Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_dlp_web_rules resource manages DLP (Data Loss Prevention) web rules in the Zscaler Internet Access (ZIA) cloud service. DLP web rules define how sensitive data is handled in web traffic, allowing organizations to control and monitor the transfer of confidential information.
For more information, see the ZIA Data Loss Prevention documentation.
Example Usage
Basic DLP Web Rule
Example coming soon!
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
zia "github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zia.NewDlpWebRule(ctx, "example", &zia.DlpWebRuleArgs{
Name: pulumi.String("Example DLP Web Rule"),
Description: pulumi.StringRef("Block sensitive data uploads"),
Order: pulumi.Int(1),
State: pulumi.StringRef("ENABLED"),
Action: pulumi.StringRef("BLOCK"),
Protocols: pulumi.ToStringArray([]string{"FTP_RULE", "HTTPS_RULE", "HTTP_RULE"}),
FileTypes: pulumi.ToStringArray([]string{"ALL_OUTBOUND"}),
ZccNotificationsEnabled: pulumi.BoolRef(true),
})
return err
})
}
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.DlpWebRule("example", {
name: "Example DLP Web Rule",
description: "Block sensitive data uploads",
order: 1,
state: "ENABLED",
action: "BLOCK",
protocols: ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"],
fileTypes: ["ALL_OUTBOUND"],
zccNotificationsEnabled: true,
});
import zscaler_pulumi_zia as zia
example = zia.DlpWebRule("example",
name="Example DLP Web Rule",
description="Block sensitive data uploads",
order=1,
state="ENABLED",
action="BLOCK",
protocols=["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"],
file_types=["ALL_OUTBOUND"],
zcc_notifications_enabled=True,
)
resources:
example:
type: zia:DlpWebRule
properties:
name: Example DLP Web Rule
description: Block sensitive data uploads
order: 1
state: ENABLED
action: BLOCK
protocols:
- FTP_RULE
- HTTPS_RULE
- HTTP_RULE
fileTypes:
- ALL_OUTBOUND
zccNotificationsEnabled: true
Create DlpWebRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DlpWebRule(name: string, args: DlpWebRuleArgs, opts?: CustomResourceOptions);@overload
def DlpWebRule(resource_name: str,
args: DlpWebRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DlpWebRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
order: Optional[int] = None,
min_size: Optional[int] = None,
departments: Optional[Sequence[int]] = None,
dlp_download_scan_enabled: Optional[bool] = None,
external_auditor_email: Optional[str] = None,
file_types: Optional[Sequence[str]] = None,
groups: Optional[Sequence[int]] = None,
labels: Optional[Sequence[int]] = None,
location_groups: Optional[Sequence[int]] = None,
locations: Optional[Sequence[int]] = None,
ocr_enabled: Optional[bool] = None,
description: Optional[str] = None,
action: Optional[str] = None,
match_only: Optional[bool] = None,
cloud_applications: Optional[Sequence[str]] = None,
protocols: Optional[Sequence[str]] = None,
rank: Optional[int] = None,
source_ip_groups: Optional[Sequence[int]] = None,
state: Optional[str] = None,
time_windows: Optional[Sequence[int]] = None,
users: Optional[Sequence[int]] = None,
without_content_inspection: Optional[bool] = None,
zcc_notifications_enabled: Optional[bool] = None)func NewDlpWebRule(ctx *Context, name string, args DlpWebRuleArgs, opts ...ResourceOption) (*DlpWebRule, error)public DlpWebRule(string name, DlpWebRuleArgs args, CustomResourceOptions? opts = null)
public DlpWebRule(String name, DlpWebRuleArgs args)
public DlpWebRule(String name, DlpWebRuleArgs args, CustomResourceOptions options)
type: zia:DlpWebRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DlpWebRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DlpWebRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DlpWebRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DlpWebRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DlpWebRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dlpWebRuleResource = new Zia.DlpWebRule("dlpWebRuleResource", new()
{
Name = "string",
Order = 0,
