Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_advanced_settings resource manages advanced settings in the Zscaler Internet Access (ZIA) cloud service. This singleton resource controls a wide range of advanced proxy, authentication, DNS resolution, and security settings including domain fronting protection, HTTP tunnel tracking, surrogate IP enforcement, and session timeout configuration.
For more information, see the ZIA Advanced Settings documentation.
Example Usage
Basic Advanced Settings
Example coming soon!
Example coming soon!
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.AdvancedSettings("example", {
enableOffice365: true,
logInternalIp: true,
blockHttpTunnelOnNonHttpPorts: true,
blockDomainFrontingOnHostHeader: true,
authBypassUrls: [".example.com"],
});
import zscaler_pulumi_zia as zia
example = zia.AdvancedSettings("example",
enable_office365=True,
log_internal_ip=True,
block_http_tunnel_on_non_http_ports=True,
block_domain_fronting_on_host_header=True,
auth_bypass_urls=[".example.com"],
)
resources:
example:
type: zia:AdvancedSettings
properties:
enableOffice365: true
logInternalIp: true
blockHttpTunnelOnNonHttpPorts: true
blockDomainFrontingOnHostHeader: true
authBypassUrls:
- .example.com
Create AdvancedSettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AdvancedSettings(name: string, args?: AdvancedSettingsArgs, opts?: CustomResourceOptions);@overload
def AdvancedSettings(resource_name: str,
args: Optional[AdvancedSettingsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AdvancedSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
auth_bypass_apps: Optional[Sequence[str]] = None,
auth_bypass_url_categories: Optional[Sequence[str]] = None,
auth_bypass_urls: Optional[Sequence[str]] = None,
basic_bypass_apps: Optional[Sequence[str]] = None,
basic_bypass_url_categories: Optional[Sequence[str]] = None,
block_connect_host_sni_mismatch: Optional[bool] = None,
block_domain_fronting_apps: Optional[Sequence[str]] = None,
block_domain_fronting_on_host_header: Optional[bool] = None,
block_http_tunnel_on_non_http_ports: Optional[bool] = None,
block_non_compliant_http_request_on_http_ports: Optional[bool] = None,
block_non_http_on_http_port_enabled: Optional[bool] = None,
cascade_url_filtering: Optional[bool] = None,
digest_auth_bypass_apps: Optional[Sequence[str]] = None,
digest_auth_bypass_url_categories: Optional[Sequence[str]] = None,
digest_auth_bypass_urls: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_apps: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_exempt_apps: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_exempt_url_categories: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_exempt_urls: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_ipv6_apps: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_ipv6_exempt_apps: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_ipv6_url_categories: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_url_categories: Optional[Sequence[str]] = None,
dns_resolution_on_transparent_proxy_urls: Optional[Sequence[str]] = None,
domain_fronting_bypass_url_categories: Optional[Sequence[str]] = None,
dynamic_user_risk_enabled: Optional[bool] = None,
ecs_for_all_enabled: Optional[bool] = None,
enable_admin_rank_access: Optional[bool] = None,
enable_dns_resolution_on_transparent_proxy: Optional[bool] = None,
enable_evaluate_policy_on_global_ssl_bypass: Optional[bool] = None,
enable_ipv6_dns_optimization_on_all_transparent_proxy: Optional[bool] = None,
enable_ipv6_dns_resolution_on_transparent_proxy: Optional[bool] = None,
enable_office365: Optional[bool] = None,
enable_policy_for_unauthenticated_traffic: Optional[bool] = None,
enforce_surrogate_ip_for_windows_app: Optional[bool] = None,
http2_nonbrowser_traffic_enabled: Optional[bool] = None,
http_range_header_remove_url_categories: Optional[Sequence[str]] = None,
kerberos_bypass_apps: Optional[Sequence[str]] = None,
kerberos_bypass_url_categories: Optional[Sequence[str]] = None,
kerberos_bypass_urls: Optional[Sequence[str]] = None,
log_internal_ip: Optional[bool] = None,
prefer_sni_over_conn_host: Optional[bool] = None,
prefer_sni_over_conn_host_apps: Optional[Sequence[str]] = None,
sipa_xff_header_enabled: Optional[bool] = None,
sni_dns_optimization_bypass_url_categories: Optional[Sequence[str]] = None,
track_http_tunnel_on_http_ports: Optional[bool] = None,
ui_session_timeout: Optional[int] = None,
zscaler_client_connector1_and_pac_road_warrior_in_firewall: Optional[bool] = None)func NewAdvancedSettings(ctx *Context, name string, args *AdvancedSettingsArgs, opts ...ResourceOption) (*AdvancedSettings, error)public AdvancedSettings(string name, AdvancedSettingsArgs? args = null, CustomResourceOptions? opts = null)
public AdvancedSettings(String name, AdvancedSettingsArgs args)
public AdvancedSettings(String name, AdvancedSettingsArgs args, CustomResourceOptions options)
type: zia:AdvancedSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AdvancedSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AdvancedSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AdvancedSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AdvancedSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AdvancedSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var advancedSettingsResource = new Zia.AdvancedSettings("advancedSettingsResource", new()
{
AuthBypassApps = new[]
{
"string",
},
AuthBypassUrlCategories = new[]
{
"string",
},
AuthBypassUrls = new[]
{
"string",
},
BasicBypassApps = new[]
{
"string",
},
BasicBypassUrlCategories = new[]
{
"string",
},
BlockConnectHostSniMismatch = false,
BlockDomainFrontingApps = new[]
{
"string",
},
BlockDomainFrontingOnHostHeader = false,
BlockHttpTunnelOnNonHttpPorts = false,
BlockNonCompliantHttpRequestOnHttpPorts = false,
