
_, err = vercel.NewFirewallConfig(ctx, "example", &vercel.FirewallConfigArgs{
ProjectId: example.ID(),
Rules: &vercel.FirewallConfigRulesArgs{
Rules: vercel.FirewallConfigRulesRuleArray{
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Bypass Known request"),
Description: pulumi.String("Bypass requests using internal bearer tokens"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("header"),
Key: pulumi.String("Authorization"),
Op: pulumi.String("eq"),
Value: pulumi.String("Bearer internaltoken"),
},
},
},
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("header"),
Key: pulumi.String("Authorization"),
Op: pulumi.String("eq"),
Value: pulumi.String("Bearer internaltoken2"),
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("bypass"),
},
},
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Challenge curl"),
Description: pulumi.String("Challenge user agents containing 'curl'"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("user_agent"),
Op: pulumi.String("sub"),
Value: pulumi.String("curl"),
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("challenge"),
},
},
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Deny cookieless requests"),
Description: pulumi.String("requests to /api that are missing a session cookie"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("path"),
Op: pulumi.String("eq"),
Value: pulumi.String("/api"),
},
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("cookie"),
Key: pulumi.String("_session"),
Neg: pulumi.Bool(true),
Op: pulumi.String("ex"),
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("challenge"),
},
},
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Require Authorization header"),
Description: pulumi.String("Block requests without Authorization header"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("header"),
Key: pulumi.String("Authorization"),
Op: pulumi.String("nex"),
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("deny"),
},
},
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Log requests with custom header"),
Description: pulumi.String("Log requests that have X-Custom-Header present"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("header"),
Key: pulumi.String("X-Custom-Header"),
Op: pulumi.String("ex"),
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("log"),
},
},
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Rate limit API"),
Description: pulumi.String("apply ratelimit to requests under /api"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("path"),
Op: pulumi.String("pre"),
Value: pulumi.String("/api"),
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("rate_limit"),
RateLimit: &vercel.FirewallConfigRulesRuleActionRateLimitArgs{
Limit: pulumi.Int(100),
Window: pulumi.Int(300),
Keys: pulumi.StringArray{
pulumi.String("ip"),
pulumi.String("ja4"),
},
Algo: pulumi.String("fixed_window"),
Action: pulumi.String("deny"),
},
ActionDuration: pulumi.String("5m"),
},
},
&vercel.FirewallConfigRulesRuleArgs{
Name: pulumi.String("Known clients"),
Description: pulumi.String("Match known keys in header"),
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Type: pulumi.String("header"),
Key: pulumi.String("Authorization"),
Op: pulumi.String("inc"),
Values: pulumi.StringArray{
pulumi.String("key1"),
pulumi.String("key2"),
},
},
},
},
},
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("rate_limit"),
RateLimit: &vercel.FirewallConfigRulesRuleActionRateLimitArgs{
Limit: pulumi.Int(100),
Window: pulumi.Int(300),
Keys: pulumi.StringArray{
pulumi.String("ip"),
pulumi.String("ja4"),
},
Algo: pulumi.String("fixed_window"),
Action: pulumi.String("deny"),
},
ActionDuration: pulumi.String("5m"),
},
},
},
},
})
if err != nil {
return err
}
_, err = vercel.NewProject(ctx, "managed_example", &vercel.ProjectArgs{
Name: pulumi.String("firewall-managed-rule-example"),
})
if err != nil {
return err
}
_, err = vercel.NewFirewallConfig(ctx, "managed", &vercel.FirewallConfigArgs{
ProjectId: pulumi.Any(managedVercelProject.Id),
ManagedRulesets: &vercel.FirewallConfigManagedRulesetsArgs{
Owasp: &vercel.FirewallConfigManagedRulesetsOwaspArgs{
Xss: &vercel.FirewallConfigManagedRulesetsOwaspXssArgs{
Action: pulumi.String("deny"),
},
Sqli: &vercel.FirewallConfigManagedRulesetsOwaspSqliArgs{
Action: pulumi.String("deny"),
},
Rce: &vercel.FirewallConfigManagedRulesetsOwaspRceArgs{
Action: pulumi.String("deny"),
},
Php: &vercel.FirewallConfigManagedRulesetsOwaspPhpArgs{
Action: pulumi.String("deny"),
},
Java: &vercel.FirewallConfigManagedRulesetsOwaspJavaArgs{
Action: pulumi.String("deny"),
},
Lfi: &vercel.FirewallConfigManagedRulesetsOwaspLfiArgs{
Action: pulumi.String("deny"),
},
Rfi: &vercel.FirewallConfigManagedRulesetsOwaspRfiArgs{
Action: pulumi.String("deny"),
},
Gen: &vercel.FirewallConfigManagedRulesetsOwaspGenArgs{
Action: pulumi.String("deny"),
},
},
BotProtection: &vercel.FirewallConfigManagedRulesetsBotProtectionArgs{
Action: pulumi.String("log"),
Active: pulumi.Bool(true),
},
AiBots: &vercel.FirewallConfigManagedRulesetsAiBotsArgs{
Action: pulumi.String("log"),
Active: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
ipExample, err := vercel.NewProject(ctx, "ip_example", &vercel.ProjectArgs{
Name: pulumi.String("firewall-ip-blocking-example"),
})
if err != nil {
return err
}
_, err = vercel.NewFirewallConfig(ctx, "ip-blocking", &vercel.FirewallConfigArgs{
ProjectId: ipExample.ID(),
IpRules: &vercel.FirewallConfigIpRulesArgs{
Rules: vercel.FirewallConfigIpRulesRuleArray{
&vercel.FirewallConfigIpRulesRuleArgs{
Action: pulumi.String("deny"),
Ip: pulumi.String("51.85.0.0/16"),
Hostname: pulumi.String("*"),
},
&vercel.FirewallConfigIpRulesRuleArgs{
Action: pulumi.String("challenge"),
Ip: pulumi.String("1.2.3.4"),
Hostname: pulumi.String("example.com"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vercel = Pulumiverse.Vercel;
return await Deployment.RunAsync(() =>
{
var example = new Vercel.Project("example", new()
{
Name = "firewall-config-example",
});
var exampleFirewallConfig = new Vercel.FirewallConfig("example", new()
{
ProjectId = example.Id,
Rules = new Vercel.Inputs.FirewallConfigRulesArgs
{
Rules = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Bypass Known request",
Description = "Bypass requests using internal bearer tokens",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "header",
Key = "Authorization",
Op = "eq",
Value = "Bearer internaltoken",
},
},
},
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "header",
Key = "Authorization",
Op = "eq",
Value = "Bearer internaltoken2",
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "bypass",
},
},
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Challenge curl",
Description = "Challenge user agents containing 'curl'",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "user_agent",
Op = "sub",
Value = "curl",
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "challenge",
},
},
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Deny cookieless requests",
Description = "requests to /api that are missing a session cookie",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "path",
Op = "eq",
Value = "/api",
},
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "cookie",
Key = "_session",
Neg = true,
Op = "ex",
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "challenge",
},
},