MinSize = 0,
Departments = new[]
{
0,
},
DlpDownloadScanEnabled = false,
ExternalAuditorEmail = "string",
FileTypes = new[]
{
"string",
},
Groups = new[]
{
0,
},
Labels = new[]
{
0,
},
LocationGroups = new[]
{
0,
},
Locations = new[]
{
0,
},
OcrEnabled = false,
Description = "string",
Action = "string",
MatchOnly = false,
CloudApplications = new[]
{
"string",
},
Protocols = new[]
{
"string",
},
Rank = 0,
SourceIpGroups = new[]
{
0,
},
State = "string",
TimeWindows = new[]
{
0,
},
Users = new[]
{
0,
},
WithoutContentInspection = false,
ZccNotificationsEnabled = false,
});
example, err := zia.NewDlpWebRule(ctx, "dlpWebRuleResource", &zia.DlpWebRuleArgs{
Name: pulumi.String("string"),
Order: pulumi.Int(0),
MinSize: pulumi.Int(0),
Departments: pulumi.IntArray{
pulumi.Int(0),
},
DlpDownloadScanEnabled: pulumi.Bool(false),
ExternalAuditorEmail: pulumi.String("string"),
FileTypes: pulumi.StringArray{
pulumi.String("string"),
},
Groups: pulumi.IntArray{
pulumi.Int(0),
},
Labels: pulumi.IntArray{
pulumi.Int(0),
},
LocationGroups: pulumi.IntArray{
pulumi.Int(0),
},
Locations: pulumi.IntArray{
pulumi.Int(0),
},
OcrEnabled: pulumi.Bool(false),
Description: pulumi.String("string"),
Action: pulumi.String("string"),
MatchOnly: pulumi.Bool(false),
CloudApplications: pulumi.StringArray{
pulumi.String("string"),
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Rank: pulumi.Int(0),
SourceIpGroups: pulumi.IntArray{
pulumi.Int(0),
},
State: pulumi.String("string"),
TimeWindows: pulumi.IntArray{
pulumi.Int(0),
},
Users: pulumi.IntArray{
pulumi.Int(0),
},
WithoutContentInspection: pulumi.Bool(false),
ZccNotificationsEnabled: pulumi.Bool(false),
})
var dlpWebRuleResource = new DlpWebRule("dlpWebRuleResource", DlpWebRuleArgs.builder()
.name("string")
.order(0)
.minSize(0)
.departments(0)
.dlpDownloadScanEnabled(false)
.externalAuditorEmail("string")
.fileTypes("string")
.groups(0)
.labels(0)
.locationGroups(0)
.locations(0)
.ocrEnabled(false)
.description("string")
.action("string")
.matchOnly(false)
.cloudApplications("string")
.protocols("string")
.rank(0)
.sourceIpGroups(0)
.state("string")
.timeWindows(0)
.users(0)
.withoutContentInspection(false)
.zccNotificationsEnabled(false)
.build());
dlp_web_rule_resource = zia.DlpWebRule("dlpWebRuleResource",
name="string",
order=0,
min_size=0,
departments=[0],
dlp_download_scan_enabled=False,
external_auditor_email="string",
file_types=["string"],
groups=[0],
labels=[0],
location_groups=[0],
locations=[0],
ocr_enabled=False,
description="string",
action="string",
match_only=False,
cloud_applications=["string"],
protocols=["string"],
rank=0,
source_ip_groups=[0],
state="string",
time_windows=[0],
users=[0],
without_content_inspection=False,
zcc_notifications_enabled=False)
const dlpWebRuleResource = new zia.DlpWebRule("dlpWebRuleResource", {
name: "string",
order: 0,
minSize: 0,
departments: [0],
dlpDownloadScanEnabled: false,
externalAuditorEmail: "string",
fileTypes: ["string"],
groups: [0],
labels: [0],
locationGroups: [0],
locations: [0],
ocrEnabled: false,
description: "string",
action: "string",
matchOnly: false,
cloudApplications: ["string"],
protocols: ["string"],
rank: 0,
sourceIpGroups: [0],
state: "string",
timeWindows: [0],
users: [0],
withoutContentInspection: false,
zccNotificationsEnabled: false,
});
type: zia:DlpWebRule
properties:
action: string
cloudApplications:
- string
departments:
- 0
description: string
dlpDownloadScanEnabled: false
externalAuditorEmail: string
fileTypes:
- string
groups:
- 0
labels:
- 0
locationGroups:
- 0
locations:
- 0
matchOnly: false
minSize: 0
name: string
ocrEnabled: false
order: 0
protocols:
- string
rank: 0
sourceIpGroups:
- 0
state: string
timeWindows:
- 0
users:
- 0
withoutContentInspection: false
zccNotificationsEnabled: false
DlpWebRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DlpWebRule resource accepts the following input properties:
- Name string
- The name of the DLP web rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other DLP web rules.