BlockNonHttpOnHttpPortEnabled = false,
CascadeUrlFiltering = false,
DigestAuthBypassApps = new[]
{
"string",
},
DigestAuthBypassUrlCategories = new[]
{
"string",
},
DigestAuthBypassUrls = new[]
{
"string",
},
DnsResolutionOnTransparentProxyApps = new[]
{
"string",
},
DnsResolutionOnTransparentProxyExemptApps = new[]
{
"string",
},
DnsResolutionOnTransparentProxyExemptUrlCategories = new[]
{
"string",
},
DnsResolutionOnTransparentProxyExemptUrls = new[]
{
"string",
},
DnsResolutionOnTransparentProxyIpv6Apps = new[]
{
"string",
},
DnsResolutionOnTransparentProxyIpv6ExemptApps = new[]
{
"string",
},
DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories = new[]
{
"string",
},
DnsResolutionOnTransparentProxyIpv6UrlCategories = new[]
{
"string",
},
DnsResolutionOnTransparentProxyUrlCategories = new[]
{
"string",
},
DnsResolutionOnTransparentProxyUrls = new[]
{
"string",
},
DomainFrontingBypassUrlCategories = new[]
{
"string",
},
DynamicUserRiskEnabled = false,
EcsForAllEnabled = false,
EnableAdminRankAccess = false,
EnableDnsResolutionOnTransparentProxy = false,
EnableEvaluatePolicyOnGlobalSslBypass = false,
EnableIpv6DnsOptimizationOnAllTransparentProxy = false,
EnableIpv6DnsResolutionOnTransparentProxy = false,
EnableOffice365 = false,
EnablePolicyForUnauthenticatedTraffic = false,
EnforceSurrogateIpForWindowsApp = false,
Http2NonbrowserTrafficEnabled = false,
HttpRangeHeaderRemoveUrlCategories = new[]
{
"string",
},
KerberosBypassApps = new[]
{
"string",
},
KerberosBypassUrlCategories = new[]
{
"string",
},
KerberosBypassUrls = new[]
{
"string",
},
LogInternalIp = false,
PreferSniOverConnHost = false,
PreferSniOverConnHostApps = new[]
{
"string",
},
SipaXffHeaderEnabled = false,
SniDnsOptimizationBypassUrlCategories = new[]
{
"string",
},
TrackHttpTunnelOnHttpPorts = false,
UiSessionTimeout = 0,
ZscalerClientConnector1AndPacRoadWarriorInFirewall = false,
});
example, err := zia.NewAdvancedSettings(ctx, "advancedSettingsResource", &zia.AdvancedSettingsArgs{
AuthBypassApps: pulumi.StringArray{
pulumi.String("string"),
},
AuthBypassUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
AuthBypassUrls: pulumi.StringArray{
pulumi.String("string"),
},
BasicBypassApps: pulumi.StringArray{
pulumi.String("string"),
},
BasicBypassUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
BlockConnectHostSniMismatch: pulumi.Bool(false),
BlockDomainFrontingApps: pulumi.StringArray{
pulumi.String("string"),
},
BlockDomainFrontingOnHostHeader: pulumi.Bool(false),
BlockHttpTunnelOnNonHttpPorts: pulumi.Bool(false),
BlockNonCompliantHttpRequestOnHttpPorts: pulumi.Bool(false),
BlockNonHttpOnHttpPortEnabled: pulumi.Bool(false),
CascadeUrlFiltering: pulumi.Bool(false),
DigestAuthBypassApps: pulumi.StringArray{
pulumi.String("string"),
},
DigestAuthBypassUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
DigestAuthBypassUrls: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyApps: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyExemptApps: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyExemptUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyExemptUrls: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyIpv6Apps: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyIpv6ExemptApps: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyIpv6ExemptUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyIpv6UrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
DnsResolutionOnTransparentProxyUrls: pulumi.StringArray{
pulumi.String("string"),
},
DomainFrontingBypassUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
DynamicUserRiskEnabled: pulumi.Bool(false),
EcsForAllEnabled: pulumi.Bool(false),
EnableAdminRankAccess: pulumi.Bool(false),
EnableDnsResolutionOnTransparentProxy: pulumi.Bool(false),
EnableEvaluatePolicyOnGlobalSslBypass: pulumi.Bool(false),
EnableIpv6DnsOptimizationOnAllTransparentProxy: pulumi.Bool(false),
EnableIpv6DnsResolutionOnTransparentProxy: pulumi.Bool(false),
EnableOffice365: pulumi.Bool(false),
EnablePolicyForUnauthenticatedTraffic: pulumi.Bool(false),
EnforceSurrogateIpForWindowsApp: pulumi.Bool(false),
Http2NonbrowserTrafficEnabled: pulumi.Bool(false),
HttpRangeHeaderRemoveUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
KerberosBypassApps: pulumi.StringArray{
pulumi.String("string"),
},
KerberosBypassUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
KerberosBypassUrls: pulumi.StringArray{
pulumi.String("string"),
},
LogInternalIp: pulumi.Bool(false),
PreferSniOverConnHost: pulumi.Bool(false),
PreferSniOverConnHostApps: pulumi.StringArray{
pulumi.String("string"),
},
SipaXffHeaderEnabled: pulumi.Bool(false),
SniDnsOptimizationBypassUrlCategories: pulumi.StringArray{
pulumi.String("string"),
},
TrackHttpTunnelOnHttpPorts: pulumi.Bool(false),
UiSessionTimeout: pulumi.Int(0),
ZscalerClientConnector1AndPacRoadWarriorInFirewall: pulumi.Bool(false),
})
var advancedSettingsResource = new AdvancedSettings("advancedSettingsResource", AdvancedSettingsArgs.builder()
.authBypassApps("string")
.authBypassUrlCategories("string")
.authBypassUrls("string")
.basicBypassApps("string")
.basicBypassUrlCategories("string")
.blockConnectHostSniMismatch(false)
.blockDomainFrontingApps("string")
.blockDomainFrontingOnHostHeader(false)
.blockHttpTunnelOnNonHttpPorts(false)
.blockNonCompliantHttpRequestOnHttpPorts(false)
.blockNonHttpOnHttpPortEnabled(false)
.cascadeUrlFiltering(false)
.digestAuthBypassApps("string")
.digestAuthBypassUrlCategories("string")
.digestAuthBypassUrls("string")
.dnsResolutionOnTransparentProxyApps("string")
.dnsResolutionOnTransparentProxyExemptApps("string")
.dnsResolutionOnTransparentProxyExemptUrlCategories("string")
.dnsResolutionOnTransparentProxyExemptUrls("string")
.dnsResolutionOnTransparentProxyIpv6Apps("string")
.dnsResolutionOnTransparentProxyIpv6ExemptApps("string")
.dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories("string")
.dnsResolutionOnTransparentProxyIpv6UrlCategories("string")
.dnsResolutionOnTransparentProxyUrlCategories("string")
.dnsResolutionOnTransparentProxyUrls("string")
.domainFrontingBypassUrlCategories("string")
.dynamicUserRiskEnabled(false)
.ecsForAllEnabled(false)
.enableAdminRankAccess(false)
.enableDnsResolutionOnTransparentProxy(false)
.enableEvaluatePolicyOnGlobalSslBypass(false)
.enableIpv6DnsOptimizationOnAllTransparentProxy(false)
.enableIpv6DnsResolutionOnTransparentProxy(false)
.enableOffice365(false)
.enablePolicyForUnauthenticatedTraffic(false)
.enforceSurrogateIpForWindowsApp(false)
.http2NonbrowserTrafficEnabled(false)
.httpRangeHeaderRemoveUrlCategories("string")
.kerberosBypassApps("string")
.kerberosBypassUrlCategories("string")
.kerberosBypassUrls("string")
.logInternalIp(false)
.preferSniOverConnHost(false)
.preferSniOverConnHostApps("string")
.sipaXffHeaderEnabled(false)
.sniDnsOptimizationBypassUrlCategories("string")
.trackHttpTunnelOnHttpPorts(false)
.uiSessionTimeout(0)
.zscalerClientConnector1AndPacRoadWarriorInFirewall(false)
.build());
advanced_settings_resource = zia.AdvancedSettings("advancedSettingsResource",
auth_bypass_apps=["string"],
auth_bypass_url_categories=["string"],
auth_bypass_urls=["string"],
basic_bypass_apps=["string"],
basic_bypass_url_categories=["string"],
block_connect_host_sni_mismatch=False,
block_domain_fronting_apps=["string"],
block_domain_fronting_on_host_header=False,
block_http_tunnel_on_non_http_ports=False,
block_non_compliant_http_request_on_http_ports=False,
block_non_http_on_http_port_enabled=False,
cascade_url_filtering=False,
digest_auth_bypass_apps=["string"],
digest_auth_bypass_url_categories=["string"],
digest_auth_bypass_urls=["string"],
dns_resolution_on_transparent_proxy_apps=["string"],
dns_resolution_on_transparent_proxy_exempt_apps=["string"],
dns_resolution_on_transparent_proxy_exempt_url_categories=["string"],
dns_resolution_on_transparent_proxy_exempt_urls=["string"],
dns_resolution_on_transparent_proxy_ipv6_apps=["string"],
dns_resolution_on_transparent_proxy_ipv6_exempt_apps=["string"],
dns_resolution_on_transparent_proxy_ipv6_exempt_url_categories=["string"],
dns_resolution_on_transparent_proxy_ipv6_url_categories=["string"],
dns_resolution_on_transparent_proxy_url_categories=["string"],
dns_resolution_on_transparent_proxy_urls=["string"],
domain_fronting_bypass_url_categories=["string"],
dynamic_user_risk_enabled=False,
ecs_for_all_enabled=False,
enable_admin_rank_access=False,
enable_dns_resolution_on_transparent_proxy=False,
enable_evaluate_policy_on_global_ssl_bypass=False,
enable_ipv6_dns_optimization_on_all_transparent_proxy=False,
enable_ipv6_dns_resolution_on_transparent_proxy=False,
enable_office365=False,
enable_policy_for_unauthenticated_traffic=False,
enforce_surrogate_ip_for_windows_app=False,
http2_nonbrowser_traffic_enabled=False,
http_range_header_remove_url_categories=["string"],
kerberos_bypass_apps=["string"],
kerberos_bypass_url_categories=["string"],
kerberos_bypass_urls=["string"],
log_internal_ip=False,
prefer_sni_over_conn_host=False,
prefer_sni_over_conn_host_apps=["string"],
sipa_xff_header_enabled=False,
sni_dns_optimization_bypass_url_categories=["string"],
track_http_tunnel_on_http_ports=False,
ui_session_timeout=0,
zscaler_client_connector1_and_pac_road_warrior_in_firewall=False)
const advancedSettingsResource = new zia.AdvancedSettings("advancedSettingsResource", {
authBypassApps: ["string"],
authBypassUrlCategories: ["string"],
authBypassUrls: ["string"],
basicBypassApps: ["string"],
basicBypassUrlCategories: ["string"],
blockConnectHostSniMismatch: false,
blockDomainFrontingApps: ["string"],
blockDomainFrontingOnHostHeader: false,
blockHttpTunnelOnNonHttpPorts: false,
blockNonCompliantHttpRequestOnHttpPorts: false,
blockNonHttpOnHttpPortEnabled: false,
cascadeUrlFiltering: false,
digestAuthBypassApps: ["string"],
digestAuthBypassUrlCategories: ["string"],
digestAuthBypassUrls: ["string"],
dnsResolutionOnTransparentProxyApps: ["string"],
dnsResolutionOnTransparentProxyExemptApps: ["string"],
dnsResolutionOnTransparentProxyExemptUrlCategories: ["string"],
dnsResolutionOnTransparentProxyExemptUrls: ["string"],
dnsResolutionOnTransparentProxyIpv6Apps: ["string"],
dnsResolutionOnTransparentProxyIpv6ExemptApps: ["string"],
dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories: ["string"],
dnsResolutionOnTransparentProxyIpv6UrlCategories: ["string"],
dnsResolutionOnTransparentProxyUrlCategories: ["string"],
dnsResolutionOnTransparentProxyUrls: ["string"],
domainFrontingBypassUrlCategories: ["string"],
dynamicUserRiskEnabled: false,
ecsForAllEnabled: false,
enableAdminRankAccess: false,
enableDnsResolutionOnTransparentProxy: false,
enableEvaluatePolicyOnGlobalSslBypass: false,
enableIpv6DnsOptimizationOnAllTransparentProxy: false,
enableIpv6DnsResolutionOnTransparentProxy: false,
enableOffice365: false,
enablePolicyForUnauthenticatedTraffic: false,
enforceSurrogateIpForWindowsApp: false,
http2NonbrowserTrafficEnabled: false,
httpRangeHeaderRemoveUrlCategories: ["string"],
kerberosBypassApps: ["string"],
kerberosBypassUrlCategories: ["string"],
kerberosBypassUrls: ["string"],
logInternalIp: false,
preferSniOverConnHost: false,
preferSniOverConnHostApps: ["string"],
sipaXffHeaderEnabled: false,
sniDnsOptimizationBypassUrlCategories: ["string"],
trackHttpTunnelOnHttpPorts: false,
uiSessionTimeout: 0,
zscalerClientConnector1AndPacRoadWarriorInFirewall: false,
});
type: zia:AdvancedSettings
properties:
authBypassApps:
- string
authBypassUrlCategories:
- string
authBypassUrls:
- string
basicBypassApps:
- string
basicBypassUrlCategories:
- string
blockConnectHostSniMismatch: false
blockDomainFrontingApps:
- string
blockDomainFrontingOnHostHeader: false
blockHttpTunnelOnNonHttpPorts: false
blockNonCompliantHttpRequestOnHttpPorts: false
blockNonHttpOnHttpPortEnabled: false
cascadeUrlFiltering: false
digestAuthBypassApps:
- string
digestAuthBypassUrlCategories:
- string
digestAuthBypassUrls:
- string
dnsResolutionOnTransparentProxyApps:
- string
dnsResolutionOnTransparentProxyExemptApps:
- string
dnsResolutionOnTransparentProxyExemptUrlCategories:
- string
dnsResolutionOnTransparentProxyExemptUrls:
- string
dnsResolutionOnTransparentProxyIpv6Apps:
- string
dnsResolutionOnTransparentProxyIpv6ExemptApps:
- string
dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories:
- string
dnsResolutionOnTransparentProxyIpv6UrlCategories:
- string
dnsResolutionOnTransparentProxyUrlCategories:
- string
dnsResolutionOnTransparentProxyUrls:
- string
domainFrontingBypassUrlCategories:
- string
dynamicUserRiskEnabled: false
ecsForAllEnabled: false
enableAdminRankAccess: false
enableDnsResolutionOnTransparentProxy: false
enableEvaluatePolicyOnGlobalSslBypass: false
enableIpv6DnsOptimizationOnAllTransparentProxy: false
enableIpv6DnsResolutionOnTransparentProxy: false
enableOffice365: false
enablePolicyForUnauthenticatedTraffic: false
enforceSurrogateIpForWindowsApp: false
http2NonbrowserTrafficEnabled: false
httpRangeHeaderRemoveUrlCategories:
- string
kerberosBypassApps:
- string
kerberosBypassUrlCategories:
- string
kerberosBypassUrls:
- string
logInternalIp: false
preferSniOverConnHost: false
preferSniOverConnHostApps:
- string
sipaXffHeaderEnabled: false
sniDnsOptimizationBypassUrlCategories:
- string
trackHttpTunnelOnHttpPorts: false
uiSessionTimeout: 0
zscalerClientConnector1AndPacRoadWarriorInFirewall: false
AdvancedSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AdvancedSettings resource accepts the following input properties:
- Auth
Bypass List<string>Apps - Cloud applications that bypass authentication.
- Auth
Bypass List<string>Url Categories - URL categories that bypass authentication.
- Auth
Bypass List<string>Urls - URLs that bypass authentication.
- Basic
Bypass List<string>Apps - Cloud applications that bypass basic authentication.
- Basic
Bypass List<string>Url Categories - URL categories that bypass basic authentication.
- Block
Connect boolHost Sni Mismatch - Block connections where CONNECT host and SNI mismatch.
- Block
Domain List<string>Fronting Apps - Cloud applications for which domain fronting is blocked.
- Block
Domain boolFronting On Host Header - Block domain fronting when the host header mismatches the SNI.
- Block
Http boolTunnel On Non Http Ports - Block HTTP tunnels on non-HTTP ports.
- Block
Non boolCompliant Http Request On Http Ports - Block non-compliant HTTP requests on HTTP ports.
- Block
Non boolHttp On Http Port Enabled - Block non-HTTP traffic on HTTP ports.
- Cascade
Url boolFiltering - Enable cascading URL filtering.
- Digest
Auth List<string>Bypass Apps - Cloud applications that bypass digest authentication.
- Digest
Auth List<string>Bypass Url Categories - URL categories that bypass digest authentication.
- Digest
Auth List<string>Bypass Urls - URLs that bypass digest authentication.
- Dns
Resolution List<string>On Transparent Proxy Apps - Cloud applications with DNS resolution on transparent proxy enabled.
- Dns
Resolution List<string>On Transparent Proxy Exempt Apps - Cloud applications exempt from DNS resolution on transparent proxy.
- Dns
Resolution List<string>On Transparent Proxy Exempt Url Categories - URL categories exempt from DNS resolution on transparent proxy.
- Dns
Resolution List<string>On Transparent Proxy Exempt Urls - URLs exempt from DNS resolution on transparent proxy.
- Dns
Resolution List<string>On Transparent Proxy Ipv6Apps - Cloud applications with IPv6 DNS resolution on transparent proxy enabled.
- Dns
Resolution List<string>On Transparent Proxy Ipv6Exempt Apps - Cloud applications exempt from IPv6 DNS resolution on transparent proxy.
- Dns
Resolution List<string>On Transparent Proxy Ipv6Exempt Url Categories - URL categories exempt from IPv6 DNS resolution on transparent proxy.
- Dns
Resolution List<string>On Transparent Proxy Ipv6Url Categories - URL categories with IPv6 DNS resolution on transparent proxy enabled.
- Dns
Resolution List<string>On Transparent Proxy Url Categories - URL categories with DNS resolution on transparent proxy enabled.
- Dns
Resolution List<string>On Transparent Proxy Urls - URLs with DNS resolution on transparent proxy enabled.
- Domain
Fronting List<string>Bypass Url Categories - URL categories that bypass domain fronting detection.
- Dynamic
User boolRisk Enabled - Enable dynamic user risk scoring.
- Ecs
For boolAll Enabled - Enable EDNS Client Subnet (ECS) for all DNS queries.
- Enable
Admin boolRank Access - Enable admin rank-based access control.
- Enable
Dns boolResolution On Transparent Proxy - Enable DNS resolution on transparent proxy.
- Enable
Evaluate boolPolicy On Global Ssl Bypass - Enable policy evaluation on global SSL bypass.
- Enable
Ipv6Dns boolOptimization On All Transparent Proxy - Enable IPv6 DNS optimization on all transparent proxy connections.
- Enable
Ipv6Dns boolResolution On Transparent Proxy - Enable IPv6 DNS resolution on transparent proxy.
- Enable
Office365 bool - Enable Office 365 one-click configuration.
- Enable
Policy boolFor Unauthenticated Traffic - Enable policy evaluation for unauthenticated traffic.
- Enforce
Surrogate boolIp For Windows App - Enforce surrogate IP for Windows applications.
- Http2Nonbrowser
Traffic boolEnabled - Enable HTTP/2 for non-browser traffic.
- Http
Range List<string>Header Remove Url Categories - URL categories for which HTTP range headers are removed.
- Kerberos
Bypass List<string>Apps - Cloud applications that bypass Kerberos authentication.