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Require Authorization header",
Description = "Block requests without Authorization header",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "header",
Key = "Authorization",
Op = "nex",
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "deny",
},
},
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Log requests with custom header",
Description = "Log requests that have X-Custom-Header present",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "header",
Key = "X-Custom-Header",
Op = "ex",
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "log",
},
},
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Rate limit API",
Description = "apply ratelimit to requests under /api",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "path",
Op = "pre",
Value = "/api",
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "rate_limit",
RateLimit = new Vercel.Inputs.FirewallConfigRulesRuleActionRateLimitArgs
{
Limit = 100,
Window = 300,
Keys = new[]
{
"ip",
"ja4",
},
Algo = "fixed_window",
Action = "deny",
},
ActionDuration = "5m",
},
},
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Name = "Known clients",
Description = "Match known keys in header",
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Type = "header",
Key = "Authorization",
Op = "inc",
Values = new[]
{
"key1",
"key2",
},
},
},
},
},
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "rate_limit",
RateLimit = new Vercel.Inputs.FirewallConfigRulesRuleActionRateLimitArgs
{
Limit = 100,
Window = 300,
Keys = new[]
{
"ip",
"ja4",
},
Algo = "fixed_window",
Action = "deny",
},
ActionDuration = "5m",
},
},
},
},
});
var managedExample = new Vercel.Project("managed_example", new()
{
Name = "firewall-managed-rule-example",
});
var managed = new Vercel.FirewallConfig("managed", new()
{
ProjectId = managedVercelProject.Id,
ManagedRulesets = new Vercel.Inputs.FirewallConfigManagedRulesetsArgs
{
Owasp = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspArgs
{
Xss = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspXssArgs
{
Action = "deny",
},
Sqli = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspSqliArgs
{
Action = "deny",
},
Rce = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspRceArgs
{
Action = "deny",
},
Php = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspPhpArgs
{
Action = "deny",
},
Java = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspJavaArgs
{
Action = "deny",
},
Lfi = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspLfiArgs
{
Action = "deny",
},
Rfi = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspRfiArgs
{
Action = "deny",
},
Gen = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspGenArgs
{
Action = "deny",
},
},
BotProtection = new Vercel.Inputs.FirewallConfigManagedRulesetsBotProtectionArgs
{
Action = "log",
Active = true,
},
AiBots = new Vercel.Inputs.FirewallConfigManagedRulesetsAiBotsArgs
{
Action = "log",
Active = true,
},
},
});
var ipExample = new Vercel.Project("ip_example", new()
{
Name = "firewall-ip-blocking-example",
});
var ip_blocking = new Vercel.FirewallConfig("ip-blocking", new()
{
ProjectId = ipExample.Id,
IpRules = new Vercel.Inputs.FirewallConfigIpRulesArgs
{
Rules = new[]
{
new Vercel.Inputs.FirewallConfigIpRulesRuleArgs
{
Action = "deny",
Ip = "51.85.0.0/16",
Hostname = "*",
},
new Vercel.Inputs.FirewallConfigIpRulesRuleArgs
{
Action = "challenge",
Ip = "1.2.3.4",
Hostname = "example.com",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumiverse.vercel.Project;
import com.pulumiverse.vercel.ProjectArgs;
import com.pulumiverse.vercel.FirewallConfig;
import com.pulumiverse.vercel.FirewallConfigArgs;
import com.pulumi.vercel.inputs.FirewallConfigRulesArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspXssArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspSqliArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspRceArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspPhpArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspJavaArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspLfiArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspRfiArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsOwaspGenArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsBotProtectionArgs;
import com.pulumi.vercel.inputs.FirewallConfigManagedRulesetsAiBotsArgs;
import com.pulumi.vercel.inputs.FirewallConfigIpRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("firewall-config-example")
.build());
var exampleFirewallConfig = new FirewallConfig("exampleFirewallConfig", FirewallConfigArgs.builder()
.projectId(example.id())
.rules(FirewallConfigRulesArgs.builder()
.rules(
FirewallConfigRulesRuleArgs.builder()
.name("Bypass Known request")
.description("Bypass requests using internal bearer tokens")
.conditionGroups(
FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("header")
.key("Authorization")
.op("eq")
.value("Bearer internaltoken")
.build())
.build(),
FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("header")
.key("Authorization")
.op("eq")
.value("Bearer internaltoken2")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("bypass")
.build())
.build(),
FirewallConfigRulesRuleArgs.builder()
.name("Challenge curl")
.description("Challenge user agents containing 'curl'")
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("user_agent")
.op("sub")
.value("curl")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("challenge")
.build())
.build(),
FirewallConfigRulesRuleArgs.builder()
.name("Deny cookieless requests")
.description("requests to /api that are missing a session cookie")
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(
FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("path")
.op("eq")
.value("/api")
.build(),
FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("cookie")
.key("_session")
.neg(true)
.op("ex")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("challenge")
.build())
.build(),
FirewallConfigRulesRuleArgs.builder()
.name("Require Authorization header")
.description("Block requests without Authorization header")
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("header")
.key("Authorization")
.op("nex")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("deny")
.build())
.build(),
FirewallConfigRulesRuleArgs.builder()
.name("Log requests with custom header")
.description("Log requests that have X-Custom-Header present")
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("header")
.key("X-Custom-Header")
.op("ex")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("log")
.build())
.build(),
FirewallConfigRulesRuleArgs.builder()
.name("Rate limit API")
.description("apply ratelimit to requests under /api")
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("path")
.op("pre")
.value("/api")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("rate_limit")
.rateLimit(FirewallConfigRulesRuleActionRateLimitArgs.builder()
.limit(100)
.window(300)
.keys(
"ip",
"ja4")
.algo("fixed_window")
.action("deny")
.build())
.actionDuration("5m")
.build())
.build(),
FirewallConfigRulesRuleArgs.builder()
.name("Known clients")
.description("Match known keys in header")
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.type("header")
.key("Authorization")
.op("inc")
.values(
"key1",
"key2")
.build())
.build())
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("rate_limit")