- Action string
- Action taken when the rule is matched. Valid values:
ALLOW,BLOCK,ICAP_RESPONSE. - Cloud
Applications List<string> - List of cloud application names for which the rule is applied.
- Departments List<int>
- IDs of departments for which the rule must be applied.
- Description string
- Additional information about the DLP web rule.
- Dlp
Download boolScan Enabled - If true, DLP scanning is enabled for file downloads.
- External
Auditor stringEmail - The email address of an external auditor to whom DLP email notifications are sent.
- File
Types List<string> - List of file types to which the DLP policy rule must be applied.
- Groups List<int>
- IDs of groups for which the rule must be applied.
- Labels List<int>
- IDs of labels associated with the DLP web rule.
- Location
Groups List<int> - IDs of location groups for which the rule must be applied.
- Locations List<int>
- IDs of locations for which the rule must be applied.
- Match
Only bool - If true, the rule matches but does not enforce the action.
- Min
Size int - Minimum file size (in KB) used for evaluating the DLP policy rule.
- Ocr
Enabled bool - If true, Optical Character Recognition (OCR) is enabled for the DLP rule.
- Protocols List<string>
- Protocols to which the rule applies. Valid values:
FTP_RULE,HTTPS_RULE,HTTP_RULE. - Rank int
- Admin rank of the DLP web rule. Valid values: 0-7. Default: 7.
- Source
Ip List<int>Groups - IDs of source IP address groups for which the rule must be applied.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Time
Windows List<int> - IDs of time intervals during which the rule must be enforced.
- Users List<int>
- IDs of users for which the rule must be applied.
- Without
Content boolInspection - If true, the DLP rule is applied without inspecting content.
- Zcc
Notifications boolEnabled - If true, Zscaler Client Connector notifications are enabled for this rule.
- Name string
- The name of the DLP web rule. Must be unique.
- Order int
- The order of execution of the rule with respect to other DLP web rules.
- Action string
- Action taken when the rule is matched. Valid values:
ALLOW,BLOCK,ICAP_RESPONSE. - Cloud
Applications []string - List of cloud application names for which the rule is applied.
- Departments []int
- IDs of departments for which the rule must be applied.
- Description string
- Additional information about the DLP web rule.
- Dlp
Download boolScan Enabled - If true, DLP scanning is enabled for file downloads.
- External
Auditor stringEmail - The email address of an external auditor to whom DLP email notifications are sent.
- File
Types []string - List of file types to which the DLP policy rule must be applied.
- Groups []int
- IDs of groups for which the rule must be applied.
- Labels []int
- IDs of labels associated with the DLP web rule.
- Location
Groups []int - IDs of location groups for which the rule must be applied.
- Locations []int
- IDs of locations for which the rule must be applied.
- Match
Only bool - If true, the rule matches but does not enforce the action.
- Min
Size int - Minimum file size (in KB) used for evaluating the DLP policy rule.
- Ocr
Enabled bool - If true, Optical Character Recognition (OCR) is enabled for the DLP rule.
- Protocols []string
- Protocols to which the rule applies. Valid values:
FTP_RULE,HTTPS_RULE,HTTP_RULE. - Rank int
- Admin rank of the DLP web rule. Valid values: 0-7. Default: 7.
- Source
Ip []intGroups - IDs of source IP address groups for which the rule must be applied.
- State string
- Rule state. Valid values:
ENABLED,DISABLED. - Time
Windows []int - IDs of time intervals during which the rule must be enforced.
- Users []int
- IDs of users for which the rule must be applied.