- Kerberos
Bypass List<string>Url Categories - URL categories that bypass Kerberos authentication.
- Kerberos
Bypass List<string>Urls - URLs that bypass Kerberos authentication.
- Log
Internal boolIp - Enable logging of internal IP addresses.
- Prefer
Sni boolOver Conn Host - Prefer SNI over CONNECT host header for policy evaluation.
- Prefer
Sni List<string>Over Conn Host Apps - Cloud applications that prefer SNI over CONNECT host header.
- Sipa
Xff boolHeader Enabled - Enable X-Forwarded-For header for SIPA traffic.
- Sni
Dns List<string>Optimization Bypass Url Categories - URL categories that bypass SNI/DNS optimization.
- Track
Http boolTunnel On Http Ports - Track HTTP tunnels on HTTP ports.
- Ui
Session intTimeout - UI session timeout in minutes.
- Zscaler
Client boolConnector1And Pac Road Warrior In Firewall - Include Zscaler Client Connector and PAC road warrior traffic in firewall policy.
- Auth
Bypass []stringApps - Cloud applications that bypass authentication.
- Auth
Bypass []stringUrl Categories - URL categories that bypass authentication.
- Auth
Bypass []stringUrls - URLs that bypass authentication.
- Basic
Bypass []stringApps - Cloud applications that bypass basic authentication.
- Basic
Bypass []stringUrl Categories - URL categories that bypass basic authentication.
- Block
Connect boolHost Sni Mismatch - Block connections where CONNECT host and SNI mismatch.
- Block
Domain []stringFronting Apps - Cloud applications for which domain fronting is blocked.
- Block
Domain boolFronting On Host Header - Block domain fronting when the host header mismatches the SNI.
- Block
Http boolTunnel On Non Http Ports - Block HTTP tunnels on non-HTTP ports.
- Block
Non boolCompliant Http Request On Http Ports - Block non-compliant HTTP requests on HTTP ports.
- Block
Non boolHttp On Http Port Enabled - Block non-HTTP traffic on HTTP ports.
- Cascade
Url boolFiltering - Enable cascading URL filtering.
- Digest
Auth []stringBypass Apps - Cloud applications that bypass digest authentication.
- Digest
Auth []stringBypass Url Categories - URL categories that bypass digest authentication.
- Digest
Auth []stringBypass Urls - URLs that bypass digest authentication.
- Dns
Resolution []stringOn Transparent Proxy Apps - Cloud applications with DNS resolution on transparent proxy enabled.
- Dns
Resolution []stringOn Transparent Proxy Exempt Apps - Cloud applications exempt from DNS resolution on transparent proxy.
- Dns
Resolution []stringOn Transparent Proxy Exempt Url Categories - URL categories exempt from DNS resolution on transparent proxy.
- Dns
Resolution []stringOn Transparent Proxy Exempt Urls - URLs exempt from DNS resolution on transparent proxy.
- Dns
Resolution []stringOn Transparent Proxy Ipv6Apps - Cloud applications with IPv6 DNS resolution on transparent proxy enabled.
- Dns
Resolution []stringOn Transparent Proxy Ipv6Exempt Apps - Cloud applications exempt from IPv6 DNS resolution on transparent proxy.
- Dns
Resolution []stringOn Transparent Proxy Ipv6Exempt Url Categories - URL categories exempt from IPv6 DNS resolution on transparent proxy.
- Dns
Resolution []stringOn Transparent Proxy Ipv6Url Categories - URL categories with IPv6 DNS resolution on transparent proxy enabled.
- Dns
Resolution []stringOn Transparent Proxy Url Categories - URL categories with DNS resolution on transparent proxy enabled.
- Dns
Resolution []stringOn Transparent Proxy Urls - URLs with DNS resolution on transparent proxy enabled.
- Domain
Fronting []stringBypass Url Categories - URL categories that bypass domain fronting detection.
- Dynamic
User boolRisk Enabled - Enable dynamic user risk scoring.
- Ecs
For boolAll Enabled - Enable EDNS Client Subnet (ECS) for all DNS queries.
- Enable
Admin boolRank Access - Enable admin rank-based access control.
- Enable
Dns boolResolution On Transparent Proxy - Enable DNS resolution on transparent proxy.
- Enable
Evaluate boolPolicy On Global Ssl Bypass - Enable policy evaluation on global SSL bypass.
- Enable
Ipv6Dns boolOptimization On All Transparent Proxy - Enable IPv6 DNS optimization on all transparent proxy connections.
- Enable
Ipv6Dns boolResolution On Transparent Proxy - Enable IPv6 DNS resolution on transparent proxy.
- Enable
Office365 bool - Enable Office 365 one-click configuration.
- Enable
Policy boolFor Unauthenticated Traffic - Enable policy evaluation for unauthenticated traffic.
- Enforce
Surrogate boolIp For Windows App - Enforce surrogate IP for Windows applications.
- Http2Nonbrowser
Traffic boolEnabled - Enable HTTP/2 for non-browser traffic.
- Http
Range []stringHeader Remove Url Categories - URL categories for which HTTP range headers are removed.
- Kerberos
Bypass []stringApps - Cloud applications that bypass Kerberos authentication.
- Kerberos
Bypass []stringUrl Categories - URL categories that bypass Kerberos authentication.
- Kerberos
Bypass []stringUrls - URLs that bypass Kerberos authentication.
- Log
Internal boolIp - Enable logging of internal IP addresses.
- Prefer
Sni boolOver Conn Host - Prefer SNI over CONNECT host header for policy evaluation.
- Prefer
Sni []stringOver Conn Host Apps - Cloud applications that prefer SNI over CONNECT host header.
- Sipa
Xff boolHeader Enabled - Enable X-Forwarded-For header for SIPA traffic.
- Sni
Dns []stringOptimization Bypass Url Categories - URL categories that bypass SNI/DNS optimization.
- Track
Http boolTunnel On Http Ports - Track HTTP tunnels on HTTP ports.
- Ui
Session intTimeout - UI session timeout in minutes.
- Zscaler
Client boolConnector1And Pac Road Warrior In Firewall - Include Zscaler Client Connector and PAC road warrior traffic in firewall policy.
- auth
Bypass List<String>Apps - Cloud applications that bypass authentication.
- auth
Bypass List<String>Url Categories - URL categories that bypass authentication.
- auth
Bypass List<String>Urls - URLs that bypass authentication.