.rateLimit(FirewallConfigRulesRuleActionRateLimitArgs.builder()
.limit(100)
.window(300)
.keys(
"ip",
"ja4")
.algo("fixed_window")
.action("deny")
.build())
.actionDuration("5m")
.build())
.build())
.build())
.build());
var managedExample = new Project("managedExample", ProjectArgs.builder()
.name("firewall-managed-rule-example")
.build());
var managed = new FirewallConfig("managed", FirewallConfigArgs.builder()
.projectId(managedVercelProject.id())
.managedRulesets(FirewallConfigManagedRulesetsArgs.builder()
.owasp(FirewallConfigManagedRulesetsOwaspArgs.builder()
.xss(FirewallConfigManagedRulesetsOwaspXssArgs.builder()
.action("deny")
.build())
.sqli(FirewallConfigManagedRulesetsOwaspSqliArgs.builder()
.action("deny")
.build())
.rce(FirewallConfigManagedRulesetsOwaspRceArgs.builder()
.action("deny")
.build())
.php(FirewallConfigManagedRulesetsOwaspPhpArgs.builder()
.action("deny")
.build())
.java(FirewallConfigManagedRulesetsOwaspJavaArgs.builder()
.action("deny")
.build())
.lfi(FirewallConfigManagedRulesetsOwaspLfiArgs.builder()
.action("deny")
.build())
.rfi(FirewallConfigManagedRulesetsOwaspRfiArgs.builder()
.action("deny")
.build())
.gen(FirewallConfigManagedRulesetsOwaspGenArgs.builder()
.action("deny")
.build())
.build())
.botProtection(FirewallConfigManagedRulesetsBotProtectionArgs.builder()
.action("log")
.active(true)
.build())
.aiBots(FirewallConfigManagedRulesetsAiBotsArgs.builder()
.action("log")
.active(true)
.build())
.build())
.build());
var ipExample = new Project("ipExample", ProjectArgs.builder()
.name("firewall-ip-blocking-example")
.build());
var ip_blocking = new FirewallConfig("ip-blocking", FirewallConfigArgs.builder()
.projectId(ipExample.id())
.ipRules(FirewallConfigIpRulesArgs.builder()
.rules(
FirewallConfigIpRulesRuleArgs.builder()
.action("deny")
.ip("51.85.0.0/16")
.hostname("*")
.build(),
FirewallConfigIpRulesRuleArgs.builder()
.action("challenge")
.ip("1.2.3.4")
.hostname("example.com")
.build())
.build())
.build());
}
}
resources:
example:
type: vercel:Project
properties:
name: firewall-config-example
exampleFirewallConfig:
type: vercel:FirewallConfig
name: example
properties:
projectId: ${example.id}
rules:
rules:
- name: Bypass Known request
description: Bypass requests using internal bearer tokens
conditionGroups:
- conditions:
- type: header
key: Authorization
op: eq
value: Bearer internaltoken
- conditions:
- type: header
key: Authorization
op: eq
value: Bearer internaltoken2
action:
action: bypass
- name: Challenge curl
description: Challenge user agents containing 'curl'
conditionGroups:
- conditions:
- type: user_agent
op: sub
value: curl
action:
action: challenge
- name: Deny cookieless requests
description: requests to /api that are missing a session cookie
conditionGroups:
- conditions:
- type: path
op: eq
value: /api
- type: cookie
key: _session
neg: true
op: ex
action:
action: challenge
- name: Require Authorization header
description: Block requests without Authorization header
conditionGroups:
- conditions:
- type: header
key: Authorization
op: nex
action:
action: deny
- name: Log requests with custom header
description: Log requests that have X-Custom-Header present
conditionGroups:
- conditions:
- type: header
key: X-Custom-Header
op: ex
action:
action: log
- name: Rate limit API
description: apply ratelimit to requests under /api
conditionGroups:
- conditions:
- type: path
op: pre
value: /api
action:
action: rate_limit
rateLimit:
limit: 100
window: 300
keys:
- ip
- ja4
algo: fixed_window
action: deny
actionDuration: 5m
- name: Known clients
description: Match known keys in header
conditionGroups:
- conditions:
- type: header
key: Authorization
op: inc
values:
- key1
- key2
action:
action: rate_limit
rateLimit:
limit: 100
window: 300
keys:
- ip
- ja4
algo: fixed_window
action: deny
actionDuration: 5m
managedExample:
type: vercel:Project
name: managed_example
properties:
name: firewall-managed-rule-example
managed:
type: vercel:FirewallConfig
properties:
projectId: ${managedVercelProject.id}
managedRulesets:
owasp:
xss:
action: deny
sqli:
action: deny
rce:
action: deny
php:
action: deny
java:
action: deny
lfi:
action: deny
rfi:
action: deny
gen:
action: deny
botProtection:
action: log
active: true
aiBots:
action: log
active: true
ipExample:
type: vercel:Project
name: ip_example
properties:
name: firewall-ip-blocking-example
ip-blocking:
type: vercel:FirewallConfig
properties:
projectId: ${ipExample.id}
ipRules:
rules:
- action: deny
ip: 51.85.0.0/16
hostname: '*'
- action: challenge
ip: 1.2.3.4
hostname: example.com
Create FirewallConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallConfig(name: string, args: FirewallConfigArgs, opts?: CustomResourceOptions);@overload
def FirewallConfig(resource_name: str,
args: FirewallConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
project_id: Optional[str] = None,
enabled: Optional[bool] = None,
ip_rules: Optional[FirewallConfigIpRulesArgs] = None,
managed_rulesets: Optional[FirewallConfigManagedRulesetsArgs] = None,
rules: Optional[FirewallConfigRulesArgs] = None,
team_id: Optional[str] = None)func NewFirewallConfig(ctx *Context, name string, args FirewallConfigArgs, opts ...ResourceOption) (*FirewallConfig, error)public FirewallConfig(string name, FirewallConfigArgs args, CustomResourceOptions? opts = null)
public FirewallConfig(String name, FirewallConfigArgs args)
public FirewallConfig(String name, FirewallConfigArgs args, CustomResourceOptions options)
type: vercel:FirewallConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallConfigResource = new Vercel.FirewallConfig("firewallConfigResource", new()
{
ProjectId = "string",
Enabled = false,
IpRules = new Vercel.Inputs.FirewallConfigIpRulesArgs
{
Rules = new[]
{
new Vercel.Inputs.FirewallConfigIpRulesRuleArgs
{
Action = "string",
Hostname = "string",
Ip = "string",
Id = "string",
Notes = "string",
},
},
},
ManagedRulesets = new Vercel.Inputs.FirewallConfigManagedRulesetsArgs
{
AiBots = new Vercel.Inputs.FirewallConfigManagedRulesetsAiBotsArgs
{
Action = "string",
Active = false,
},
BotProtection = new Vercel.Inputs.FirewallConfigManagedRulesetsBotProtectionArgs
{
Action = "string",
Active = false,
},
Owasp = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspArgs
{
Gen = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspGenArgs
{
Action = "string",
Active = false,
},
Java = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspJavaArgs
{
Action = "string",
Active = false,
},
Lfi = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspLfiArgs
{
Action = "string",
Active = false,
},
Ma = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspMaArgs
{
Action = "string",
Active = false,
},
Php = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspPhpArgs
{
Action = "string",
Active = false,
},
Rce = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspRceArgs
{
Action = "string",
Active = false,
},
Rfi = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspRfiArgs
{
Action = "string",
Active = false,
},
Sd = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspSdArgs
{
Action = "string",
Active = false,
},
Sf = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspSfArgs
{
Action = "string",
Active = false,
},
Sqli = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspSqliArgs
{
Action = "string",
Active = false,
},