- Without
Content boolInspection - If true, the DLP rule is applied without inspecting content.
- Zcc
Notifications boolEnabled - If true, Zscaler Client Connector notifications are enabled for this rule.
- name String
- The name of the DLP web rule. Must be unique.
- order Integer
- The order of execution of the rule with respect to other DLP web rules.
- action String
- Action taken when the rule is matched. Valid values:
ALLOW,BLOCK,ICAP_RESPONSE. - cloud
Applications List<String> - List of cloud application names for which the rule is applied.
- departments List<Integer>
- IDs of departments for which the rule must be applied.
- description String
- Additional information about the DLP web rule.
- dlp
Download BooleanScan Enabled - If true, DLP scanning is enabled for file downloads.
- external
Auditor StringEmail - The email address of an external auditor to whom DLP email notifications are sent.
- file
Types List<String> - List of file types to which the DLP policy rule must be applied.
- groups List<Integer>
- IDs of groups for which the rule must be applied.
- labels List<Integer>
- IDs of labels associated with the DLP web rule.
- location
Groups List<Integer> - IDs of location groups for which the rule must be applied.
- locations List<Integer>
- IDs of locations for which the rule must be applied.
- match
Only Boolean - If true, the rule matches but does not enforce the action.
- min
Size Integer - Minimum file size (in KB) used for evaluating the DLP policy rule.
- ocr
Enabled Boolean - If true, Optical Character Recognition (OCR) is enabled for the DLP rule.
- protocols List<String>
- Protocols to which the rule applies. Valid values:
FTP_RULE,HTTPS_RULE,HTTP_RULE. - rank Integer
- Admin rank of the DLP web rule. Valid values: 0-7. Default: 7.
- source
Ip List<Integer>Groups - IDs of source IP address groups for which the rule must be applied.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - time
Windows List<Integer> - IDs of time intervals during which the rule must be enforced.
- users List<Integer>
- IDs of users for which the rule must be applied.
- without
Content BooleanInspection - If true, the DLP rule is applied without inspecting content.
- zcc
Notifications BooleanEnabled - If true, Zscaler Client Connector notifications are enabled for this rule.
- name string
- The name of the DLP web rule. Must be unique.
- order number
- The order of execution of the rule with respect to other DLP web rules.
- action string
- Action taken when the rule is matched. Valid values:
ALLOW,BLOCK,ICAP_RESPONSE. - cloud
Applications string[] - List of cloud application names for which the rule is applied.
- departments number[]
- IDs of departments for which the rule must be applied.
- description string
- Additional information about the DLP web rule.
- dlp
Download booleanScan Enabled - If true, DLP scanning is enabled for file downloads.
- external
Auditor stringEmail - The email address of an external auditor to whom DLP email notifications are sent.
- file
Types string[] - List of file types to which the DLP policy rule must be applied.
- groups number[]
- IDs of groups for which the rule must be applied.
- labels number[]
- IDs of labels associated with the DLP web rule.
- location
Groups number[] - IDs of location groups for which the rule must be applied.
- locations number[]
- IDs of locations for which the rule must be applied.
- match
Only boolean - If true, the rule matches but does not enforce the action.
- min
Size number - Minimum file size (in KB) used for evaluating the DLP policy rule.
- ocr
Enabled boolean - If true, Optical Character Recognition (OCR) is enabled for the DLP rule.
- protocols string[]
- Protocols to which the rule applies. Valid values:
FTP_RULE,HTTPS_RULE,HTTP_RULE. - rank number
- Admin rank of the DLP web rule. Valid values: 0-7. Default: 7.
- source
Ip number[]Groups - IDs of source IP address groups for which the rule must be applied.
- state string
- Rule state. Valid values:
ENABLED,DISABLED. - time
Windows number[] - IDs of time intervals during which the rule must be enforced.
- users number[]
- IDs of users for which the rule must be applied.
- without
Content booleanInspection - If true, the DLP rule is applied without inspecting content.
- zcc
Notifications booleanEnabled - If true, Zscaler Client Connector notifications are enabled for this rule.
- name str
- The name of the DLP web rule. Must be unique.