- basic
Bypass List<String>Apps - Cloud applications that bypass basic authentication.
- basic
Bypass List<String>Url Categories - URL categories that bypass basic authentication.
- block
Connect BooleanHost Sni Mismatch - Block connections where CONNECT host and SNI mismatch.
- block
Domain List<String>Fronting Apps - Cloud applications for which domain fronting is blocked.
- block
Domain BooleanFronting On Host Header - Block domain fronting when the host header mismatches the SNI.
- block
Http BooleanTunnel On Non Http Ports - Block HTTP tunnels on non-HTTP ports.
- block
Non BooleanCompliant Http Request On Http Ports - Block non-compliant HTTP requests on HTTP ports.
- block
Non BooleanHttp On Http Port Enabled - Block non-HTTP traffic on HTTP ports.
- cascade
Url BooleanFiltering - Enable cascading URL filtering.
- digest
Auth List<String>Bypass Apps - Cloud applications that bypass digest authentication.
- digest
Auth List<String>Bypass Url Categories - URL categories that bypass digest authentication.
- digest
Auth List<String>Bypass Urls - URLs that bypass digest authentication.
- dns
Resolution List<String>On Transparent Proxy Apps - Cloud applications with DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Exempt Apps - Cloud applications exempt from DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Exempt Url Categories - URL categories exempt from DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Exempt Urls - URLs exempt from DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Ipv6Apps - Cloud applications with IPv6 DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Ipv6Exempt Apps - Cloud applications exempt from IPv6 DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Ipv6Exempt Url Categories - URL categories exempt from IPv6 DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Ipv6Url Categories - URL categories with IPv6 DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Url Categories - URL categories with DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Urls - URLs with DNS resolution on transparent proxy enabled.
- domain
Fronting List<String>Bypass Url Categories - URL categories that bypass domain fronting detection.
- dynamic
User BooleanRisk Enabled - Enable dynamic user risk scoring.
- ecs
For BooleanAll Enabled - Enable EDNS Client Subnet (ECS) for all DNS queries.
- enable
Admin BooleanRank Access - Enable admin rank-based access control.
- enable
Dns BooleanResolution On Transparent Proxy - Enable DNS resolution on transparent proxy.
- enable
Evaluate BooleanPolicy On Global Ssl Bypass - Enable policy evaluation on global SSL bypass.
- enable
Ipv6Dns BooleanOptimization On All Transparent Proxy - Enable IPv6 DNS optimization on all transparent proxy connections.
- enable
Ipv6Dns BooleanResolution On Transparent Proxy - Enable IPv6 DNS resolution on transparent proxy.
- enable
Office365 Boolean - Enable Office 365 one-click configuration.
- enable
Policy BooleanFor Unauthenticated Traffic - Enable policy evaluation for unauthenticated traffic.
- enforce
Surrogate BooleanIp For Windows App - Enforce surrogate IP for Windows applications.
- http2Nonbrowser
Traffic BooleanEnabled - Enable HTTP/2 for non-browser traffic.
- http
Range List<String>Header Remove Url Categories - URL categories for which HTTP range headers are removed.
- kerberos
Bypass List<String>Apps - Cloud applications that bypass Kerberos authentication.
- kerberos
Bypass List<String>Url Categories - URL categories that bypass Kerberos authentication.
- kerberos
Bypass List<String>Urls - URLs that bypass Kerberos authentication.
- log
Internal BooleanIp - Enable logging of internal IP addresses.
- prefer
Sni BooleanOver Conn Host - Prefer SNI over CONNECT host header for policy evaluation.
- prefer
Sni List<String>Over Conn Host Apps - Cloud applications that prefer SNI over CONNECT host header.
- sipa
Xff BooleanHeader Enabled - Enable X-Forwarded-For header for SIPA traffic.
- sni
Dns List<String>Optimization Bypass Url Categories - URL categories that bypass SNI/DNS optimization.
- track
Http BooleanTunnel On Http Ports - Track HTTP tunnels on HTTP ports.
- ui
Session IntegerTimeout - UI session timeout in minutes.
- zscaler
Client BooleanConnector1And Pac Road Warrior In Firewall - Include Zscaler Client Connector and PAC road warrior traffic in firewall policy.
- auth
Bypass string[]Apps - Cloud applications that bypass authentication.
- auth
Bypass string[]Url Categories - URL categories that bypass authentication.
- auth
Bypass string[]Urls - URLs that bypass authentication.
- basic
Bypass string[]Apps - Cloud applications that bypass basic authentication.
- basic
Bypass string[]Url Categories - URL categories that bypass basic authentication.
- block
Connect booleanHost Sni Mismatch - Block connections where CONNECT host and SNI mismatch.
- block
Domain string[]Fronting Apps - Cloud applications for which domain fronting is blocked.
- block
Domain booleanFronting On Host Header - Block domain fronting when the host header mismatches the SNI.
- block
Http booleanTunnel On Non Http Ports - Block HTTP tunnels on non-HTTP ports.
- block
Non booleanCompliant Http Request On Http Ports - Block non-compliant HTTP requests on HTTP ports.
- block
Non booleanHttp On Http Port Enabled - Block non-HTTP traffic on HTTP ports.
- cascade
Url booleanFiltering - Enable cascading URL filtering.
- digest
Auth string[]Bypass Apps - Cloud applications that bypass digest authentication.
- digest
Auth string[]Bypass Url Categories - URL categories that bypass digest authentication.
- digest
Auth string[]Bypass Urls - URLs that bypass digest authentication.
- dns
Resolution string[]On Transparent Proxy Apps - Cloud applications with DNS resolution on transparent proxy enabled.
- dns
Resolution string[]On Transparent Proxy Exempt Apps - Cloud applications exempt from DNS resolution on transparent proxy.
- dns
Resolution string[]On Transparent Proxy Exempt Url Categories - URL categories exempt from DNS resolution on transparent proxy.
- dns
Resolution string[]On Transparent Proxy Exempt Urls - URLs exempt from DNS resolution on transparent proxy.
- dns
Resolution string[]On Transparent Proxy Ipv6Apps - Cloud applications with IPv6 DNS resolution on transparent proxy enabled.
- dns
Resolution string[]On Transparent Proxy Ipv6Exempt Apps - Cloud applications exempt from IPv6 DNS resolution on transparent proxy.
- dns
Resolution string[]On Transparent Proxy Ipv6Exempt Url Categories - URL categories exempt from IPv6 DNS resolution on transparent proxy.