Xss = new Vercel.Inputs.FirewallConfigManagedRulesetsOwaspXssArgs
{
Action = "string",
Active = false,
},
},
},
Rules = new Vercel.Inputs.FirewallConfigRulesArgs
{
Rules = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleArgs
{
Action = new Vercel.Inputs.FirewallConfigRulesRuleActionArgs
{
Action = "string",
ActionDuration = "string",
RateLimit = new Vercel.Inputs.FirewallConfigRulesRuleActionRateLimitArgs
{
Action = "string",
Algo = "string",
Keys = new[]
{
"string",
},
Limit = 0,
Window = 0,
},
Redirect = new Vercel.Inputs.FirewallConfigRulesRuleActionRedirectArgs
{
Location = "string",
Permanent = false,
},
},
ConditionGroups = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupArgs
{
Conditions = new[]
{
new Vercel.Inputs.FirewallConfigRulesRuleConditionGroupConditionArgs
{
Op = "string",
Type = "string",
Key = "string",
Neg = false,
Value = "string",
Values = new[]
{
"string",
},
},
},
},
},
Name = "string",
Active = false,
Description = "string",
Id = "string",
},
},
},
TeamId = "string",
});
example, err := vercel.NewFirewallConfig(ctx, "firewallConfigResource", &vercel.FirewallConfigArgs{
ProjectId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
IpRules: &vercel.FirewallConfigIpRulesArgs{
Rules: vercel.FirewallConfigIpRulesRuleArray{
&vercel.FirewallConfigIpRulesRuleArgs{
Action: pulumi.String("string"),
Hostname: pulumi.String("string"),
Ip: pulumi.String("string"),
Id: pulumi.String("string"),
Notes: pulumi.String("string"),
},
},
},
ManagedRulesets: &vercel.FirewallConfigManagedRulesetsArgs{
AiBots: &vercel.FirewallConfigManagedRulesetsAiBotsArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
BotProtection: &vercel.FirewallConfigManagedRulesetsBotProtectionArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Owasp: &vercel.FirewallConfigManagedRulesetsOwaspArgs{
Gen: &vercel.FirewallConfigManagedRulesetsOwaspGenArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Java: &vercel.FirewallConfigManagedRulesetsOwaspJavaArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Lfi: &vercel.FirewallConfigManagedRulesetsOwaspLfiArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Ma: &vercel.FirewallConfigManagedRulesetsOwaspMaArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Php: &vercel.FirewallConfigManagedRulesetsOwaspPhpArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Rce: &vercel.FirewallConfigManagedRulesetsOwaspRceArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Rfi: &vercel.FirewallConfigManagedRulesetsOwaspRfiArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Sd: &vercel.FirewallConfigManagedRulesetsOwaspSdArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Sf: &vercel.FirewallConfigManagedRulesetsOwaspSfArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Sqli: &vercel.FirewallConfigManagedRulesetsOwaspSqliArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
Xss: &vercel.FirewallConfigManagedRulesetsOwaspXssArgs{
Action: pulumi.String("string"),
Active: pulumi.Bool(false),
},
},
},
Rules: &vercel.FirewallConfigRulesArgs{
Rules: vercel.FirewallConfigRulesRuleArray{
&vercel.FirewallConfigRulesRuleArgs{
Action: &vercel.FirewallConfigRulesRuleActionArgs{
Action: pulumi.String("string"),
ActionDuration: pulumi.String("string"),
RateLimit: &vercel.FirewallConfigRulesRuleActionRateLimitArgs{
Action: pulumi.String("string"),
Algo: pulumi.String("string"),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
Limit: pulumi.Int(0),
Window: pulumi.Int(0),
},
Redirect: &vercel.FirewallConfigRulesRuleActionRedirectArgs{
Location: pulumi.String("string"),
Permanent: pulumi.Bool(false),
},
},
ConditionGroups: vercel.FirewallConfigRulesRuleConditionGroupArray{
&vercel.FirewallConfigRulesRuleConditionGroupArgs{
Conditions: vercel.FirewallConfigRulesRuleConditionGroupConditionArray{
&vercel.FirewallConfigRulesRuleConditionGroupConditionArgs{
Op: pulumi.String("string"),
Type: pulumi.String("string"),
Key: pulumi.String("string"),
Neg: pulumi.Bool(false),
Value: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
Name: pulumi.String("string"),
Active: pulumi.Bool(false),
Description: pulumi.String("string"),
Id: pulumi.String("string"),
},
},
},
TeamId: pulumi.String("string"),
})
var firewallConfigResource = new FirewallConfig("firewallConfigResource", FirewallConfigArgs.builder()
.projectId("string")
.enabled(false)
.ipRules(FirewallConfigIpRulesArgs.builder()
.rules(FirewallConfigIpRulesRuleArgs.builder()
.action("string")
.hostname("string")
.ip("string")
.id("string")
.notes("string")
.build())
.build())
.managedRulesets(FirewallConfigManagedRulesetsArgs.builder()
.aiBots(FirewallConfigManagedRulesetsAiBotsArgs.builder()
.action("string")
.active(false)
.build())
.botProtection(FirewallConfigManagedRulesetsBotProtectionArgs.builder()
.action("string")
.active(false)
.build())
.owasp(FirewallConfigManagedRulesetsOwaspArgs.builder()
.gen(FirewallConfigManagedRulesetsOwaspGenArgs.builder()
.action("string")
.active(false)
.build())
.java(FirewallConfigManagedRulesetsOwaspJavaArgs.builder()
.action("string")
.active(false)
.build())
.lfi(FirewallConfigManagedRulesetsOwaspLfiArgs.builder()
.action("string")
.active(false)
.build())
.ma(FirewallConfigManagedRulesetsOwaspMaArgs.builder()
.action("string")
.active(false)
.build())
.php(FirewallConfigManagedRulesetsOwaspPhpArgs.builder()
.action("string")
.active(false)
.build())
.rce(FirewallConfigManagedRulesetsOwaspRceArgs.builder()
.action("string")
.active(false)
.build())
.rfi(FirewallConfigManagedRulesetsOwaspRfiArgs.builder()
.action("string")
.active(false)
.build())
.sd(FirewallConfigManagedRulesetsOwaspSdArgs.builder()
.action("string")
.active(false)
.build())
.sf(FirewallConfigManagedRulesetsOwaspSfArgs.builder()
.action("string")
.active(false)
.build())
.sqli(FirewallConfigManagedRulesetsOwaspSqliArgs.builder()
.action("string")
.active(false)
.build())
.xss(FirewallConfigManagedRulesetsOwaspXssArgs.builder()
.action("string")
.active(false)
.build())
.build())
.build())
.rules(FirewallConfigRulesArgs.builder()
.rules(FirewallConfigRulesRuleArgs.builder()
.action(FirewallConfigRulesRuleActionArgs.builder()
.action("string")
.actionDuration("string")
.rateLimit(FirewallConfigRulesRuleActionRateLimitArgs.builder()
.action("string")
.algo("string")
.keys("string")
.limit(0)
.window(0)
.build())
.redirect(FirewallConfigRulesRuleActionRedirectArgs.builder()
.location("string")
.permanent(false)
.build())
.build())
.conditionGroups(FirewallConfigRulesRuleConditionGroupArgs.builder()
.conditions(FirewallConfigRulesRuleConditionGroupConditionArgs.builder()
.op("string")
.type("string")
.key("string")
.neg(false)
.value("string")
.values("string")
.build())
.build())
.name("string")
.active(false)
.description("string")
.id("string")
.build())
.build())
.teamId("string")
.build());
firewall_config_resource = vercel.FirewallConfig("firewallConfigResource",
project_id="string",
enabled=False,
ip_rules={
"rules": [{
"action": "string",
"hostname": "string",
"ip": "string",
"id": "string",
"notes": "string",
}],
},
managed_rulesets={
"ai_bots": {
"action": "string",
"active": False,
},
"bot_protection": {
"action": "string",
"active": False,
},
"owasp": {
"gen": {
"action": "string",
"active": False,
},
"java": {
"action": "string",
"active": False,
},
"lfi": {
"action": "string",
"active": False,
},
"ma": {
"action": "string",
"active": False,