- order int
- The order of execution of the rule with respect to other DLP web rules.
- action str
- Action taken when the rule is matched. Valid values:
ALLOW,BLOCK,ICAP_RESPONSE. - cloud_
applications Sequence[str] - List of cloud application names for which the rule is applied.
- departments Sequence[int]
- IDs of departments for which the rule must be applied.
- description str
- Additional information about the DLP web rule.
- dlp_
download_ boolscan_ enabled - If true, DLP scanning is enabled for file downloads.
- external_
auditor_ stremail - The email address of an external auditor to whom DLP email notifications are sent.
- file_
types Sequence[str] - List of file types to which the DLP policy rule must be applied.
- groups Sequence[int]
- IDs of groups for which the rule must be applied.
- labels Sequence[int]
- IDs of labels associated with the DLP web rule.
- location_
groups Sequence[int] - IDs of location groups for which the rule must be applied.
- locations Sequence[int]
- IDs of locations for which the rule must be applied.
- match_
only bool - If true, the rule matches but does not enforce the action.
- min_
size int - Minimum file size (in KB) used for evaluating the DLP policy rule.
- ocr_
enabled bool - If true, Optical Character Recognition (OCR) is enabled for the DLP rule.
- protocols Sequence[str]
- Protocols to which the rule applies. Valid values:
FTP_RULE,HTTPS_RULE,HTTP_RULE. - rank int
- Admin rank of the DLP web rule. Valid values: 0-7. Default: 7.
- source_
ip_ Sequence[int]groups - IDs of source IP address groups for which the rule must be applied.
- state str
- Rule state. Valid values:
ENABLED,DISABLED. - time_
windows Sequence[int] - IDs of time intervals during which the rule must be enforced.
- users Sequence[int]
- IDs of users for which the rule must be applied.
- without_
content_ boolinspection - If true, the DLP rule is applied without inspecting content.
- zcc_
notifications_ boolenabled - If true, Zscaler Client Connector notifications are enabled for this rule.
- name String
- The name of the DLP web rule. Must be unique.
- order Number
- The order of execution of the rule with respect to other DLP web rules.
- action String
- Action taken when the rule is matched. Valid values:
ALLOW,BLOCK,ICAP_RESPONSE. - cloud
Applications List<String> - List of cloud application names for which the rule is applied.
- departments List<Number>
- IDs of departments for which the rule must be applied.
- description String
- Additional information about the DLP web rule.
- dlp
Download BooleanScan Enabled - If true, DLP scanning is enabled for file downloads.
- external
Auditor StringEmail - The email address of an external auditor to whom DLP email notifications are sent.
- file
Types List<String> - List of file types to which the DLP policy rule must be applied.
- groups List<Number>
- IDs of groups for which the rule must be applied.
- labels List<Number>
- IDs of labels associated with the DLP web rule.
- location
Groups List<Number> - IDs of location groups for which the rule must be applied.
- locations List<Number>
- IDs of locations for which the rule must be applied.
- match
Only Boolean - If true, the rule matches but does not enforce the action.
- min
Size Number - Minimum file size (in KB) used for evaluating the DLP policy rule.
- ocr
Enabled Boolean - If true, Optical Character Recognition (OCR) is enabled for the DLP rule.
- protocols List<String>
- Protocols to which the rule applies. Valid values:
FTP_RULE,HTTPS_RULE,HTTP_RULE. - rank Number
- Admin rank of the DLP web rule. Valid values: 0-7. Default: 7.
- source
Ip List<Number>Groups - IDs of source IP address groups for which the rule must be applied.
- state String
- Rule state. Valid values:
ENABLED,DISABLED. - time
Windows List<Number> - IDs of time intervals during which the rule must be enforced.
- users List<Number>
- IDs of users for which the rule must be applied.
- without
Content BooleanInspection - If true, the DLP rule is applied without inspecting content.
- zcc
Notifications BooleanEnabled - If true, Zscaler Client Connector notifications are enabled for this rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the DlpWebRule resource produces the following output properties:
Import
An existing DLP Web Rule can be imported using its resource ID, e.g.
$ pulumi import zia:index:DlpWebRule example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