- dns
Resolution string[]On Transparent Proxy Ipv6Url Categories - URL categories with IPv6 DNS resolution on transparent proxy enabled.
- dns
Resolution string[]On Transparent Proxy Url Categories - URL categories with DNS resolution on transparent proxy enabled.
- dns
Resolution string[]On Transparent Proxy Urls - URLs with DNS resolution on transparent proxy enabled.
- domain
Fronting string[]Bypass Url Categories - URL categories that bypass domain fronting detection.
- dynamic
User booleanRisk Enabled - Enable dynamic user risk scoring.
- ecs
For booleanAll Enabled - Enable EDNS Client Subnet (ECS) for all DNS queries.
- enable
Admin booleanRank Access - Enable admin rank-based access control.
- enable
Dns booleanResolution On Transparent Proxy - Enable DNS resolution on transparent proxy.
- enable
Evaluate booleanPolicy On Global Ssl Bypass - Enable policy evaluation on global SSL bypass.
- enable
Ipv6Dns booleanOptimization On All Transparent Proxy - Enable IPv6 DNS optimization on all transparent proxy connections.
- enable
Ipv6Dns booleanResolution On Transparent Proxy - Enable IPv6 DNS resolution on transparent proxy.
- enable
Office365 boolean - Enable Office 365 one-click configuration.
- enable
Policy booleanFor Unauthenticated Traffic - Enable policy evaluation for unauthenticated traffic.
- enforce
Surrogate booleanIp For Windows App - Enforce surrogate IP for Windows applications.
- http2Nonbrowser
Traffic booleanEnabled - Enable HTTP/2 for non-browser traffic.
- http
Range string[]Header Remove Url Categories - URL categories for which HTTP range headers are removed.
- kerberos
Bypass string[]Apps - Cloud applications that bypass Kerberos authentication.
- kerberos
Bypass string[]Url Categories - URL categories that bypass Kerberos authentication.
- kerberos
Bypass string[]Urls - URLs that bypass Kerberos authentication.
- log
Internal booleanIp - Enable logging of internal IP addresses.
- prefer
Sni booleanOver Conn Host - Prefer SNI over CONNECT host header for policy evaluation.
- prefer
Sni string[]Over Conn Host Apps - Cloud applications that prefer SNI over CONNECT host header.
- sipa
Xff booleanHeader Enabled - Enable X-Forwarded-For header for SIPA traffic.
- sni
Dns string[]Optimization Bypass Url Categories - URL categories that bypass SNI/DNS optimization.
- track
Http booleanTunnel On Http Ports - Track HTTP tunnels on HTTP ports.
- ui
Session numberTimeout - UI session timeout in minutes.
- zscaler
Client booleanConnector1And Pac Road Warrior In Firewall - Include Zscaler Client Connector and PAC road warrior traffic in firewall policy.
- auth_
bypass_ Sequence[str]apps - Cloud applications that bypass authentication.
- auth_
bypass_ Sequence[str]url_ categories - URL categories that bypass authentication.
- auth_
bypass_ Sequence[str]urls - URLs that bypass authentication.
- basic_
bypass_ Sequence[str]apps - Cloud applications that bypass basic authentication.
- basic_
bypass_ Sequence[str]url_ categories - URL categories that bypass basic authentication.
- block_
connect_ boolhost_ sni_ mismatch - Block connections where CONNECT host and SNI mismatch.
- block_
domain_ Sequence[str]fronting_ apps - Cloud applications for which domain fronting is blocked.
- block_
domain_ boolfronting_ on_ host_ header - Block domain fronting when the host header mismatches the SNI.
- block_
http_ booltunnel_ on_ non_ http_ ports - Block HTTP tunnels on non-HTTP ports.
- block_
non_ boolcompliant_ http_ request_ on_ http_ ports - Block non-compliant HTTP requests on HTTP ports.
- block_
non_ boolhttp_ on_ http_ port_ enabled - Block non-HTTP traffic on HTTP ports.
- cascade_
url_ boolfiltering - Enable cascading URL filtering.
- digest_
auth_ Sequence[str]bypass_ apps - Cloud applications that bypass digest authentication.
- digest_
auth_ Sequence[str]bypass_ url_ categories - URL categories that bypass digest authentication.
- digest_
auth_ Sequence[str]bypass_ urls - URLs that bypass digest authentication.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ apps - Cloud applications with DNS resolution on transparent proxy enabled.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ exempt_ apps - Cloud applications exempt from DNS resolution on transparent proxy.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ exempt_ url_ categories - URL categories exempt from DNS resolution on transparent proxy.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ exempt_ urls - URLs exempt from DNS resolution on transparent proxy.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ ipv6_ apps - Cloud applications with IPv6 DNS resolution on transparent proxy enabled.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ ipv6_ exempt_ apps - Cloud applications exempt from IPv6 DNS resolution on transparent proxy.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ ipv6_ exempt_ url_ categories - URL categories exempt from IPv6 DNS resolution on transparent proxy.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ ipv6_ url_ categories - URL categories with IPv6 DNS resolution on transparent proxy enabled.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ url_ categories - URL categories with DNS resolution on transparent proxy enabled.
- dns_
resolution_ Sequence[str]on_ transparent_ proxy_ urls - URLs with DNS resolution on transparent proxy enabled.
- domain_
fronting_ Sequence[str]bypass_ url_ categories - URL categories that bypass domain fronting detection.
- dynamic_
user_ boolrisk_ enabled - Enable dynamic user risk scoring.
- ecs_
for_ boolall_ enabled - Enable EDNS Client Subnet (ECS) for all DNS queries.
- enable_
admin_ boolrank_ access - Enable admin rank-based access control.
- enable_
dns_ boolresolution_ on_ transparent_ proxy - Enable DNS resolution on transparent proxy.
- enable_
evaluate_ boolpolicy_ on_ global_ ssl_ bypass - Enable policy evaluation on global SSL bypass.
- enable_
ipv6_ booldns_ optimization_ on_ all_ transparent_ proxy - Enable IPv6 DNS optimization on all transparent proxy connections.
- enable_
ipv6_ booldns_ resolution_ on_ transparent_ proxy - Enable IPv6 DNS resolution on transparent proxy.
- enable_
office365 bool - Enable Office 365 one-click configuration.
- enable_
policy_ boolfor_ unauthenticated_ traffic - Enable policy evaluation for unauthenticated traffic.
- enforce_
surrogate_ boolip_ for_ windows_ app - Enforce surrogate IP for Windows applications.