},
"php": {
"action": "string",
"active": False,
},
"rce": {
"action": "string",
"active": False,
},
"rfi": {
"action": "string",
"active": False,
},
"sd": {
"action": "string",
"active": False,
},
"sf": {
"action": "string",
"active": False,
},
"sqli": {
"action": "string",
"active": False,
},
"xss": {
"action": "string",
"active": False,
},
},
},
rules={
"rules": [{
"action": {
"action": "string",
"action_duration": "string",
"rate_limit": {
"action": "string",
"algo": "string",
"keys": ["string"],
"limit": 0,
"window": 0,
},
"redirect": {
"location": "string",
"permanent": False,
},
},
"condition_groups": [{
"conditions": [{
"op": "string",
"type": "string",
"key": "string",
"neg": False,
"value": "string",
"values": ["string"],
}],
}],
"name": "string",
"active": False,
"description": "string",
"id": "string",
}],
},
team_id="string")
const firewallConfigResource = new vercel.FirewallConfig("firewallConfigResource", {
projectId: "string",
enabled: false,
ipRules: {
rules: [{
action: "string",
hostname: "string",
ip: "string",
id: "string",
notes: "string",
}],
},
managedRulesets: {
aiBots: {
action: "string",
active: false,
},
botProtection: {
action: "string",
active: false,
},
owasp: {
gen: {
action: "string",
active: false,
},
java: {
action: "string",
active: false,
},
lfi: {
action: "string",
active: false,
},
ma: {
action: "string",
active: false,
},
php: {
action: "string",
active: false,
},
rce: {
action: "string",
active: false,
},
rfi: {
action: "string",
active: false,
},
sd: {
action: "string",
active: false,
},
sf: {
action: "string",
active: false,
},
sqli: {
action: "string",
active: false,
},
xss: {
action: "string",
active: false,
},
},
},
rules: {
rules: [{
action: {
action: "string",
actionDuration: "string",
rateLimit: {
action: "string",
algo: "string",
keys: ["string"],
limit: 0,
window: 0,
},
redirect: {
location: "string",
permanent: false,
},
},
conditionGroups: [{
conditions: [{
op: "string",
type: "string",
key: "string",
neg: false,
value: "string",
values: ["string"],
}],
}],
name: "string",
active: false,
description: "string",
id: "string",
}],
},
teamId: "string",
});
type: vercel:FirewallConfig
properties:
enabled: false
ipRules:
rules:
- action: string
hostname: string
id: string
ip: string
notes: string
managedRulesets:
aiBots:
action: string
active: false
botProtection:
action: string
active: false
owasp:
gen:
action: string
active: false
java:
action: string
active: false
lfi:
action: string
active: false
ma:
action: string
active: false
php:
action: string
active: false
rce:
action: string
active: false
rfi:
action: string
active: false
sd:
action: string
active: false
sf:
action: string
active: false
sqli:
action: string
active: false
xss:
action: string
active: false
projectId: string
rules:
rules:
- action:
action: string
actionDuration: string
rateLimit:
action: string
algo: string
keys:
- string
limit: 0
window: 0
redirect:
location: string
permanent: false
active: false
conditionGroups:
- conditions:
- key: string
neg: false
op: string
type: string
value: string
values:
- string
description: string
id: string
name: string
teamId: string
FirewallConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallConfig resource accepts the following input properties:
- Project
Id string - The ID of the project this configuration belongs to.
- Enabled bool
- Whether firewall is enabled or not.
- Ip
Rules Pulumiverse.Vercel. Inputs. Firewall Config Ip Rules - IP rules to apply to the project.
- Managed
Rulesets Pulumiverse.Vercel. Inputs. Firewall Config Managed Rulesets - The managed rulesets that are enabled.
- Rules
Pulumiverse.
Vercel. Inputs. Firewall Config Rules - Custom rules to apply to the project
- Team
Id string - The ID of the team this project belongs to.
- Project
Id string - The ID of the project this configuration belongs to.
- Enabled bool
- Whether firewall is enabled or not.
- Ip
Rules FirewallConfig Ip Rules Args - IP rules to apply to the project.
- Managed
Rulesets FirewallConfig Managed Rulesets Args - The managed rulesets that are enabled.
- Rules
Firewall
Config Rules Args - Custom rules to apply to the project
- Team
Id string - The ID of the team this project belongs to.
- project
Id String - The ID of the project this configuration belongs to.
- enabled Boolean
- Whether firewall is enabled or not.
- ip
Rules FirewallConfig Ip Rules - IP rules to apply to the project.
- managed
Rulesets FirewallConfig Managed Rulesets - The managed rulesets that are enabled.
- rules
Firewall
Config Rules - Custom rules to apply to the project
- team
Id String - The ID of the team this project belongs to.
- project
Id string - The ID of the project this configuration belongs to.
- enabled boolean
- Whether firewall is enabled or not.
- ip
Rules FirewallConfig Ip Rules - IP rules to apply to the project.
- managed
Rulesets FirewallConfig Managed Rulesets - The managed rulesets that are enabled.
- rules
Firewall
Config Rules - Custom rules to apply to the project
- team
Id string - The ID of the team this project belongs to.
- project_
id str - The ID of the project this configuration belongs to.
- enabled bool
- Whether firewall is enabled or not.
- ip_
rules FirewallConfig Ip Rules Args - IP rules to apply to the project.
- managed_
rulesets FirewallConfig Managed Rulesets Args - The managed rulesets that are enabled.
- rules
Firewall
Config Rules Args - Custom rules to apply to the project
- team_
id str - The ID of the team this project belongs to.
- project
Id String - The ID of the project this configuration belongs to.
- enabled Boolean
- Whether firewall is enabled or not.
- ip
Rules Property Map - IP rules to apply to the project.
- managed
Rulesets Property Map - The managed rulesets that are enabled.
- rules Property Map
- Custom rules to apply to the project
- team
Id String - The ID of the team this project belongs to.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallConfig resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FirewallConfig Resource
Get an existing FirewallConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallConfigState, opts?: CustomResourceOptions): FirewallConfig@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
enabled: Optional[bool] = None,
ip_rules: Optional[FirewallConfigIpRulesArgs] = None,
managed_rulesets: Optional[FirewallConfigManagedRulesetsArgs] = None,
project_id: Optional[str] = None,
rules: Optional[FirewallConfigRulesArgs] = None,
team_id: Optional[str] = None) -> FirewallConfigfunc GetFirewallConfig(ctx *Context, name string, id IDInput, state *FirewallConfigState, opts ...ResourceOption) (*FirewallConfig, error)public static FirewallConfig Get(string name, Input<string> id, FirewallConfigState? state, CustomResourceOptions? opts = null)public static FirewallConfig get(String name, Output<String> id, FirewallConfigState state, CustomResourceOptions options)resources: _: type: vercel:FirewallConfig get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Enabled bool
- Whether firewall is enabled or not.
- Ip
Rules Pulumiverse.Vercel. Inputs. Firewall Config Ip Rules - IP rules to apply to the project.
- Managed
Rulesets Pulumiverse.Vercel. Inputs. Firewall Config Managed Rulesets - The managed rulesets that are enabled.
- Project
Id string - The ID of the project this configuration belongs to.