- http2_
nonbrowser_ booltraffic_ enabled - Enable HTTP/2 for non-browser traffic.
- http_
range_ Sequence[str]header_ remove_ url_ categories - URL categories for which HTTP range headers are removed.
- kerberos_
bypass_ Sequence[str]apps - Cloud applications that bypass Kerberos authentication.
- kerberos_
bypass_ Sequence[str]url_ categories - URL categories that bypass Kerberos authentication.
- kerberos_
bypass_ Sequence[str]urls - URLs that bypass Kerberos authentication.
- log_
internal_ boolip - Enable logging of internal IP addresses.
- prefer_
sni_ boolover_ conn_ host - Prefer SNI over CONNECT host header for policy evaluation.
- prefer_
sni_ Sequence[str]over_ conn_ host_ apps - Cloud applications that prefer SNI over CONNECT host header.
- sipa_
xff_ boolheader_ enabled - Enable X-Forwarded-For header for SIPA traffic.
- sni_
dns_ Sequence[str]optimization_ bypass_ url_ categories - URL categories that bypass SNI/DNS optimization.
- track_
http_ booltunnel_ on_ http_ ports - Track HTTP tunnels on HTTP ports.
- ui_
session_ inttimeout - UI session timeout in minutes.
- zscaler_
client_ boolconnector1_ and_ pac_ road_ warrior_ in_ firewall - Include Zscaler Client Connector and PAC road warrior traffic in firewall policy.
- auth
Bypass List<String>Apps - Cloud applications that bypass authentication.
- auth
Bypass List<String>Url Categories - URL categories that bypass authentication.
- auth
Bypass List<String>Urls - URLs that bypass authentication.
- basic
Bypass List<String>Apps - Cloud applications that bypass basic authentication.
- basic
Bypass List<String>Url Categories - URL categories that bypass basic authentication.
- block
Connect BooleanHost Sni Mismatch - Block connections where CONNECT host and SNI mismatch.
- block
Domain List<String>Fronting Apps - Cloud applications for which domain fronting is blocked.
- block
Domain BooleanFronting On Host Header - Block domain fronting when the host header mismatches the SNI.
- block
Http BooleanTunnel On Non Http Ports - Block HTTP tunnels on non-HTTP ports.
- block
Non BooleanCompliant Http Request On Http Ports - Block non-compliant HTTP requests on HTTP ports.
- block
Non BooleanHttp On Http Port Enabled - Block non-HTTP traffic on HTTP ports.
- cascade
Url BooleanFiltering - Enable cascading URL filtering.
- digest
Auth List<String>Bypass Apps - Cloud applications that bypass digest authentication.
- digest
Auth List<String>Bypass Url Categories - URL categories that bypass digest authentication.
- digest
Auth List<String>Bypass Urls - URLs that bypass digest authentication.
- dns
Resolution List<String>On Transparent Proxy Apps - Cloud applications with DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Exempt Apps - Cloud applications exempt from DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Exempt Url Categories - URL categories exempt from DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Exempt Urls - URLs exempt from DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Ipv6Apps - Cloud applications with IPv6 DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Ipv6Exempt Apps - Cloud applications exempt from IPv6 DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Ipv6Exempt Url Categories - URL categories exempt from IPv6 DNS resolution on transparent proxy.
- dns
Resolution List<String>On Transparent Proxy Ipv6Url Categories - URL categories with IPv6 DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Url Categories - URL categories with DNS resolution on transparent proxy enabled.
- dns
Resolution List<String>On Transparent Proxy Urls - URLs with DNS resolution on transparent proxy enabled.
- domain
Fronting List<String>Bypass Url Categories - URL categories that bypass domain fronting detection.
- dynamic
User BooleanRisk Enabled - Enable dynamic user risk scoring.
- ecs
For BooleanAll Enabled - Enable EDNS Client Subnet (ECS) for all DNS queries.
- enable
Admin BooleanRank Access - Enable admin rank-based access control.
- enable
Dns BooleanResolution On Transparent Proxy - Enable DNS resolution on transparent proxy.
- enable
Evaluate BooleanPolicy On Global Ssl Bypass - Enable policy evaluation on global SSL bypass.
- enable
Ipv6Dns BooleanOptimization On All Transparent Proxy - Enable IPv6 DNS optimization on all transparent proxy connections.
- enable
Ipv6Dns BooleanResolution On Transparent Proxy - Enable IPv6 DNS resolution on transparent proxy.
- enable
Office365 Boolean - Enable Office 365 one-click configuration.
- enable
Policy BooleanFor Unauthenticated Traffic - Enable policy evaluation for unauthenticated traffic.
- enforce
Surrogate BooleanIp For Windows App - Enforce surrogate IP for Windows applications.
- http2Nonbrowser
Traffic BooleanEnabled - Enable HTTP/2 for non-browser traffic.
- http
Range List<String>Header Remove Url Categories - URL categories for which HTTP range headers are removed.
- kerberos
Bypass List<String>Apps - Cloud applications that bypass Kerberos authentication.
- kerberos
Bypass List<String>Url Categories - URL categories that bypass Kerberos authentication.
- kerberos
Bypass List<String>Urls - URLs that bypass Kerberos authentication.
- log
Internal BooleanIp - Enable logging of internal IP addresses.
- prefer
Sni BooleanOver Conn Host - Prefer SNI over CONNECT host header for policy evaluation.
- prefer
Sni List<String>Over Conn Host Apps - Cloud applications that prefer SNI over CONNECT host header.
- sipa
Xff BooleanHeader Enabled - Enable X-Forwarded-For header for SIPA traffic.
- sni
Dns List<String>Optimization Bypass Url Categories - URL categories that bypass SNI/DNS optimization.
- track
Http BooleanTunnel On Http Ports - Track HTTP tunnels on HTTP ports.
- ui
Session NumberTimeout - UI session timeout in minutes.
- zscaler
Client BooleanConnector1And Pac Road Warrior In Firewall - Include Zscaler Client Connector and PAC road warrior traffic in firewall policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the AdvancedSettings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Id string - The internal resource identifier for the advanced settings.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Id string - The internal resource identifier for the advanced settings.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Id String - The internal resource identifier for the advanced settings.
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Id string - The internal resource identifier for the advanced settings.
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
id str - The internal resource identifier for the advanced settings.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Id String - The internal resource identifier for the advanced settings.
Import
This is a singleton resource and does not support traditional import. It is automatically managed by the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