- Rules
Pulumiverse.
Vercel. Inputs. Firewall Config Rules - Custom rules to apply to the project
- Team
Id string - The ID of the team this project belongs to.
- Enabled bool
- Whether firewall is enabled or not.
- Ip
Rules FirewallConfig Ip Rules Args - IP rules to apply to the project.
- Managed
Rulesets FirewallConfig Managed Rulesets Args - The managed rulesets that are enabled.
- Project
Id string - The ID of the project this configuration belongs to.
- Rules
Firewall
Config Rules Args - Custom rules to apply to the project
- Team
Id string - The ID of the team this project belongs to.
- enabled Boolean
- Whether firewall is enabled or not.
- ip
Rules FirewallConfig Ip Rules - IP rules to apply to the project.
- managed
Rulesets FirewallConfig Managed Rulesets - The managed rulesets that are enabled.
- project
Id String - The ID of the project this configuration belongs to.
- rules
Firewall
Config Rules - Custom rules to apply to the project
- team
Id String - The ID of the team this project belongs to.
- enabled boolean
- Whether firewall is enabled or not.
- ip
Rules FirewallConfig Ip Rules - IP rules to apply to the project.
- managed
Rulesets FirewallConfig Managed Rulesets - The managed rulesets that are enabled.
- project
Id string - The ID of the project this configuration belongs to.
- rules
Firewall
Config Rules - Custom rules to apply to the project
- team
Id string - The ID of the team this project belongs to.
- enabled bool
- Whether firewall is enabled or not.
- ip_
rules FirewallConfig Ip Rules Args - IP rules to apply to the project.
- managed_
rulesets FirewallConfig Managed Rulesets Args - The managed rulesets that are enabled.
- project_
id str - The ID of the project this configuration belongs to.
- rules
Firewall
Config Rules Args - Custom rules to apply to the project
- team_
id str - The ID of the team this project belongs to.
- enabled Boolean
- Whether firewall is enabled or not.
- ip
Rules Property Map - IP rules to apply to the project.
- managed
Rulesets Property Map - The managed rulesets that are enabled.
- project
Id String - The ID of the project this configuration belongs to.
- rules Property Map
- Custom rules to apply to the project
- team
Id String - The ID of the team this project belongs to.
Supporting Types
FirewallConfigIpRules, FirewallConfigIpRulesArgs
FirewallConfigIpRulesRule, FirewallConfigIpRulesRuleArgs
FirewallConfigManagedRulesets, FirewallConfigManagedRulesetsArgs
- Ai
Bots Pulumiverse.Vercel. Inputs. Firewall Config Managed Rulesets Ai Bots - Enable the ai*bots managed ruleset and select action
- Bot
Filter Pulumiverse.Vercel. Inputs. Firewall Config Managed Rulesets Bot Filter - DEPRECATED: Use bot*protection instead. This block will be removed in a future release.
- Bot
Protection Pulumiverse.Vercel. Inputs. Firewall Config Managed Rulesets Bot Protection - Enable the bot*protection managed ruleset and select action
- Owasp
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp - Enable the owasp managed rulesets and select ruleset behaviors
- Ai
Bots FirewallConfig Managed Rulesets Ai Bots - Enable the ai*bots managed ruleset and select action
- Bot
Filter FirewallConfig Managed Rulesets Bot Filter - DEPRECATED: Use bot*protection instead. This block will be removed in a future release.
- Bot
Protection FirewallConfig Managed Rulesets Bot Protection - Enable the bot*protection managed ruleset and select action
- Owasp
Firewall
Config Managed Rulesets Owasp - Enable the owasp managed rulesets and select ruleset behaviors
- ai
Bots FirewallConfig Managed Rulesets Ai Bots - Enable the ai*bots managed ruleset and select action
- bot
Filter FirewallConfig Managed Rulesets Bot Filter - DEPRECATED: Use bot*protection instead. This block will be removed in a future release.
- bot
Protection FirewallConfig Managed Rulesets Bot Protection - Enable the bot*protection managed ruleset and select action
- owasp
Firewall
Config Managed Rulesets Owasp - Enable the owasp managed rulesets and select ruleset behaviors
- ai
Bots FirewallConfig Managed Rulesets Ai Bots - Enable the ai*bots managed ruleset and select action
- bot
Filter FirewallConfig Managed Rulesets Bot Filter - DEPRECATED: Use bot*protection instead. This block will be removed in a future release.
- bot
Protection FirewallConfig Managed Rulesets Bot Protection - Enable the bot*protection managed ruleset and select action
- owasp
Firewall
Config Managed Rulesets Owasp - Enable the owasp managed rulesets and select ruleset behaviors
- ai_
bots FirewallConfig Managed Rulesets Ai Bots - Enable the ai*bots managed ruleset and select action
- bot_
filter FirewallConfig Managed Rulesets Bot Filter - DEPRECATED: Use bot*protection instead. This block will be removed in a future release.
- bot_
protection FirewallConfig Managed Rulesets Bot Protection - Enable the bot*protection managed ruleset and select action
- owasp
Firewall
Config Managed Rulesets Owasp - Enable the owasp managed rulesets and select ruleset behaviors
- ai
Bots Property Map - Enable the ai*bots managed ruleset and select action
- bot
Filter Property Map - DEPRECATED: Use bot*protection instead. This block will be removed in a future release.
- bot
Protection Property Map - Enable the bot*protection managed ruleset and select action
- owasp Property Map
- Enable the owasp managed rulesets and select ruleset behaviors
FirewallConfigManagedRulesetsAiBots, FirewallConfigManagedRulesetsAiBotsArgs
FirewallConfigManagedRulesetsBotFilter, FirewallConfigManagedRulesetsBotFilterArgs
FirewallConfigManagedRulesetsBotProtection, FirewallConfigManagedRulesetsBotProtectionArgs
FirewallConfigManagedRulesetsOwasp, FirewallConfigManagedRulesetsOwaspArgs
- Gen
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Gen - Generic Attack Detection
- Java
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Java - Java Attack Detection
- Lfi
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Lfi - Local File Inclusion Rules
- Ma
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Ma - Multipart Rules
- Php
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Php - PHP Attack Detection
- Rce
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Rce - Remote Code Execution Rules
- Rfi
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Rfi - Remote File Inclusion Rules
- Sd
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Sd - Scanner Detection Rules
- Sf
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Sf - Session Fixation Attack
- Sqli
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Sqli - SQL Injection Rules
- Xss
Pulumiverse.
Vercel. Inputs. Firewall Config Managed Rulesets Owasp Xss - Cross Site Scripting Rules
- Gen
Firewall
Config Managed Rulesets Owasp Gen - Generic Attack Detection
- Java
Firewall
Config Managed Rulesets Owasp Java - Java Attack Detection
- Lfi
Firewall
Config Managed Rulesets Owasp Lfi - Local File Inclusion Rules
- Ma
Firewall
Config Managed Rulesets Owasp Ma - Multipart Rules
- Php
Firewall
Config Managed Rulesets Owasp Php - PHP Attack Detection
- Rce
Firewall
Config Managed Rulesets Owasp Rce - Remote Code Execution Rules
- Rfi
Firewall
Config Managed Rulesets Owasp Rfi - Remote File Inclusion Rules
- Sd
Firewall
Config Managed Rulesets Owasp Sd - Scanner Detection Rules
- Sf
Firewall
Config Managed Rulesets Owasp Sf - Session Fixation Attack
- Sqli
Firewall
Config Managed Rulesets Owasp Sqli - SQL Injection Rules
- Xss
Firewall
Config Managed Rulesets Owasp Xss - Cross Site Scripting Rules
- gen
Firewall
Config Managed Rulesets Owasp Gen - Generic Attack Detection
- java
Firewall
Config Managed Rulesets Owasp Java - Java Attack Detection
- lfi
Firewall
Config Managed Rulesets Owasp Lfi - Local File Inclusion Rules
- ma
Firewall
Config Managed Rulesets Owasp Ma - Multipart Rules
- php
Firewall
Config Managed Rulesets Owasp Php - PHP Attack Detection
- rce
Firewall
Config Managed Rulesets Owasp Rce - Remote Code Execution Rules
- rfi
Firewall
Config Managed Rulesets Owasp Rfi - Remote File Inclusion Rules
- sd
Firewall
Config Managed Rulesets Owasp Sd - Scanner Detection Rules
- sf
Firewall
Config Managed Rulesets Owasp Sf - Session Fixation Attack
- sqli
Firewall
Config Managed Rulesets Owasp Sqli - SQL Injection Rules
- xss
Firewall
Config Managed Rulesets Owasp Xss - Cross Site Scripting Rules
- gen
Firewall
Config Managed Rulesets Owasp Gen - Generic Attack Detection
- java
Firewall
Config Managed Rulesets Owasp Java - Java Attack Detection
- lfi
Firewall
Config Managed Rulesets Owasp Lfi - Local File Inclusion Rules
- ma
Firewall
Config Managed Rulesets Owasp Ma - Multipart Rules
- php
Firewall
Config Managed Rulesets Owasp Php - PHP Attack Detection
- rce
Firewall
Config Managed Rulesets Owasp Rce - Remote Code Execution Rules
- rfi
Firewall
Config Managed Rulesets Owasp Rfi - Remote File Inclusion Rules
- sd
Firewall
Config Managed Rulesets Owasp Sd - Scanner Detection Rules
- sf
Firewall
Config Managed Rulesets Owasp Sf - Session Fixation Attack
- sqli
Firewall
Config Managed Rulesets Owasp Sqli - SQL Injection Rules
- xss
Firewall
Config Managed Rulesets Owasp Xss - Cross Site Scripting Rules
- gen
Firewall
Config Managed Rulesets Owasp Gen - Generic Attack Detection
- java
Firewall
Config Managed Rulesets Owasp Java - Java Attack Detection
- lfi
Firewall
Config Managed Rulesets Owasp Lfi - Local File Inclusion Rules
- ma
Firewall
Config Managed Rulesets Owasp Ma - Multipart Rules
- php
Firewall
Config Managed Rulesets Owasp Php - PHP Attack Detection
- rce
Firewall
Config Managed Rulesets Owasp Rce - Remote Code Execution Rules
- rfi
Firewall
Config Managed Rulesets Owasp Rfi - Remote File Inclusion Rules
- sd
Firewall
Config Managed Rulesets Owasp Sd - Scanner Detection Rules
- sf
Firewall
Config Managed Rulesets Owasp Sf - Session Fixation Attack
- sqli
Firewall
Config Managed Rulesets Owasp Sqli - SQL Injection Rules
- xss
Firewall
Config Managed Rulesets Owasp Xss - Cross Site Scripting Rules
- gen Property Map
- Generic Attack Detection
- java Property Map
- Java Attack Detection
- lfi Property Map
- Local File Inclusion Rules
- ma Property Map
- Multipart Rules
- php Property Map
- PHP Attack Detection
- rce Property Map
- Remote Code Execution Rules
- rfi Property Map
- Remote File Inclusion Rules
- sd Property Map
- Scanner Detection Rules
- sf Property Map
- Session Fixation Attack
- sqli Property Map
- SQL Injection Rules
- xss Property Map
- Cross Site Scripting Rules
FirewallConfigManagedRulesetsOwaspGen, FirewallConfigManagedRulesetsOwaspGenArgs
FirewallConfigManagedRulesetsOwaspJava, FirewallConfigManagedRulesetsOwaspJavaArgs
FirewallConfigManagedRulesetsOwaspLfi, FirewallConfigManagedRulesetsOwaspLfiArgs
FirewallConfigManagedRulesetsOwaspMa, FirewallConfigManagedRulesetsOwaspMaArgs
FirewallConfigManagedRulesetsOwaspPhp, FirewallConfigManagedRulesetsOwaspPhpArgs
FirewallConfigManagedRulesetsOwaspRce, FirewallConfigManagedRulesetsOwaspRceArgs
FirewallConfigManagedRulesetsOwaspRfi, FirewallConfigManagedRulesetsOwaspRfiArgs
FirewallConfigManagedRulesetsOwaspSd, FirewallConfigManagedRulesetsOwaspSdArgs
FirewallConfigManagedRulesetsOwaspSf, FirewallConfigManagedRulesetsOwaspSfArgs
FirewallConfigManagedRulesetsOwaspSqli, FirewallConfigManagedRulesetsOwaspSqliArgs
FirewallConfigManagedRulesetsOwaspXss, FirewallConfigManagedRulesetsOwaspXssArgs
FirewallConfigRules, FirewallConfigRulesArgs
FirewallConfigRulesRule, FirewallConfigRulesRuleArgs
- Action
Pulumiverse.
Vercel. Inputs. Firewall Config Rules Rule Action - Actions to take when the condition groups match a request
- Condition
Groups List<Pulumiverse.Vercel. Inputs. Firewall Config Rules Rule Condition Group> - Sets of conditions that may match a request
- Name string
- Name to identify the rule
- Active bool
- Rule is active or disabled
- Description string
- Id string
- Action
Firewall
Config Rules Rule Action - Actions to take when the condition groups match a request
- Condition
Groups []FirewallConfig Rules Rule Condition Group - Sets of conditions that may match a request
- Name string
- Name to identify the rule
- Active bool
- Rule is active or disabled
- Description string
- Id string
- action
Firewall
Config Rules Rule Action - Actions to take when the condition groups match a request
- condition
Groups List<FirewallConfig Rules Rule Condition Group> - Sets of conditions that may match a request
- name String
- Name to identify the rule
- active Boolean
- Rule is active or disabled
- description String
- id String
- action
Firewall
Config Rules Rule Action - Actions to take when the condition groups match a request
- condition
Groups FirewallConfig Rules Rule Condition Group[] - Sets of conditions that may match a request
- name string
- Name to identify the rule
- active boolean
- Rule is active or disabled
- description string
- id string
- action
Firewall
Config Rules Rule Action - Actions to take when the condition groups match a request
- condition_
groups Sequence[FirewallConfig Rules Rule Condition Group] - Sets of conditions that may match a request
- name str
- Name to identify the rule
- active bool
- Rule is active or disabled
- description str
- id str
- action Property Map
- Actions to take when the condition groups match a request
- condition
Groups List<Property Map> - Sets of conditions that may match a request
- name String
- Name to identify the rule
- active Boolean
- Rule is active or disabled
- description String
- id String
FirewallConfigRulesRuleAction, FirewallConfigRulesRuleActionArgs
- Action string
- Base action
- Action
Duration string - Forward persistence of a rule action
- Rate
Limit Pulumiverse.Vercel. Inputs. Firewall Config Rules Rule Action Rate Limit - Behavior or a rate limiting action. Required if action is rate*limit
- Redirect
Pulumiverse.
Vercel. Inputs. Firewall Config Rules Rule Action Redirect - How to redirect a request. Required if action is redirect
- Action string
- Base action
- Action
Duration string - Forward persistence of a rule action
- Rate
Limit FirewallConfig Rules Rule Action Rate Limit - Behavior or a rate limiting action. Required if action is rate*limit
- Redirect
Firewall
Config Rules Rule Action Redirect - How to redirect a request. Required if action is redirect
- action String
- Base action
- action
Duration String - Forward persistence of a rule action
- rate
Limit FirewallConfig Rules Rule Action Rate Limit - Behavior or a rate limiting action. Required if action is rate*limit
- redirect
Firewall
Config Rules Rule Action Redirect - How to redirect a request. Required if action is redirect
- action string
- Base action
- action
Duration string - Forward persistence of a rule action
- rate
Limit FirewallConfig Rules Rule Action Rate Limit - Behavior or a rate limiting action. Required if action is rate*limit
- redirect
Firewall
Config Rules Rule Action Redirect - How to redirect a request. Required if action is redirect
- action str
- Base action
- action_
duration str - Forward persistence of a rule action
- rate_
limit FirewallConfig Rules Rule Action Rate Limit - Behavior or a rate limiting action. Required if action is rate*limit
- redirect
Firewall
Config Rules Rule Action Redirect - How to redirect a request. Required if action is redirect
- action String
- Base action
- action
Duration String - Forward persistence of a rule action
- rate
Limit Property Map - Behavior or a rate limiting action. Required if action is rate*limit
- redirect Property Map
- How to redirect a request. Required if action is redirect
FirewallConfigRulesRuleActionRateLimit, FirewallConfigRulesRuleActionRateLimitArgs
FirewallConfigRulesRuleActionRedirect, FirewallConfigRulesRuleActionRedirectArgs
FirewallConfigRulesRuleConditionGroup, FirewallConfigRulesRuleConditionGroupArgs
- Conditions
List<Pulumiverse.
Vercel. Inputs. Firewall Config Rules Rule Condition Group Condition> - Conditions that must all match within a group
- Conditions
[]Firewall
Config Rules Rule Condition Group Condition - Conditions that must all match within a group
- conditions
List<Firewall
Config Rules Rule Condition Group Condition> - Conditions that must all match within a group
- conditions
Firewall
Config Rules Rule Condition Group Condition[] - Conditions that must all match within a group
- conditions
Sequence[Firewall
Config Rules Rule Condition Group Condition] - Conditions that must all match within a group
- conditions List<Property Map>
- Conditions that must all match within a group
FirewallConfigRulesRuleConditionGroupCondition, FirewallConfigRulesRuleConditionGroupConditionArgs
- Op string
- Operator to use for comparison. Options:
re(regex),eq(equals),neq(not equals),ex(exists),nex(not exists),inc(includes),ninc(not includes),pre(prefix),suf(suffix),sub(substring),gt(greater than),gte(greater than or equal),lt(less than),lte(less than or equal). Note:exandnexdon't require avaluefield, onlykey. - Type string
- Request key type to match against
- Key string
- Key within type to match against
- Neg bool
- Negate the condition
- Value string
- Value to match against. Not required for existence operators (
ex,nex). Usevaluesinstead forincandnincoperators. - Values List<string>
- Values to match against if op is inc, ninc
- Op string
- Operator to use for comparison. Options:
re(regex),eq(equals),neq(not equals),ex(exists),nex(not exists),inc(includes),ninc(not includes),pre(prefix),suf(suffix),sub(substring),gt(greater than),gte(greater than or equal),lt(less than),lte(less than or equal). Note:exandnexdon't require avaluefield, onlykey. - Type string
- Request key type to match against
- Key string
- Key within type to match against
- Neg bool
- Negate the condition
- Value string
- Value to match against. Not required for existence operators (
ex,nex). Usevaluesinstead forincandnincoperators. - Values []string
- Values to match against if op is inc, ninc
- op String
- Operator to use for comparison. Options:
re(regex),eq(equals),neq(not equals),ex(exists),nex(not exists),inc(includes),ninc(not includes),pre(prefix),suf(suffix),sub(substring),gt(greater than),gte(greater than or equal),lt(less than),lte(less than or equal). Note:exandnexdon't require avaluefield, onlykey. - type String
- Request key type to match against
- key String
- Key within type to match against
- neg Boolean
- Negate the condition
- value String
- Value to match against. Not required for existence operators (
ex,nex). Usevaluesinstead forincandnincoperators. - values List<String>
- Values to match against if op is inc, ninc
- op string
- Operator to use for comparison. Options:
re(regex),eq(equals),neq(not equals),ex(exists),nex(not exists),inc(includes),ninc(not includes),pre(prefix),suf(suffix),sub(substring),gt(greater than),gte(greater than or equal),lt(less than),lte(less than or equal). Note:exandnexdon't require avaluefield, onlykey. - type string
- Request key type to match against
- key string
- Key within type to match against
- neg boolean
- Negate the condition
- value string
- Value to match against. Not required for existence operators (
ex,nex). Usevaluesinstead forincandnincoperators. - values string[]
- Values to match against if op is inc, ninc
- op str
- Operator to use for comparison. Options:
re(regex),eq(equals),neq(not equals),ex(exists),nex(not exists),inc(includes),ninc(not includes),pre(prefix),suf(suffix),sub(substring),gt(greater than),gte(greater than or equal),lt(less than),lte(less than or equal). Note:exandnexdon't require avaluefield, onlykey. - type str
- Request key type to match against
- key str
- Key within type to match against
- neg bool
- Negate the condition
- value str
- Value to match against. Not required for existence operators (
ex,nex). Usevaluesinstead forincandnincoperators. - values Sequence[str]
- Values to match against if op is inc, ninc
- op String
- Operator to use for comparison. Options:
re(regex),eq(equals),neq(not equals),ex(exists),nex(not exists),inc(includes),ninc(not includes),pre(prefix),suf(suffix),sub(substring),gt(greater than),gte(greater than or equal),lt(less than),lte(less than or equal). Note:exandnexdon't require avaluefield, onlykey. - type String
- Request key type to match against
- key String
- Key within type to match against
- neg Boolean
- Negate the condition
- value String
- Value to match against. Not required for existence operators (
ex,nex). Usevaluesinstead forincandnincoperators. - values List<String>
- Values to match against if op is inc, ninc
Import
$ pulumi import vercel:index/firewallConfig:FirewallConfig example team_xxxxxxxxxxxxxxxxxxxxxxxx/prj_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- vercel pulumiverse/pulumi-vercel
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vercelTerraform Provider.
Viewing docs for Vercel v4.6.1
published on Saturday, Feb 28, 2026 by Pulumiverse
published on Saturday, Feb 28, 2026 by Pulumiverse
